Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    We haven't fixed that yet, so it might come back after some time when HMP.Alert tries to update again.
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Sent, a few minutes ago.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Thanks!

    In the future please send this stuff to anti-exploit [ at ] malwarebytes.org. The @zerovulnerabilitylabs.com domain services are slowing being migrated away.
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I see you have a LOT of security software running on this machine (Sygate, SAS, Ewido Sec Suite, DefenseWall, Vipre, Webroot, VoodooShield, AntiLogger, WinPatrol, RegWatcher, HMP, ...).

    Try disabling or completely uninstalling one by one and then stopping/starting MBAE to open Adobe Acrobat Reader after each one. This way you will be able to find out which one is blocking the MBAE injection.
     
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    That's weird. HMP.Alert always tries to update the first time that I open Firefox after switching on the computer or after a reboot. I have rebooted three times and switched off and on once and I no longer get a block notification, either on MBAE's GUI or mbae_default.log.

    Both HMP.Alert and MBAE's DLLs show under firefox on ProcessExplorer. I have launched mbae-test.exe and MBAE blocks the exploit.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I think I won't worry, since DW is protecting whenever I view PDF files. Sorry, for any inconvenience.
     
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    9.4.2 working well in Win 8.1 64 bit. Running it in Firefox with CFW and WSA. No issues and it's only using 4k. Proctected Adobe reader while opened in Firefox. I was surprised that it worked with WSA running. Good Job
     
  8. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    @ZeroVulnLabs:
    I can confirm compatibility with new version Webroot WSA, 8.0.4.24.
    However, there may/may not be a problem. I fire up IE, Firefox, and Foxit Reader, in that order. The log tab correctly displays entries for each application. However, there are a total of four dlls created. Two for IE, one for Firefox and one for Foxit reader. This matches with the shielded applications (4) shown on the general tab, even though there are only three applications.
     
  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Just curious....should shielded applications say -1 when that application is running?
     
  10. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    The first time I rebooted after my upgrade to 0.09.4.2000 beta, I saw Shielded applications at a -2 in the midst of my testing.

    I have not been able to duplicate this since.

    Everything else does seem to be as expected.

    Let's hope W8.1 users are doing fine. :)

    Edit: I noticed the below just a few moments ago. I'll leave this system as is till I hear from Pedro.
     

    Attached Files:

    Last edited: Oct 31, 2013
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Chrome still freezes with MAE on Win x64 8.1. The tab does not freeze completely though, just that site. I can browse to another site, but not continue clicking links on the frozen site.

    With last version on Win 8 the tab froze completely and had to be shutdown... so I suppose it's a bit better, but not all good yet.

    EDIT: WSA installed as security software.

    Screenshot 2013-10-31 21.54.22.png
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Let's give it a few days/weeks to see if it gets blocked again.

    This is normal as IE creates 2 iexplore.exe processes when it launches. We inject both of them. As for WSA, thanks for confirming. I'll post the WSA version number you report in our known issues & conflicts list so that other people can see it.

    @kjdemuth, @1PW, this is an old bug that somehow crawled back. We'll take a look at it again.

    Can you PM me details of how to reproduce this (site URL, add-ons, etc.). Also do you have the latest WSA version 8.0.4.24 which introduces compatibility with MBAE?
     
  13. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Yes, I will as soon as I get back from work! And also, yes, that's the version of WSA I have. You'll be hearing from me via PM either today or tomorrow! :)
     
  14. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I tried MBAE for the first time yesterday and saw the same. Also on Win x64 8.1 + WSA (+MBAM Pro).
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Is it Win8.1 Preview or Win8.1 full release?
     
  16. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Win 8.1 x64 full release (and WSA is at 8.0.4.24)
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can you post or PM me a full list of extensions under Chrome?

    EDIT: in both cases so far there's also WSA installed. Can you deactive WSA to see if there is still a conflict between WSA and MBAE?
     
  18. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    PM sent. Still get the random lockups with both WSA and MBAM Pro stopped
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Got it!
    We'll try replicating it asap. If anyone else runs across this please let me know.
     
  20. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Is there an exploit test with version 0.09.4.2000 ?
    Thanks.
     
  21. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Yes. You will likely find yours at:

    C:\Program Files\Malwarebytes Anti-Exploit\mbae-test.exe

    HTH :)
     
  22. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Much appreciated !!
    Thank you.
     
  23. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
  24. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Anybody has experienced any incompatibility with Zemana?
     
  25. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I had them both installed at the same time during a couple of weeks and there was no problem and both did their job right.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.