Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Windows Defender.

    The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

    Category: Trojan

    Description: This program is dangerous and executes commands from an attacker.

    Recommended action: Remove this software immediately.

    Items:
    file:C:\Program Files\Malwarebytes Anti-Exploit\is-9GM3Q.tmp
     
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    That's an FP from Windows Defender. I'll contact MSFT to get this resolved. Thanks for reporting!

    EDIT: Question: did this happen during the installation of MBAE or when you executed mbae-test.exe and hit the "Exploit" button?
     
  3. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Re: Malwarebytes Anti-Exploit 0.09.4.1000


    It happened during installation.
     
  4. hunkiller

    hunkiller Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    4
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Similar alert here by MSE during installation.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @hunkiller and @harshisthere, Microsoft's FP reporting is a bit different from the rest of the industry as it relies heavily on real user feedback. Everyone who is having this problem (or even if you don't) please go to http://www.microsoft.com/security/portal/submission/submit.aspx and submit the file there. Make sure you choose the option "I believe this file should not be detected as malware".

    Thanks!
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Avast has fixed the FP. This should not be detected anymore.
     
  7. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    hi
    i use SpyShelter Firewall now i installed Malwarebytes Anti-Exploit
    every time i launch Firefox get below error see attachment

    Image.png

    thanks
     
    Last edited: Oct 16, 2013
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  9. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Last edited: Oct 16, 2013
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks for that @co22.

    Does the problem persist if you disable or uninstall SpyShelter?
     
  11. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    No,i disabled now SpyShelter and start Anti-Exploit then start Firefox without error
     
    Last edited: Oct 16, 2013
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    OK thanks for reporting. We will try to replicate internally and fix asap.

    EDIT: what's your OS and architecture?
     
  13. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    XP SP3 X86(32BIT)

    also how i can add custom software to the list of shields program in Malwarebytes Anti-Exploit?
    if it not possible can you add KMPlayer to default list?
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    And version of SpyShelter?
     
  15. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    SpyShelter Firewall 2.6
     
  16. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    152
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    My preliminary testing has been positive... no conflicts/crashes encountered. We'll see what happens over time.

    Just one minor issue: the mbae-default.log has no line-separators (CR/LF) between entries, so it's one long "jumble".
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Hmmm that's an old bug that seems to have re-surfaced. Thanks for reporting!!
     
  18. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @hunkiller and @harshisthere, Microsoft confirmed to me they have fixed the FP and it will be deployed shortly in an update in the next few hours. Can anyone please re-install MBAE next to an updated MSE and/or Windows Defender and confirm?
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    OK, thanks. Tests fine.
     
  20. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Tried it last night. Ran fine but apparently will not work with Firefox when it is supervised by Sandboxie on my XP Pro SP3 system.

    Worked fine with Firefox when run outside of Sandboxie.

    Uninstalled for now in hopes that a later version may resolve this issue (if possible).
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  22. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    152
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Checking your list of live issues/conflicts, I see no mention of EMET there. Was that an oversight? --- Or does it mean you've fixed the EMET-related problems? Is your EMET testing limited to only the latest version 4? Or are you also working with version 3.0 [which is still supported by Microsoft]?

    Just to let you know, I no longer use Lotus iNotes for an e-mail client. So if you were working on that problem just for me, it's okay to drop it. But if other users have complained, then it's worth pursuing.
     
  23. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Will the issue with Sandboxie be addressed at some point or is it not feasible for the two apps to coexist?

    Thanks in advance.
     
  24. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    No problems with this release. Full compatibility with EMET 4.0 and CIS.

    One suggestion: the icon should show when protection is off.

    To my taste the blue icon from the previous version was better.
     
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    We don't have any recorded problems with EMET. It was shortly in the list of known issues but we took it out as the report could not be verified nor replicated. So there seems to be absolutely no conflicts or issues running MBAE and EMET together as of now.

    They used to coexist with the previous version by adding some Sandboxie configuration offered by Dr_Larry_Pepper to allow MBAE's IPC channel through Sandboxie. But as of the latest version of Sandboxie that doesn't seem to work anymore. To be honest we haven't looked at the problem as our number 1 priority right now is getting MBAE to 1.0.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.