Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    No, not correct. It only protects the applications that are specifically shielded (pre-determined + custom shields)

    If you're looking for completely free exploit protection I think this is a good combo. But also keep in mind that for ex EMET won't protect against a kernel exploit like Duqu (Word) whereas at least MBAE will prevent the payload from executing via its Layer3 protection in those cases.

    I don't think this is very accurate as those EMET mitigations are per-application rather than OS-wide.
     
  2. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    DEP, SEHOP and ASLR are there even without EMET.
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,253
    Location:
    New England
    A few posts, which were personally directed at posters versus being about the thread topic, have been removed by me. Let's focus on the product and its releases and not comment about who is posting and how they are doing it.

    Anytime that you are thinking that you need to name a specific member and comment on what they are posting, or how they are posting it, stop and reconsider whether that post itself is going to be on-topic to this thread's purpose. In fact, you should never be naming names and adding negative comments about them or what they posted. Stick with the technology aspects and leave the personal interactions out of the thread.

    Now, let's get back to the "Malwarebytes Anti-Exploit" discussion...
     
  4. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Thank you.

    AFAIK at least DEP is stronger with EMET.
     
  5. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,861
    Is this a secret version?

    Why is not mentioned in official Release History for all Malwarebytes products?
    http://www.malwarebytes.org/support/releasehistory/
    &
    Malwarebytes Anti-Exploit History / Updates in Malwarebytes Forums?
    https://forums.malwarebytes.org/index.php?/topic/132660-malwarebytes-anti-exploit-history-updates/
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,628
    Location:
    North Carolina, USA
    Hello anon,

    My guess would be since Pedro released the new version on 05 September 2014 at 10:31 PM, that whomever maintains the two links you posted were already home for the weekend. I assume they will update those links on Monday once they are back in the office. Just a guess on my part but IMHO probably the case... HTH...
     
  7. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    This is what I'm waiting on as well. I think that once this is both implemented, and ironed out to the point I see people commenting that all is well, that will be the time to invest in this product for me.

    To ZVL... please ensure compatibility for SBIE v3.76 as well as v4, as many (including myself) are still using it. It's the last build of v3 and works very well. Many had problems when trying to upgrade to v4.

    Thanks
     
  8. guest

    guest Guest

    Someone mentioned that the new version is compatible with HPA, in my case I still have compatibility issues (internet connection lost)
    W8 x64 latest version of HPA and MBAE
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,475
    Location:
    Hawaii
    Today my MBAE PRO automatically updated to 1.04.1.1012. It took me a couple of reboots because I forgot to put AppGuard into install mode. Also forgot to disable my antiexecutable. Then I discovered that MBAE apparently updates a driver so the install got killed by Driver Radar.

    It's always *lots of fun* when my security apps start messing with my head. I wish MBAE's update alert would include a reminder, such as: "Hey dummy, don't forget to turn off other apps that might conflict."
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    P.S. The "automaticity" of MBAE's update precludes my downloading the new version so that I can scan it for nasties. Of course a valid MBAE update would not contain nasties. BUT -- would it be possible for a bad guy to initiate a seemingly valid (but infected) MBAE update, thereby by-passing my scan & other security checks?
     
    Last edited: Sep 9, 2014
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the confirmation bellqamin. We're throttling the upgrades starting today to make sure everything is OK.

    Other than the block by your Anti-EXE and DriverRadar, did the MBAE upgrade happen OK? Did it ask you to reboot or did it complete without an upgrade?
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,475
    Location:
    Hawaii
    MBAE installed just fine -- steaming steady & straight. Reboot was not needed.
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,658
    Location:
    DC Metro Area
    Haven't gotten my new version yet -- only thing that has changed for me is that I can't open menu using the tray icon :)
     
  13. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I currently have the Premium version installed. Is it possible to do a manual update to v1.04. If so, how?
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  15. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Will it just install over the top of 1.03?
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, you can simply run the installer and it will upgrade whichever MBAE version you have to the latest 1.04.
     
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    MBAE auto upgraded yesterday. No need to reboot and no problems so far. XP32, SP 3.
     
  18. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    I've just installed a bunch of Windows updates and IE borked. Error message 0xc0000018 and wouldn't launch. Turns out it was MBAE. It's happened before.

    Anyway, I've removed MBAE and will take a look at the newest release. The issue has probably been addressed in the new version. Could be that I just needed to update it.

    Running AppGuard too, so it may be the same thing Bellgamin experienced. I can't remember if the free version auto-updates or not.

    Edit: Ha! Installed 1.04.1.1012 and IE is peachy. Good stuff.
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Cool thanks for confirming!
     
  20. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,321
    Location:
    Hollow Earth - Telos
    I have 1.04 Free and it looks like it has a Counter for the number of times it has Shielded a App so far. My counter is up to 368 now.
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  22. StillAlive

    StillAlive Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    42
    The old tray icon bug survived in Malwarebytes Anti-Exploit Premium 1.04.1.1012: rarely after a reboot there is no MBAE icon in the tray, until next reboot; and today system booted and i see two MBAE icons in the tray!
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Not sure I understand correctly. So does the traybar icon show up correctly or not?
    Please check to see if you have an MBAE entry in your TaskScheduler. It might be a left-over from an incomplete uninstall of an older MBAE beta.
     
  24. Launch of Chrome took relatively long with MBAE 1.04, Launch of IE took even longer with EMET 5. Consequative program launches measured with Passmarks's Apptimer. Could some of the group policy settings have impact on dll-injection (I had also a ADM template installed for Chrome)?
     
    Last edited by a moderator: Sep 20, 2014
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    How big a difference are you seeing between bare Chrome/IE and when adding MBAE/EMET?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.