Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. LimboSlam

    LimboSlam Registered Member

    Joined:
    Jul 26, 2015
    Posts:
    21
    Location:
    USA
    Hey could you do an example of Pale Moon blocking an exploit in your blog when the next exploit hits that pertains to Firefox (if that's possible)? This would be great! And I think some of the other Pale Moon users would like to see this too happen. :)
     
    Last edited: Aug 1, 2015
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,105
    TOR uses a modified 31.8 ESR (outdated) firefox code and PaleMoon uses another (not by mozilla maintained) gecko fork and do not contain latest features or security patches. so i call it by default vulnerable either x64 or not. thats also reason why some extension are not functional.
     
  3. LimboSlam

    LimboSlam Registered Member

    Joined:
    Jul 26, 2015
    Posts:
    21
    Location:
    USA
    Yes that's partly true about us not containing certain code patches that only relates to the newly Firefox and it's features. But the other half is not because "Pale Moon is not Firefox, and will never be again." So let me quote you somethings that will clear those up, ok. :)


    "......If our code isn't vulnerable, then there is also no reason to add (unnecessary) extra checking code to work around a non-existing problem (current vulnerabilities in Firefox)...... So we neither can nor are obligated to apply all patches that exist for a different product. In fact, blindly doing so may break our product with a relatively high degree of certainty in quite a few cases......."

    "In Pale Moon 25, the GUID was changed to reflect the continuing divergence between the browser and its sibling. Most of the time a modification to chrome.manifest or bootstrap.js to add/change the hard-coded GUID is a simple solution to issues with add-ons. This will be done for many of the most used add-ons where a developer has chosen not to support Pale Moon or the add-on has been abandoned. Creating a pseudo-static version of the add-on as a Pale Moon specific one."

    "In Firefox 29, Mozilla adopted a nearly completely rewritten user interface and theme as well as some technologies that Pale Moon has chosen not to implement. Add-ons targeting these features without fall-backs to the more time-tested and more commonly used features in all Mozilla-based programs will not be supported."

    Well I hope this is bit more clearer. If you and anyone else want to know more, by all means look through our forums and homepage for the info, which can found here, here, here and here. You can also privately message us if it does not relate to the public info already given.
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,105
    thx - i know all that text, i was a voluntary firefox supporter but i still read support forums.
     
  5. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    597
    Location:
    UK
    This isn't good. How can I tell if MBAE (Free) is protecting firefox? I tried looking with process explorer but don't know what to look for.
     
  6. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    It's really simple, click on the Firefox process and look for mbae.dll in the tab below. If it is there everything is ok.
     
  7. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Could MBAE check for Chrome and if it isn't found it would display the list rather than forcing someone to go looking inside all the processes for mbae.dll?
     
  8. haakon

    haakon Guest

    Just open Find from the main menu and type in mbae.dll and again mbae64.dll if you're shielding 64 bit apps. That'll list all the stuff where MBAE is injected.
    procexplmbae.jpg
    It's a pane, not a tab, and simple only if under View in the main menu one has "Show Lower Pane" checked and in "Lower Pane View" DLLs is checked. I think I remember those are not selected by default.
    :thumb:
     
  9. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    597
    Location:
    UK
    Thanks for the information on using Process Explorer.
     
  10. Does MBAE allready covers Edge?
     
  11. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Not yet, but you can add Edge manually
     
  12. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    Microsoft Edge. I've added this browser to MBAE and it works just fine.can someone tell me how to shield edge.i have tryed not working.or i am doing something wrong...
     
  13. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Add both:
    Code:
    C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
     
  14. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    982
    Does MBAE cover the plugin container in FF? Or is there a need to protect it?
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    FF's plugin-container.exe is automatically shielded by MBAE. No need to add a shield for it.
     
  16. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    982
  17. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    thank's WildByDesign.that worked.cheers
     
  18. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I purchased a copy of Malwarebytes Pro several years ago and I used to be able to install the Anti-Exploit from the Malwarebytes site. However, after I did a Windows 8.1 'Refresh' several months ago, I now get a message from Malwarebytes that my current Malwarebytes program(Pro) is not compatible with the Anti-Exploit program. o_O
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Hi RCGuy, can you please post a screenshot of that message.
     
  20. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    401
    Does MBAE makes a diference between Opera Presto (v12) and chrome based Opera (v31)? Do we need a custom shield for Opera Presto or ... ? I ask, because both are opera.exe.
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    MBAE defaults to the ChromeBrowser family for Opera. If you are using v12 or earlier, you can simply go to Advanced Settings -> Application Hardening and enable the Anti-HeapSpraying Enforcement for the ChromeBrowser family.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,397
    Location:
    The Netherlands
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Interesting concept. Would be nice to see if it works under 64bit OS.
     
  24. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    401
    Good to know, thank you.
     
  25. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.