Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    So you are worried of getting infected (again) when you are already infected. Did I understand it right?
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    No
     
  3. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    No? This is the post you pointed at:

     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Do you have the same problem with the latest MBAE 1.05.1.1016? Is CFW the latest available version? I recall there was some conflict between the MBAE Experimental versions and CFW but after contacting Comodo they fixed it.
     
  5. DX2

    DX2 Guest

    I haven't tried the newest one of MBAE. But yes, it's the latest CFW available.
     
  6. 142395

    142395 Guest

    Yes, what bjm_ wanted is not the scope of MBAE and not needed.
     
  7. JRBombola

    JRBombola Registered Member

    Joined:
    Jan 7, 2015
    Posts:
    5
    I had the same problem with the whole Comodo Internet Security, I was not able to fix it, I believe it is something with Comodo that makes MBAE do that, once I uninstalled everything Comodo, it is fine again, Obviously Comodo and MBAE are not compatible.
     
  8. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
  9. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I'm being reminded of why I don't use an anti-exploit app now... they conflict with everything & anything. If this thing isn't going to play nicely with Sandboxie or older versions of Comodo FW (like 5.10)... then it simply isn't an option for me. And I was really looking forward to this too... an option that I didn't need to add the bloat of .NET Framework to be able to utilize.

    I will just continue to depend on my nearly non-existent attack surface and end user know-how/discretion to keep me safe from exploits. It's served me well thus far, as I haven't fallen victim to any type of compromise period since upgrading to high speed internet and getting behind a router many years ago.

    I am still keeping a (hopeful) eye out for OpenEMET though. Even on XP, I can at least take advantage of the app specific mitigations. And I don't expect it to conflict with anything. And for users of post-XP OS's that can take advantage of all it's features, and find these other solutions like MBAE conflicting with existing security apps, I recommend you keep an eye out for it as well. It also does not require .NET FW to function.
     
  11. DX2

    DX2 Guest

    It ran good for me with CFW 5.10.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    It did work well for me back when I had Comodo Firewall installed.
     
  14. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    What about the previous versions of Internet Explorer and the previous versions of Flash?
    Because with the latest version of Internet Explorer (IE11) and latest version of Flash, we don't need MBAE=
     
    Last edited: Jan 22, 2015
  15. guest

    guest Guest

    This exploit should be blocked on all versions of Flash Player and Internet Explorer (unless a version exists which contains an MBAE bypass). MBAE is browser independent and contains a number of general mitigations which focus on typical exploitation behavior like heap spraying, stack pivoting or calling critical functions like WinExec from RWX memory. (Correct me if I'm wrong)
     
  16. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I've just run Chrome update (chrome://chrome) and its flash plugin has been updated to 16.0.0.287 from 16.0.0.257
     
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    MBAE works well with everything in my signature.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    Jérôme Segura (Senior security researcher at Malwarebytes.) =
     
  19. 142395

    142395 Guest

    I don't know if you meant me, but I don't say 0day is targeted attack only.
    In 2012 & 2013, there're several 0day java exploit which are employed by exploit kits for mass attack, some of them were copied attack but there were also pure 0day which firstly found in exploit kit (regenpijp posted one example). But we haven't seen such attack after mid 2013, instead we began to see copied attack in late 2013 and 2014, both for IE. And also we began to see more report about watering-hole attack which also may affect home user.
    So I guess this is for the first time in the last 1.5 year as the 0day for mass attack which was not even copied attack nor watering-hole attack.
    I think currently no validation is made about if IE11 is not affected (except Win 8.1), but very curious to know.
    If it really fixed the bug, quite fast patch for Adobe!:eek:
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This can be a problem indeed, but developers can always fix things. And I'm sure this was already mentioned, but is MBAE compatible with Sandboxie or not? Do I need to add a certain line to SBIE's config setting?
     
  21. guest

    guest Guest

  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Can anyone answer this? If HMPA is compatible with Sandboxie, why can't MBAE be?
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
  25. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Isn't malwarebytes anti-exploit + browser better protection than sandbox + browser?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.