Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

Page 5 of 164
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    By opening that .pdf file I was offered an update to Adobe Reader, which I allowed.

    ScreenShot_MBAE_AdobeReader_03.gif

    ScreenShot_MBAE_AdobeReader_06.gif
     
    Tarnak, Oct 27, 2013
    #101
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    While the PDF is open, search using processexplorer or similar for mbae.dll. It should be injected into acrord32.exe. If it is not, check the lgs of your third-party security software for hints of what is blocking the MBAE injection.
     
    ZeroVulnLabs, Oct 27, 2013
    #102
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Seems OK, but just doesn't show up under 'logs' tab of MBAE.

    ScreenShot_MBAE_ProcessExplorer_dll search_02.gif
     
    Tarnak, Oct 27, 2013
    #103
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    It's most likely one of the other security apps blocking the inter-process communication. Can you try again after disabling each of the other security apps one by one?
     
    ZeroVulnLabs, Oct 27, 2013
    #104
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I disabled the HIPS in DW, and now it logs opening a .pdf file. It was the first app that I tried to find out what could be the problem. ;)

    ScreenShot_MBAE_AdobeReader_07.gif
     
    Tarnak, Oct 27, 2013
    #105
  6. controler

    controler Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    how does this work against a site like this?

    cope.com
     
    controler, Oct 27, 2013
    #106
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    MAE won't start. Shutdowns immediately when started.

    Win 8.1 x64 with WSA installed.


    Untitled1.png
     

    Attached Files:

    shadek, Oct 27, 2013
    #107
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,093
    Location:
    Germany
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Isn't MBAE incompatible with Windows 8.1 at the moment?
     
    FleischmannTV, Oct 27, 2013
    #108
  9. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Added this to the known issues list:
    https://forums.malwarebytes.org/index.php?showtopic=135127

    Thanks for reporting.
     
    ZeroVulnLabs, Oct 27, 2013
    #109
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Please read the known issues list:
    https://forums.malwarebytes.org/index.php?showtopic=135127

    Version 0.09.4.2000 has compatibility with Windows 8.1 and will be released in the next day or two.
     
    ZeroVulnLabs, Oct 27, 2013
    #110
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks for letting me know! :)
     
    shadek, Oct 28, 2013
    #111
  12. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can anybody test the compatibility of SpyShelter and MBAE and post the results here?
     
    guest, Oct 28, 2013
    #112
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    ZeroVulnLabs, Oct 30, 2013
    #113
  14. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,939
    Location:
    North of the 38th parallel.
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Congratulations Pedro! :D :D :D
     
    1PW, Oct 30, 2013
    #114
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    ZeroVulnLabs I am using panda cloud pro and malwarebytes pro:thumb: :thumb:
     
    jmonge, Oct 30, 2013
    #115
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    From log:

    2013-10-31 13:02:24 - The Malwarebytes Anti-Exploit task scheduler has been successfully created
    2013-10-31 13:02:25 - Malwarebytes Anti-Exploit Driver Installed successfuly
    2013-10-31 13:02:25 - Malwarebytes Anti-Exploit Driver is running
    2013-10-31 13:02:25 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
    2013-10-31 13:02:28 - DLL Injection has been successfully started C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
    2013-10-31 13:02:30 - Opera is now protected.

    ScreenShot_MBAE_v0.9.4.2000_install_04.gif

    ScreenShot_MBAE_v0.9.4.2000_install_06.gif

    P.S. As mentioned a few posts earlier in this thread, .pdf files are still unprotected. No doubt, this will be fixed, eventually.
     
    Tarnak, Oct 30, 2013
    #116
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Is this the same issue of DefenseWall HIPS blocking the MBAE injection? If it is there is nothing for us to "fix". Try excluding MBAE from DefenseWall HIPS to see if it will allow MBAE to work normally.

    If someone has a contact or can point me in the right direction at DefenseWall I would really appreciate it.
     
    ZeroVulnLabs, Oct 31, 2013
    #117
  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000


    This should work - Ilya Rabinovich, CEO, ...support[@]softsphere.com
     
    Tarnak, Oct 31, 2013
    #118
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks!!
     
    ZeroVulnLabs, Oct 31, 2013
    #119
  20. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Working great on Windows 8.1, Thank you for all your hard work:thumb:
     
    Tyrizian, Oct 31, 2013
    #120
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Ilya confirmed to me that the issue is solved as of DefenseWall 3.22. I will update the known issues and incompatibilities list with this information.

    Thanks Ilya for your prompt attention to this issue! :thumb: :thumb:
     
    ZeroVulnLabs, Oct 31, 2013
    #121
  22. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    From my experience Ilya is very prompt to requests of DW users. :thumb:
     
    Solarlynx, Oct 31, 2013
    #122
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,297
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    That is the version, that I am using. Are you saying that there is no problem, and the problem is in my system?
     
    Tarnak, Oct 31, 2013
    #123
  24. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    The HitmanPro Alert Update block (hmpalert_update.exe) seems to have disappeared with the new version. All is good for now.
     
    vojta, Oct 31, 2013
    #124
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    No, that's not what I said. I said Ilya confirmed that DW 3.22 solves the issue between DW and MBAE.

    You might have something else other than DW blocking the injection. Can you send me a DDS or HJT log to see what's on your system?
     
    ZeroVulnLabs, Oct 31, 2013
    #125
Page 5 of 164
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...