Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,113
    Location:
    Hawaii
    I have been getting MBAE updates FREE from Malwarebytes for a very long time. From the get-go I realized that I was getting beta versions. It was sort of an implied "deal" between me & Malwarebytes. Namely, I could use the app for FREE but -- in so doing -- I was voluntarily accepting the risks & responsibilities inherent in being a beta tester.

    From this standpoint, I would be surprised if debug logging were NOT enabled by default.
     
  2. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    so maybe don't let it connect , it does not need Internet I think, as updates are done manually
     
  3. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    8,091
    ... or auto =

     
  4. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    Puit the following entry in the HOSTS file : -
    127.0.0.1 data-cdn.mbamupdates.com

    The HOSTS file is in the folder 'C:\Windows\System32\drivers\etc'

    Adding that HOSTS file entry will block the MBAE version updates.
     
  5. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,888
    The other solution? Don't add the updater to your firewall allowed connection list and it should stay blocked.
     
  6. guest

    guest Guest

    Malwarebytes Anti-Exploit Beta 1.13 Build 424 (October 27, 2021)
    Release Notes (Forum)
    Download: https://downloads.malwarebytes.org/file/mbae
     
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,113
    Location:
    Hawaii
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I wonder how effective it can be, I remember it stopped a truly evil instance of process hollowing, but it only happened once in my life and thus far this thing is silent
     
    Last edited: Nov 22, 2021
  9. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    477
    Location:
    USA
    While I do still run MBAE Premium (now beta) on a couple of little-used Win7 systems, I opted to go with default settings in Windows Security Exploit protection (WSEP?) for my two Win10 systems.

    Back in the day, I found no compelling discussions as to which was more efficacious, EMET or MBAE, other than the latter having a comfortable UI. As user of Pedro's product at the time, I just rolled with the Mawarebytes iteration.

    With EMET having evolved into WSEP, I'm now a beta tester for one company, not two, by dumping MBAE. :cool:

    MBAE did whack a few things over the years, but searching for and pulling some log files from ancient backups on optical media isn't worth the effort. As with most all other things considered, either MBAE and WSEP is BTN (better than nothing).

    Cheers.
     
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,113
    Location:
    Hawaii
    Uhh... "legitimately evil" = oxymoron?
     
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    @bellgamin
    rather something without the "oxy" prefix

    No I wanted to say a "truly evil" file, or "confirmed to be malicious"
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,563
    so a true positive rather than a false positive
     
  13. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,113
    Location:
    Hawaii
    A TRULY false positive, of course.
     
  14. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,563
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,348
    I just got an update. Now, have v1.13.1.430
     
  16. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    8,091
  17. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    Java Shield can self-deactivate
    Has anyone else found that Java shield in MBAE 1.13.1.424 (and now also MBAE 1.13.1.430) has self-deactivated? I have only recently realised that this was happening because the shields list has to be scrolled to enable the Java entry to be seen so many might not realise that their MBAE Java shield is also deactivated. I guess that this was going on well before MBAE 1.13.1.424 was released but I wasn't aware of it until just before Christmas when curiosity prompted me to look at the shield list. Of my six Windows 10 PCs/laptops, the MBAE Java shield is self-deactivated on two of them.

    You can manually activate Java shield but on the next startup of MBAE it can self-deactivate for no reason that I can figure out.


    Problem solved
    I have found that uninstalling MBAE 1.13.1.430 and deleting the C:\ProgramData\Mallwarebytes Anti-Exploit folder followed by installing MBAE 1.13.1.345 SEEMS to solve the problem. MBAE 1.13.1.345 immediately gets updated to MBAE 1.13.1.430 but the previously persistently deactivated Java shield survives a system restart, being found to be still activated.
     
    Last edited: Jan 15, 2022
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    8,091
  19. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    201
    Location:
    Wigan
    I could not manually permanently activate Java shield. I was considering the possibility of Java being unknowlingly installed.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,348
    Updated just now...

    MBAE_v1.13.1.443_01.JPG
     
  21. guest

    guest Guest

    Malwarebytes Anti-Exploit Beta 1.13 Build 443 (February 14, 2022)
    Release Notes (Forum)
    Download: https://downloads.malwarebytes.org/file/mbae
     
  22. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Was pointed to a different Wilders' thread and thought to drop by this thread and say hi. Happy to see this thread is still semi active.

    Just heads-up from the MBAE side, MBAE R&D is very much alive and kicking, keeping up to date against latest attacks and to continue being an enhancement to any endpoint security. David my ZVL partner (orig MBAE idea and dev) and the original MBAE team is still mostly the same here at Malwarebytes, although it has grown a bit. We're adding some interesting techniques to PentestingMode and trying to balance that with keeping driver/hooking conflicts under control. Hope you've seen the TPSC vid.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,740
    Location:
    The Netherlands
    Nice to see you again on this forum, and great to hear that MBAE is still alive and kicking! :thumb:

    I still believe that MBAE and HMPA are the most advanced tools when it comes to protecting against exploits. Of course attacks on home users aren't as likely as in the past, but it's still nice to have, because you never know when it's your unlucky day, know what I mean?
     
  24. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Yes, HMPA guys are great, and they know how to party ;)
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,740
    Location:
    The Netherlands
    Wait a minute, can you tell me a bit more about this, you are all friends now? I remember in the past you guys had a couple of discussions about whether HMPA or MBAE was better at protecting against exploits, it was so funny and entertaining. :p
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.