Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the feedback! :thumb:
     
  2. fs2com

    fs2com Registered Member

    Joined:
    Sep 20, 2014
    Posts:
    118
    Should we uninstall the old one first or just run the experimental installation?
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Installing on top works most of the time without even requiring a reboot.

    The worse that will happen is that it times out while uninjecting the old DLL and injecting the new DLL and it will ask for a reboot. But that happens very rarely.
     
  4. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    565
    Uninstalled stable, restarted, installed beta. So far so good :)!
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I gather no Sandboxie support yet.
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Working with Curt right now. This version should inject into Sandboxie, but Curt is looking into it further from his side of things.
     
  7. fs2com

    fs2com Registered Member

    Joined:
    Sep 20, 2014
    Posts:
    118
    Yes... It's work without reboot... I do click stop protection first prior to the beta installation. Thanks ZeroVuInLabs
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    No need to stop the protection either to upgrade to the new version. A simple install on top will work.
     
  9. fs2com

    fs2com Registered Member

    Joined:
    Sep 20, 2014
    Posts:
    118
    Nice... will keep that in mind next install when the stable is released
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It probably needs a line or two in it's ini file so they communicate. Similiar to what was needed for EMET,ERP etc


    PS out of the box it isn't working with Sandboxie
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Pedro

    One immediate first reaction. The ability to add other programs to the shields is next to useless. I use a different media play, and it takes a bit to figure the first thing is just a descriptive name of choice. That's fine, but then to expect a user to type in the file name, is useless. I use a different media player, and I couldn't begin to do that. It desperately needs a browse function.
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's a good point, a browse function would be the thing to have in the add-shield dialogbox. I'll put that request in our backlog.
     
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yes... this and SBIE compatibility and I'm buying this sucker.
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    A short time ago I installed the latest experimental version over the top, and no reboot necessary. :) I can see immediate changes. ;)

    ScreenShot_MBAE_v1.05.3.1010 eperimental_01.gif
     
  15. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I have yet to test the 4.x sandboxie line (I will do so soon but have no time to spare atm in case it doesn't.) but with 3.76 I have found no differences required to make it function with the template I have published both here and on the MB forums. Eager to see if 4.x is operational though and will do so at some point this weekend!
     
  16. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,811
    Is there any conflict between MBAE and Avira's Proactiv module?
    I don't think so, but this is what Avira Support says:
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We've never seen or heard about a conflict between MBAE and Avira, but it could be possible.

    Are you the one having the issue? If so, in addition to trying what Avira Support says, could you also try MBAE 1.05 Experimental Build (link in my sig). MBAE 1.05 changes its API hooking method to avoid such conflicts.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,811
    Thanks for the prompt reply.
    a) Yes.
    b) Already done (since yesterday).

    fyi:
    1) MBAE uninstalled from one PC, the issue still persists.
    "If after uninstalling Malwarebytes the issue still persists it means that this is caused by our proactiv module."

    2) After the upgrade to the latest Avira version (v14.0.7.342), issue seems to be solved in all PC's (with or without MBAE installed).
    I think so but I have to wait few days in order to be sure.
    ----------------------------------------
    O.T.
    Re the MBAE logs:
    An option in "settings" to keep the logs for one day/one week/one month is better than the present one, IMHO.
     
    Last edited: Nov 7, 2014
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the confirmation anon. It seems clear the previous Avira version was at fault then.

    I'll keep your suggestion handy for the MBAE logs.
     
  20. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    @ZeroVulnLabs Does using 'Other' Profile OK for Skype?(or)Is there a better profile for Skype?
     
  21. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    Done, no crashes any more.

    Could there be conflicts with a webshield (AVG, Avast) when using Malwarebytes Anti-Exploit? :doubt:
     
  22. 142395

    142395 Guest

    I want export/import funtion for settings, it will be useful when I install MBAE for new PC or after re-install Windows.
    I think basically not unless that webshield use radical hook like Panda URL Scanner.
    I don't know specifically about AVG or Avast though.
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    You can try first with "browser" and if it gives you problems then fall back to "others".

    There could, but shouldn't. If you see any please do let me know.
     
  24. reyes

    reyes Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    48
    Location:
    INDIA
    Tried the new expierimental build with Sandboxie 4.14 and using the template code... Firefox seem to be working fine inside sandboxie and also protected by mbae :)

    [Template_Malwarebytes Anti-Exploit]

    Tmpl.Title=Malwarebytes Anti-Exploit
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*mAH*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*mix*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*mAH*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*

    Also i added shields for cyberfox 64 bit and palemoon 64bit but mbae protection was not applied while they were sandboxed
     
  25. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I'm surprised it worked at all using the old one. For x64 systems I found a different scan key was required. The post was updated on MBAE but I don't recall if I did so here as well. Maybe you'll have better luck with the updated one? After lunch I'll be diving in to test it myself. Crossing my fingers :p

    Code:
    [Template_MBAE]
    
    Tmpl.Title=MalwareBytes Anti-Exploit
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\WoW6432Node\Malwarebytes Anti-Exploit
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
    
    
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.