Malwarebytes Anti-Exploit

None of my 9 KB's are 11.7 so i guess i don't have the update. I have MS Silverlight installed but don't need the update i guess.

 

The key problem here is the fact you cannot protect Firefox or Chrome or IE with Malwarebytes Anti-Exploit, when they start/run under Sandboxie!

You also said:
MBAE protects against the most dangerous types of exploits, the ones that result in complete system compromise by running arbitrary malicious code and which are normally used by cyber criminals to infect users with financial-driven malware, botnet infections, or corporate espionage malware. MBAE focuses on protecting popular applications against attacks which result in system compromise by executing malicious code. MBAE will not protect against exploits which take advantage of insufficient or incorrect configuration or information disclosures, XSS, SQL injection, etc.

For Sandboxie you said this:
Sandboxie is designed to contain code-execution exploits which is just a small part of exploit in the whole exploit field IMO.
So, did you mean that Sandboxie and MBAE are actually protecting/containing systems against the same forms of exploits, and they are both vulnerable to XSS, SQL injection, side-channel attack, related-key attack, or chosen-plaintext attack and everything else you mentioned.

So, from what I understood both MBAE and Sandboxie protect against code-execution exploits, but also both cannot protect against XSS, SQL injection, side-channel attack, related-key attack, or chosen-plaintext attack and everything else you mentioned, so it seems to me that both MBAE and Sandboxie are equally good in protection/containment against exploits since both MBAE and Sandboxie protect/contain againts the same number of exploits!
True or false?
It would be really nice to have MBAE protecting all of sandboxed web-browsers (under Sandboxie), unfortunately, I'm not that lucky.

 

I added a shield for my windows desktop gadgets. The log shows that they are protected now.

 

I don't fully agree.
Everyone who have interest in security have to know many 'new' exploits are made just after those update. This is no wonder because criminals analyze those patches and from that can develop new exploit, sometimes within 48h or so. So after every new patch release, there're more new exploit. For security sake it's better to apply patch ASAP.

But I know those update often cause problems, so my advice is take system (and if you can, data too) backup regularly, and make sure you have bootCD/USB. For SSD drive, system recovery will be done within 20 min or so depending on machine power.
If update caused problems, you have to prolong that but during that period, take as much as caution. Fortunately, IBK told me that most major AV can detect those known exploit well. But still there're huge difference among effectiveness in de-obfuscation technology, so layering security by anti-exploit and/or HIPS, sandbox, anti-exe is better of course.

 

I think you can protect sandboxed browser by the latest MBAE as long as you use 32 bit version of the browser. If not, ask Pedro or people here.

Not ture nor false.
Maybe I had better to say "SBIE can contain the results of code-execution exploit", but anyway, you first have to learn what they are about XSS, SQL injection, crypt attacks (I can add more if you want). They are completely different things than code-execution exploit, only common thing is they all affects security in some way, but some will not be relevant for you.

But generally, yes SBIE and MBAE protect you from the same category of threats, but in different stage and by different approach.

 

BTW, it's not what I said but it's a quote from Malwarebytes' forum.

 

Please do add more when you find time.
Anyway, I will install Noscript add-on in Mozilla Firefox again coupled with Sandboxie's supervision over both, I had to remove it because my family lost nerves when I used NoScript, since it blocked so many websites, it's hard to configure NoScript to make it set and forget for my family, plus it seems to me that I'm the only who even really cares about computer security, this is why I'm so irritating to many people, not just to you.

I need your opinion about something what FleischmannTV said:

What does it mean that AppGuard protect against all dlls and Sandboxie with restrictions cannot?
So Sandboxie is a limited version of AppGuard?
In what areas/ways/levels Sandboxie is better than or equal to AppGuard in what way is the opposite?
IMPORTANT NOTE: PLEASE, Yuki, reply this (when you find time) on "Fileless malware detection" thread, since this is no thread for asking such questions, hopefully, moderator will not erase this post before you read it.

 

OK.

 

"Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit process will be terminated."

I've tried removing the existing MBAE and installing it new but I get the same message. Just downloaded a boat load of Win 7 updates after doing a fresh Win 7 install. I'm going to try and see if there are some registry keys messed up but.............

I got it. I had to remove the old folder and it installed again without issue.

It would be nice to have a browse function to add shields rather than having to copy and paste the location of a .exe

 

Next version will have this!

 

I know, of course!
But remember, there's no full replacement of patch and there're some vuln other than RCE which anti-exploit or other security can protect.
I said that as a general advice in earlier post.

 

Chrome blocks download of MBAE?

 

What do you mean exactly? Can you post a screenshot or steps to repro?

 

Updated build 1016 in my signature.

This build basically fine-tunes a couple of the new mitigations to prevent FPs due to a conflict with a little known Asus sound component (details here).

 

Hello Windows_Security,

I just downloaded MBAE with Chrome and had no issues. Chrome version should not matter but I am using the latest dev build 41.0.2243.0 dev-m (64-bit).

 

Sorry, I finally found it. Attachement manager setting in GPO was enabled "Trust logic for file attachements", in Dutch it is called typing with thick fingers (enabling something / making mistakes without knowing)

 

Updated, thanks.

 

Updated build 1015, Updated build 1016 but Release History still remains in 1014 build..........

https://forums.malwarebytes.org/ind...ebytes-anti-exploit-history-updates/?p=914489
&
http://www.malwarebytes.org/support/releasehistory/

 

I am running 1.05.1.1014 RELEASE Build. When will it update, automatically?

 

How to update manually:

 

Next week.

 

I hope that the automatic updating will be optional... I imagine that it would be but just making sure. That browse function is definitely a welcome addition too.

I still want to wait a bit for some maturity and feedback, but this product is definitely on my on deck circle right now. It will likely be part of my sig by February 2015.

 

I added a Shield for Zemana AntiLogger and WSA. The Log says they are protected now but not sure if it will help much.

 

It might not be a good idea to install a new version of Maxthon Browser if MBAE has a shield on it..lmao. All i know is that right after i did it pretty much everything locked up and froze. i could not get to the internet or launch any desktop Icons. I could not even restart my pc and had to power it off. I kept on getting messages that i needed Admin Rights to do anything. After power off and start everything seems to be back to normal.