Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Last edited: Jun 22, 2014
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's correct, we don't detail our mitigation techniques or logic. Some are similar to EMET, some are different, some are unique to MBAE.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    OK fair enough. The important thing is that it´s really capable of blocking exploits. :)

    I just wondered about this, because a certain competitor claims to offer a more complete solution.
     
  4. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    @ZeroVulnLabs

    Problem #1 - Minecraft and Malwarebytes Anti-Exploit do not run well with one another, Minecraft loads pretty slow when Malwarebytes Anti-Exploit is running in the background. Disable MBAE and Minecraft loads pretty quick.

    Problem #2 - After uninstalling Malwarebytes Anti-Exploit, it's program entry still remains listed on startup (Experienced this while running on Windows 8.1 Pro, not sure about other versions).
     
    Last edited: Jun 23, 2014
  5. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,308
    Location:
    Hollow Earth - Telos
    I wonder why Google has not paid to have MBAE built into Chrome the way they have built in other stuff like Flash Player in order to make it more secure.
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Chrome is extremely secure out of the box. Sure there have been zero-days for it, but it's still light years ahead of IE, Java, Flash, etc.
     
  7. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    The reason I am not installing MBAE is because chrome developers suggest that Anti exploit techniques may work only when the attacker has no knowledge about it but sometimes it can screw up with the default protection of the browser.
    If Google tells or accepts that MBAE is fully compatible and helpful for chrome then I think your sales will skyrocket.
     
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    99,99% of all Chrome users are not aware of any of its security features. I think none of them are hesitating to buy MBAE unless the Chromium developers recommend it. Even if they did say anything in regards to that matter, these people wouldn't notice or understand. Aside from that, MBAE already shields Chrome in its free version, so nobody is going to buy premium just for Chrome and just because Google recommends it.
     
  9. In regard to Chrome: have you ever tried Chrome with Software Restriction Rules excluding the Admin. I was surprised to be able to run these files from Chrome's download message. Therefor adding 1806 trick to block download in Internet Zone with Chrome.

    I want to be able to right click and install anything as admin (I know not the best solution, but my Safe_Admin setup has proven itself last four years).
     
  10. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    I set UAC to high and edited some policy in gpedit.msc which will always ask me for password to run a software without admin rights. It is irritating sometimes but it is for the best. Also a lot of developers say me that forget the benchmarks, developers know what is best for them and he know 25 good developers who use Chrome as their default browser.
     
  11. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    I don't know if this question was answered before.
    Does MBAE free protect PDF's opened through Adobe reader plugin in Firefox ?
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, any browser plugins are also shielded in MBAE Free, including FlashPlayer*.exe which under Firefox runs as a separate process.
     
  13. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Thanks. But when I open PDF's through plugin, I don't see mbae.dll injected into adobe reader process. It does inject into plugin-container.exe, so is that enough ?
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's correct, because the PDF is not opened by acrord32.exe (Adobe Reader) but by Firefox's plugin-container.exe.
     
  15. guest

    guest Guest

    @ZeroVulnLabs

    What plans do you have for MBAE? any roadmap?
     
  16. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    Do you think Malwarebytes Anti-Exploit is necessary when using Chrome? o_O
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    There's much less of a chance of encountering a zero-day for Chrome vs IE. But there are still zero-days for plugins to worry about (Reader, Flash, Java, etc).

    Also now there's more exploits being delivered as email attachments (doc, pdf, jar,...) to worry about. So the browser is not the only exploit vector we need to worry about.
     
  18. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, but mostly just engine and hooking improvements. A lot new techniques in the roadmap. Also new things like kernel intercept. Keep an eye on the Experimental builds for the new stuff.
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,224
    Location:
    Italy
    @ ZeroVulnLabs

    I use Softmaker FreeOffice:


    1.JPG

    2.JPG 3.JPG
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,224
    Location:
    Italy
    mbae-svc-SvcProtection(447) - 2014/06/30 - 12:11:36 - #2# - MbaeLogProcessModules: Process Info: Pid: 2360 Process Name: C:\Programmi\SoftMaker FreeOffice\TextMaker.exe Address: 0x00000000 - 48 - 2804
    mbae-svc-SvcIPC(134) - 2014/06/30 - 12:11:38 - #2# - IPCFromProtector: UNINJECTED: 3 (1660)EXPLORER.EXE (2360)C:\Programmi\SoftMaker FreeOffice\TextMaker.exe is now unshield - 213 - 3528

    It does not work....
     
    Last edited: Jun 30, 2014
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    I need all the files in the logs directory please.
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the logs.

    I tested under the same conditions (WinX SP3) by adding TextMaker with profile "office" and it seems to be working correctly when I double-click on a doc and it's opened by TextMaker as the default handler for that extension.

    Does the problem happen on your end with all .doc files or only a specific format (2003/2000/95)?

    ScreenHunter_62 Jun. 30 20.13.jpg
     
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,224
    Location:
    Italy
    I created a doc file with Notepad.
    The problem sometimes occurs and sometimes not.
     
  25. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Had a problem with the application protection counter as I tried MBAE yesterday with latest stable version. Was this never fixed even during the beta? Happened on several occasions.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.