Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    By opening that .pdf file I was offered an update to Adobe Reader, which I allowed.

    ScreenShot_MBAE_AdobeReader_03.gif

    ScreenShot_MBAE_AdobeReader_06.gif
     
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    While the PDF is open, search using processexplorer or similar for mbae.dll. It should be injected into acrord32.exe. If it is not, check the lgs of your third-party security software for hints of what is blocking the MBAE injection.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Seems OK, but just doesn't show up under 'logs' tab of MBAE.

    ScreenShot_MBAE_ProcessExplorer_dll search_02.gif
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    It's most likely one of the other security apps blocking the inter-process communication. Can you try again after disabling each of the other security apps one by one?
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I disabled the HIPS in DW, and now it logs opening a .pdf file. It was the first app that I tried to find out what could be the problem. ;)

    ScreenShot_MBAE_AdobeReader_07.gif
     
  6. controler

    controler Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    how does this work against a site like this?

    cope.com
     
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    MAE won't start. Shutdowns immediately when started.

    Win 8.1 x64 with WSA installed.


    Untitled1.png
     

    Attached Files:

  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Isn't MBAE incompatible with Windows 8.1 at the moment?
     
  9. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Added this to the known issues list:
    https://forums.malwarebytes.org/index.php?showtopic=135127

    Thanks for reporting.
     
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Please read the known issues list:
    https://forums.malwarebytes.org/index.php?showtopic=135127

    Version 0.09.4.2000 has compatibility with Windows 8.1 and will be released in the next day or two.
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks for letting me know! :)
     
  12. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can anybody test the compatibility of SpyShelter and MBAE and post the results here?
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  14. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    813
    Location:
    North of the 38th parallel.
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Congratulations Pedro! :D :D :D
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,923
    Location:
    Canada
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    ZeroVulnLabs I am using panda cloud pro and malwarebytes pro:thumb: :thumb:
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    From log:

    2013-10-31 13:02:24 - The Malwarebytes Anti-Exploit task scheduler has been successfully created
    2013-10-31 13:02:25 - Malwarebytes Anti-Exploit Driver Installed successfuly
    2013-10-31 13:02:25 - Malwarebytes Anti-Exploit Driver is running
    2013-10-31 13:02:25 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
    2013-10-31 13:02:28 - DLL Injection has been successfully started C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
    2013-10-31 13:02:30 - Opera is now protected.

    ScreenShot_MBAE_v0.9.4.2000_install_04.gif

    ScreenShot_MBAE_v0.9.4.2000_install_06.gif

    P.S. As mentioned a few posts earlier in this thread, .pdf files are still unprotected. No doubt, this will be fixed, eventually.
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Is this the same issue of DefenseWall HIPS blocking the MBAE injection? If it is there is nothing for us to "fix". Try excluding MBAE from DefenseWall HIPS to see if it will allow MBAE to work normally.

    If someone has a contact or can point me in the right direction at DefenseWall I would really appreciate it.
     
  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000


    This should work - Ilya Rabinovich, CEO, ...support[@]softsphere.com
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks!!
     
  20. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Working great on Windows 8.1, Thank you for all your hard work:thumb:
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Ilya confirmed to me that the issue is solved as of DefenseWall 3.22. I will update the known issues and incompatibilities list with this information.

    Thanks Ilya for your prompt attention to this issue! :thumb: :thumb:
     
  22. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    From my experience Ilya is very prompt to requests of DW users. :thumb:
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    That is the version, that I am using. Are you saying that there is no problem, and the problem is in my system?
     
  24. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    The HitmanPro Alert Update block (hmpalert_update.exe) seems to have disappeared with the new version. All is good for now.
     
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    No, that's not what I said. I said Ilya confirmed that DW 3.22 solves the issue between DW and MBAE.

    You might have something else other than DW blocking the injection. Can you send me a DDS or HJT log to see what's on your system?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.