Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,875
    Please read/look at recent posts...The version is mentioned!
     
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Based on this it seems its 1.07.1.1007 which was a beta. Try upgrading to the latest and it should be fixed.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,875
    See this
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,435
    Location:
    The Netherlands
    To be honest, I don't think it's a good idea to protect SBIE with exploit mitigations, in theory it might make SBIE malfunction. To clarify, I had some problems with the SBIE + HMPA combo, so that's why I'm mentioning this.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,435
    Location:
    The Netherlands
    BTW, I still don't understand everything. Let's say that you managed to exploit the browser or document reader with kernel exploit. Will the payload always run with high or system privileges? And will the payload load as a child process of the exploited parent process?
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Hmm this is weird. It should not be happening. Maybe its a bug or in a loop. Did you have a detection recently? Can you PM me your logs dir to see what's happening?
     
  7. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Does the MB website have a section for comparing hash values for SHA-1 and MD5?
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Not that I know of.
    What are you trying to achieve exactly?
     
  9. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Just wanted to check if the file hashes provided by the Cloud file match the one I received is all, ... no biggie. Seen some forum regulars here and elsewhere use it as a testing platform for checking MitM (man in the middle) stuff.
     
  10. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Not sure why you're uninstalling before putting new versions over the top, but a simple solution is to use PatchMyPC:
    https://patchmypc.net/

    PatchMyPC includes MBAE as one of the programs it can update. You could set it to only update MBAE, on a daily schedule. The options are pretty simple to understand and worth looking through to get the most out of it.
     
  11. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,291
    it seems suddenly malwarebyte anti-exploit intefered with firefox? Suddenly it blocks it form opening an pops a exploit message? A few minutes ago was doing ok. This is a clean and nothing changed. SO some how some compatibility issue maybe? In the warning it says firefox.exe is expolit. lmao.
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Can you post or PM me the MBAE logs?
     
  13. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    any new about the error : Couldn't load XPCOM in firefox with Kaspersky internet security 2016
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,875
    See my e-mail, sent a short time ago.
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Its in our QA's queue. Has anybody else experienced this?
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    OK replicated. Will take a look at it next.
     
  17. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,291
    how can I send the log of anti-exploit. Here is what the log says:
     

    Attached Files:

  18. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,489
  20. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    Thanks for the suggestion. I'll take a look at the software. I had trouble upgrading from an earlier version of MBAE and I did a clean install. Just done it ever since. It's been pointed out that I can install over my current version, so I'll just do that going forward :thumb:.
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    There is still a known bug in MBAE which, during an upgrade and under rare conditions, fails to upgrade correctly and results in a "reboot to complete" message. After the reboot the MBAE service is gone and you get an error saying "MBAE protection not started".

    This bug is basically the service failing to delete itself during an upgrade due to something (procexp, backup service, etc) having an open handle to the Service Control Manager (SCM). For MBAE 1.08 we're introducing code to detect this state and automatically recover from failed upgrades after the reboot.

    The solution when this bug is encountered is a fresh re-install, which consists of the following steps:
    1- Close all apps
    2- Uninstall MBAE from Control Panel
    3- Delete the logs dir (C:\ProgramData\Malwarebytes Anti-Exploit)
    4- Reboot
    5- Download the latest version and install

    I wanted to explain this as we're about to release the auto-upgrade to 1.07 build 1015 on Monday. Now you are aware of the bug in the rare case that you or your users encounter this.
     
  22. haakon

    haakon Guest

    Monday? 1015 is what one gets when clicking the green Get My Free Download button on the Web site as of yesterday when I checked, and installed it.

    Anyhow, the "reboot to complete" did happen to me when I updated from 1011 to 1014, but upon the failed restart, running the 1014 installer again did OK.

    The 1014 to 1015 needed the uninstall/reinstall but I didn't delete the logs directory (because all this happened before your #2371 post). The upside is having not deleted that directory, all my settings and shields were preserved.

    Speaking of introducing code...
    •The shielded apps counter needs re-introducing.
    •There needs to be code for a settings and shields export/import feature for the Premium users.

    Thanks!
     
  23. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    I always experienced this problem, and the quickest method to resolve this is, once you get the "reboot to complete" message, do not reboot, rather install the application again on top and this time mbae protection will start. So essentially you will be running the installer twice to complete the upgrade process.
     
  24. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,245
    Location:
    Québec, Canada
    I had that problem once, but since then, when I install a new version (always on top of the previous one), I simply stop MBAE's protection, and when the install is finished, I reenable it.
    Never had that problem again since then.
     
  25. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    156
    I got the "reboot to complete" prompt on my 8.1 tablet (from x.1010), which surprised me. I rebooted. I don't recall having a problem with the service not starting... I believe it did.

    But at some point, it seemed that I wasn't getting the popup-balloon message that IE was protected. With the shield counter now gone, there was no confirmation there. So I decided to turn on the log-events-file option. And sure enough, IE was not showing up there either. I don't have Process Explorer on this tablet, so I wasn't able to check out whether MBAE was being injected into IE despite MBAE not acknowledging it.

    I reinstalled x.1015 over itself, and [as best as I recall] the same thing happened. So I've reverted back to x.1010, which seems to be working as it had. Although I must admit, even here, I think that IE's protection may have shut off once or twice (the lock-icon was showing as open)... and while it's possible that my "clunky fingers" might have accidentally clicked on something on this tiny 7-inch tablet, I don't believe I did. Has anyone else ever encountered/reported this: IE's protection getting disabled "on its own" in x.1010? Or it not working/acknowledged at all in x.1015??
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.