Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,554
    Location:
    Italy
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    http://s22.postimg.org/qqfff5qr5/Immagine.jpg

    Works that way.
    It's OK ?
     
    Last edited: Oct 20, 2013
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Yes that's ok. I believe its a problem with the EMET reporting from the traybar icon. But the exploit test is blocked by emet as the calc.exe is not launched.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can you replicate it at will? If so please send me the steps to replicate it.

    Also please send me DDS logs and the file path and version details for msvcp100d.dll and msvcr100d.dll which are in your system
     
  4. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    152
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    DDS files and requested information has been e-mailed to you.

    I don't know if I can readily replicate it... I'll give it a try.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @BoerenkoolMetWorst, you got me thinking again. I did test this with a couple of vendors but after your comment I decided to make a more thorough check. Only Kaspersky passed the test while Avast, AVG, Avira, ESET, McAfee and Norton failed it.

    http://s23.postimg.org/pz9zbgnxn/Exploit_Test_Avast.png
    http://s8.postimg.org/w4dhi6sc5/Exploit_Test_AVG.png
    http://s24.postimg.org/x9d0atlfp/Exploit_Test_Avira.png
    http://s23.postimg.org/xki241p9n/Exploit_Test_ESET.png
    http://s15.postimg.org/myn0wrz9n/Exploit_Test_Mc_Afee.png
    http://s21.postimg.org/kejpvv0ev/Exploit_Test_Norton.png

    Maybe for the future we can make more Exploit Tests like this one but using different exploit techniques to see who detects what.

    Thanks again for bringing this up!
     
  6. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @ZeroVulnLabs

    I have found also that MBAE doesn't work either when Spyshelter is installed. mbae.dll isn't loaded on chrome

     
  7. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks for the report @guest. We'll test it and add it to the list.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,257
    Location:
    Outer space
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks that works :) I made a typo btw, I meant to ask if you're going to release the test separately from the product, for example with Spyshelter and Zemana, you can download test tools from their website.
     
  9. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @ZeroVulnLabs

    I have uninstalled Spyshelter and now mbae.dll doesn't load with chrome the only way is by disabling WSA. It's so weird because it was working before, anyway I will wait to the next WSA web shield update to see what happens.
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I happened to chance upon this when I went looking for details on where ESET online scanner had been installed, when I noticed this about MBAE.

    Just wondering why MBAE-loader.exe has suddenly appeared in Scheduled Tasks.

    ScreenShot_MBAE_WP_Recent_01.gif

    ScreenShot_MBAE_WP_Recent_02.gif
     
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Currently we have no plans for it. Even though we have a couple such tools for internal QA testing releasing them would be providing unnecessary details to competitors about what type of protection techniques to add to their products.
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    It has always been there after installation of MBAE. It is how MBAE starts at boot.
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Not sure if this has been discussed in previous posts, but if it hasn't...then here it is.

    Not sure if this has to do with running Anti-Exploit on Windows 8.1 or not, but if it does, then this is the error I received right after installing Anti-Exploit.

    Is this a Windows 8.1 incompatibility?

    MBAE8.1.png
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,581
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    OK...thanks.
     
  16. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
  17. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    374
    Location:
    router
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @ZeroVulnLabs
    as i told you about problem between SpyShelter Firewall and Malwarebytes Anti-Exploit for launching Firefox
    if i uncheck action type 33(setting hook to monitor network request)
    in spyshelter,i can launch firefox without problem when both tool is running
    but it insecure
     
  18. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Actually I think there is an overlap between SS and MBAE, SS blocks MBAE dll from loading on the browser
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I know there are many here with MBAE and HMP.Alert installed together and you still get blocked event every time that HMP.Alert tries to upgrade. Can any of you please replicate the issue while having SysInternals ProcMon running and save and send me a capture of the blocking event?
     
  20. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    PM sent.
     
  21. guest

    guest Guest

  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Sounds very good, thanks for the update @guest. If you see the WSA release with the fix please let me know.
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    MBAE does not protect AdobeReader files.
     
    Last edited: Oct 27, 2013
  24. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can you elaborate a bit what you mean by this? Also some system info would be nice (OS, architecture, Adobe product and version, MBAE version, screenshots, mbae logs, etc.).
     
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    This should help explain...

    Maybe because it is a previously saved downloaded .pdf file that I had scanned. Not viewing in the Opera browser.

    ScreenShot_MBAE_AdobeReader_01.gif
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.