Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Does MBAE still conflict with SBIE? I would love to try it, but I won't sacrifice SBIE
     
  2. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,354
    I see, thank you. :shifty:
     
  3. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I think it still does conflict, Pete, but I'm using it anyway because lots of other stuff is protected -- particularly with the Premium version. Actually, with the Premium version you can add just about any app you want to the Shields list, which is a nice feature.

    BTW, I'm still using FF under Sandboxie. And in that scenario, even though FF is not specifically protected, Sandboxie pretty much takes care of the browser issues and MBAE adds some additional layered security to other apps.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay, thanks Tom. As another question, do you think it adds much if running Appguard?
     
  5. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,889
    Thanks Rasheed187 for this insightful post, it helps me understand more on the differences of these different programs.
     
  6. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Don't know if you were directing this question at me or someone else, but I do use AppGuard as well. Does it help?. . . is it needed?. . . I have absolutely no idea. However, because it seems to be very light on system resources and very unobtrusive, I figure it can't hurt anything. And as I said, it's just another layer of protection.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    No problem, and BTW I forgot to add that HIPS can only stop the execution of malware if they monitor "process execution". So for example a simple HIPS like WinPatrol won´t offer any protection against exploits.
     
    Last edited: Sep 2, 2014
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    OK I see, but I just wondered about this, because it seems so strange to patent code that can be written by anyone. Other apps like VoodooShield and AppGuard have apparently also patented the design (?) of the software, seems weird to me.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    OK, very interesting, so perhaps that is why some products performed poorly in the PCSL anti-exploit test? :)

    I understand, but what do you think about HMPA, in the GUI you can even see what type of mitigations they offer (of course not the logic behind it), you apparently think that this is not a good idea either?
     
    Last edited: Sep 2, 2014
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Akamai persons - please glance at Perspectives website, which pertains to an extension available for Firefox browser.

    QUESTION: If I am running MBAE, do I need that Perspectives extension, or not?
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    Last edited: Sep 2, 2014
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    If I had to guess, I would say the reason for not listing mitigations (minus the logic) in the GUI would likely to be just to keep things simple so that it doesn't seem overwhelming for people who may not understand, and that along could scare of potential new user purchases and that crowd would probably make up the larger percentage of their future intended user base.

    Having said that, I think that we should suggest that MBAE maybe add an Advanced option for a more detailed GUI for power users like members here at Wilders who like to get their hands dirty. The program would start in the current dumbed down GUI but an Advanced option could be something to opt-in if we choose. Obviously most of us users here at Wilders like to tinker with our security software. That is why I often get bored of this type of set-it-and-forget-it software with no options. But clearly I do understand how the simplified interface is good for their larger percentage of users or at least likely their future target user base. I am intrigued by MBAE though and continue to follow developments.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    @ WildByDesign

    Yes I think they want to keep it as simple as possible. But that´s not exactly what I meant. The thing is, Malwarebytes refuses to give that type of info, while EMET and HMPA are very open about it, that is a bit "striking". On the other hand I can also understand it from their point of view.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    I have MBAE PRO. As far as I could determine, neither the systray icon nor the main GUI offer a click spot to check for updates.

    QUESTION: How do I know when updates are issued?
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    MBAE checks for upgrades automatically every so often. If there's one available it will prompt you asking if you want to upgrade or not.

    There's a new release coming soon and you'll be able to see the upgrade prompt.
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    https://forums.malwarebytes.org/index.php?/topic/156507-malwarebytes-anti-exploit-10411012/

    We are happy to announce the availability of Malwarebytes Anti-Exploit, version 1.04.1.1012!

    This version includes a whole new set of exploit detection and blocking techniques, specifically for Layer1 to prevent exploit shellcode and for Layer2 advanced Java and other type of exploit payloads. In addition it improves usability with Desktop-based Java applications and some other usability improvements. The changelog is as follows:
    • Added various new layer 1 and layer 2 detection techniques
    • Improved various aspects of installation and automatic upgrades
    • Improved UI to make it easier to activate Premium
    • Improved threat information telemetry
    • Improved Java shield to prevent slowdowns and FPs in desktop-based applications
    • Fixed FP with Excel addon
    • Fixed bug executing Desktop shortcut after install
    • Updated hooking framework
    In order to download MBAE 1.04 please visit the main Malwarebytes Anti-Exploit page.

    Existing users of MBAE 1.03 will receive the automatic upgrade prompt. Initially we will roll this out slowly over the next two or three weeks to make sure the automatic upgrades is working as expected.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi ZVL

    Any progress with getting it to work with Sandboxie?

    Thanks,

    Pete
     
  18. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Not with 1.04. For 1.05 we're working on improving compatibility with third-party apps by improving the hooking driver. Keep an eye out on the Experimental sub-forum for a 1.05 test version soon.
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Oh good, Chrome loads fine again. Even with latest free stable EMET, HMP.A, and APT Shield. Now I need to test an exploit and hope everything doesn't fubar on me.

    Edit:
    Didn't exactly fubar, but browsers stopped working unless MBAE is disabled. AX64 to MBAE-less snapshot.
     
    Last edited: Sep 6, 2014
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay, I will do that, and look forward to giving it a test.

    THanks,

    Pete
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,621
    Location:
    Among the gum trees
    Hi J_L,

    I was just logging in to ask if the current HMP.A 2.6.5 was compatible with the free version of MBAE when I read your post, so I guess they are now, is that right?

    According to this it isn't - Known Issues & Conflicts

    Thanks.
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    To me it is fixed.
     
  23. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Is it correct to say that if at some moment there's no running apps that MBAE free covers then anyway MBAE gives protection to the OS?
     
  24. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    MBAE Free version only has shields for Mozilla Firefox, Google Chrome, Internet Explorer and Opera as well as Java. To protect other OS components, additional software and custom options you would have to use the paid version. Lately I've been using MBAE for browser exploit protection and using EMET to protect everything else. You just need to make sure you don't protect the browsers with EMET in this case because the two programs would likely overlap and cause problems. But it's a pretty decent setup.
     
  25. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Thank you. EMET has OS-wide protection options: DEP, SEHOP, ASLR. I thought MBAE free could have something like this.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.