Malwarebytes Anti-Exploit

And "browse" to add file please

 

Already done for 1.06:

 

Nice and pretty handy the "Browse" feature indeed, thank you.

 

Nice job in putting the Guide together, Syrinx -- very helpful.

 

Pedro -- can you confirm the name and location(s) of this DAT file(s). Thanks.

 

C:\ProgramData\Malwarebytes Anti-Exploit\
applications.dat
mbae-config.dat
mbae-report.dat

 

Excellent news!

 

Any news on when an experimental build of MBAE 1.06 will be available?

 

Hello regenpijp:

https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-65#post-2455096

HTH

 

OK thanks, would be interesting to learn a bit more about this, but I understand if you don't want to share the info, because of the competition. I do believe that making MBAE fully compatible with SBIE would be a very smart thing to do. It would be just another selling point.

 

Respectfully, I wouldn't be surprised if it has a wee bit more to do with the ne'er do wells and a bit less with the competition?

Cheers

 

It's actually not much of a secret or anything like that. If you want to know more about our driver and hooking just go to http://madshi.net/madCodeHookDescription.htm

 

Has anybody tested if MBAE blocks the new flash exploit which is scheduled to be patched. This is the third one this week. First seen on dailymotion ad networks. Angler exploit kit is providing it.

 

It's not Angler, it's HanJuan EK.

Yes we've been detecting it in the wild since at least Dec 9th, a month and a half before it was "discovered" by Trend:
https://blog.malwarebytes.org/exploits-2/2015/02/hanjuan-ek-fires-third-flash-player-0day/

 

https://www.wilderssecurity.com/thre...oited-by-angler-ek.372594/page-2#post-2455781

 

Looks cool, but I still hope you will be able to make it compatible with SBIE. Surely the method that's used by HMPA can't be that different?

 

Do you have D+ running? That's what would be likely to conflict with it, not the firewall. And namely the part in D+ under "Execution Control Settings" > Detect shellcode injections. I get a feeling that conflicts with it. And I have no intention whatsoever of disabling it either, as I'm under the impression that doing so could render the whole product less effective. The whole "greater than the sum of it's parts" thing.

I've heard other people claim that MBAE did conflict with their CIS, hence my concern. I didn't just fabricate it out of nowhere, baselessly.

I'm willing to enter the line of code into SBIE 3.76 if I have to to force compatibility. But there's nothing I can do if it won't work with CIS 5.10. It it does I'm willing to pay for the paid version of MBAE.

 

The new version 1.05.1.1016 works nice with the new Comodo FW.

 

That doesn't address my concern(s) at all though. I need to know if it will work nicely with the old versions of Comodo (v 5.10, specifically). And that it will work with it with D+ enabled, and namely Execution Control enabled, along with the option at the bottom of that tab: "Detect shellcode injections (i.e. Buffer overflow protection).

That's what I need to be the case in order to use this product. Otherwise it's not an option for me.

 

The "new" or the "latest" version 1.05.1.1016?

-----------------------------------------------

 

On my Windows 7, I'm using Comodo 5.10 and the latest MBAE works fine with it. I'm running the same setup on my XP, Firefox won't open. I've added MBAE to the trusted files list in Comodo, but still nothing. Firefox only opens after I disable MBAE. Google Chrome opens up fine in XP though.

I'm not sure why Chrome would open and Firefox wouldn't.

 

Again..... (this is what we're failing to communicate here).... do you have Defense+ enabled and running though? And specifically the Execution Control... and really specifically the check box at the very bottom of that tab: "Detect shellcode injections (i.e. Buffer overflow protection)."

You keep sidestepping these things and they are of great importance to me.

 

No, it's not disabled..why can't you just try it?

 

Because I want to "try"/own the paid version, not the free, if it gets along with my setup. So the only way to try that will be to buy it, possibly only to find out that it doesn't work with my existing setup and was wasted $$$, which I can't afford to do these days. And Comodo 5.10 & SBIE 3.76 aren't going anywhere.

 

As of MBAE 1.05 you can choose to install a 15-day trial which is basically the same as Premium (for trial purposes).