Malwarebytes Anti-Exploit

Re: Malwarebytes Anti-Exploit 0.09.4.1000

http://s22.postimg.org/qqfff5qr5/Immagine.jpg

Works that way.
It's OK ?

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Yes that's ok. I believe its a problem with the EMET reporting from the traybar icon. But the exploit test is blocked by emet as the calc.exe is not launched.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Can you replicate it at will? If so please send me the steps to replicate it.

Also please send me DDS logs and the file path and version details for msvcp100d.dll and msvcr100d.dll which are in your system

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

DDS files and requested information has been e-mailed to you.

I don't know if I can readily replicate it... I'll give it a try.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

@BoerenkoolMetWorst, you got me thinking again. I did test this with a couple of vendors but after your comment I decided to make a more thorough check. Only Kaspersky passed the test while Avast, AVG, Avira, ESET, McAfee and Norton failed it.

http://s23.postimg.org/pz9zbgnxn/Exploit_Test_Avast.png
http://s8.postimg.org/w4dhi6sc5/Exploit_Test_AVG.png
http://s24.postimg.org/x9d0atlfp/Exploit_Test_Avira.png
http://s23.postimg.org/xki241p9n/Exploit_Test_ESET.png
http://s15.postimg.org/myn0wrz9n/Exploit_Test_Mc_Afee.png
http://s21.postimg.org/kejpvv0ev/Exploit_Test_Norton.png

Maybe for the future we can make more Exploit Tests like this one but using different exploit techniques to see who detects what.

Thanks again for bringing this up!

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

@ZeroVulnLabs

I have found also that MBAE doesn't work either when Spyshelter is installed. mbae.dll isn't loaded on chrome

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Thanks for the report @guest. We'll test it and add it to the list.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Thanks that works I made a typo btw, I meant to ask if you're going to release the test separately from the product, for example with Spyshelter and Zemana, you can download test tools from their website.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

@ZeroVulnLabs

I have uninstalled Spyshelter and now mbae.dll doesn't load with chrome the only way is by disabling WSA. It's so weird because it was working before, anyway I will wait to the next WSA web shield update to see what happens.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

I happened to chance upon this when I went looking for details on where ESET online scanner had been installed, when I noticed this about MBAE.

Just wondering why MBAE-loader.exe has suddenly appeared in Scheduled Tasks.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Currently we have no plans for it. Even though we have a couple such tools for internal QA testing releasing them would be providing unnecessary details to competitors about what type of protection techniques to add to their products.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

It has always been there after installation of MBAE. It is how MBAE starts at boot.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Not sure if this has been discussed in previous posts, but if it hasn't...then here it is.

Not sure if this has to do with running Anti-Exploit on Windows 8.1 or not, but if it does, then this is the error I received right after installing Anti-Exploit.

Is this a Windows 8.1 incompatibility?

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

@TyRidian

https://forums.malwarebytes.org/index.php?showtopic=135127

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

OK...thanks.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

I should have checked that page before posting, my bad.

Thank you for posting the info I needed

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

@ZeroVulnLabs
as i told you about problem between SpyShelter Firewall and Malwarebytes Anti-Exploit for launching Firefox
if i uncheck action type 33(setting hook to monitor network request)
in spyshelter,i can launch firefox without problem when both tool is running
but it insecure

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Actually I think there is an overlap between SS and MBAE, SS blocks MBAE dll from loading on the browser

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

I know there are many here with MBAE and HMP.Alert installed together and you still get blocked event every time that HMP.Alert tries to upgrade. Can any of you please replicate the issue while having SysInternals ProcMon running and save and send me a capture of the blocking event?

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

PM sent.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Some good news about the incompatibility with WSA
https://www.wilderssecurity.com/showpost.php?p=2295624&postcount=21

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Sounds very good, thanks for the update @guest. If you see the WSA release with the fix please let me know.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

MBAE does not protect AdobeReader files.

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

Can you elaborate a bit what you mean by this? Also some system info would be nice (OS, architecture, Adobe product and version, MBAE version, screenshots, mbae logs, etc.).

 

Re: Malwarebytes Anti-Exploit 0.09.4.1000

This should help explain...

Maybe because it is a previously saved downloaded .pdf file that I had scanned. Not viewing in the Opera browser.