Malwarebytes bought Zerovulnerabilitylabs

Attaching a screen shot of the iNotes alert, nothing showing under the LOGS tab (and so the EXCLUDE button is still greyed-out).

 

Okay, more details on slowness/crashing:

With IE10 open/running on a Win7 system (both 32-bit as well as 64-bit), hitting MBAE's STOP PROTECTION button is very sluggish: indeed, sometimes MBAE is actually "not responding" for several seconds.

On 3 of 4 machines I tested, such stopping caused IE to crash (sometimes the crash was "immediate", while other times the crash was delayed until I later closed IE). [I don't know what was different on the 4th system, that appeared more stable].

This was the case regardless of whether or not EMET was installed on the system. Without EMET, the fault was pinned to MBAE's dll; with EMET installed, apparently the fault can be "passed-through" to blame EMET's dll (32 or 64).

I have not testing stopping MBAE while other protected programs are open.

I don't know how often, if at all, people will be starting/stopping protection in the middle of their work, but since the button/option is available, I feel you need to look into this issue.

 

OS version: Windows 7 SP1
Architecture: 64
OS language: English
MS Office version: Office Professional Plus 2010 x32
MS Office SP: not sure if there's a SP but all updates applied
MS Office language: English
Other security software: Avast Free, EMet 4.0 Final, WSA SecureAnyWhere and MBAE

As mentioned I have the Dymo Label software 8.5.1751 installed and the add-in was causing the Exploit message in Excel and Word, once disabled, no more problems with MBAE.

 

This is a known issue of the hooking framework (issue #3):
http://forums.malwarebytes.org/index.php?showtopic=128122

 

Awesome. I posted above you.

How do I redeem?


Thanks,

-ftp


.

 

I know that MBAM Pro had similar functionality already; is that MBAE, or would it still be worth installing MBAE while using MBAM Pro?

ZVL was also to offer licenses to active beta testers once the beta is over; will this still be the case?

 

Yes, I will provide licenses to all active beta testers, including people on this and other threads providing feedback on Malwarebytes Anti-Exploit.

No point on asking for the license now as the product is still in beta. As soon as it goes 1.0 I'll post instructions on how to collect your license.

 

Sweet! It is working fine in my setup. During the weekend I restored a fresh Windows image, and now MBAE isn't blocking IE10 like it used to? Not sure why but that's good.

 

Shielded Applications still in minus figures I see. -2 atm. Was -7 earlier today.

 

Like I said previously, that's very generous of you guys to do

HaHa, Don't forget about me

 

Locate the mbae.exe file inside %ProgramFiles%\Malwarebytes Anti-Exploit and look at the EXE properties. Is it version 0.9.2.1000 or 0.9.2.1200?

If its not the latest (.1200) then please follow these steps to upgrade:
http://forums.malwarebytes.org/index.php?showtopic=128145

 

I wonder if anyone else has encountered (and reported) this:

On an XP system with only 1 GB RAM, after installing MBAE, it seemed to induce a "memory leak" in my browsers, both IE and FF, so that they were continually increasing in size, "eating" all the RAM, and ultimately expanding into the SWAP file... to the point that browsing became so slow as to be useless.

Upon UNinstalling MBAE, my system became viable again. Is there a real connection/problem here [which needs to be fixed], or was my experience a fluke

 

Never saw this happen before. What architecture (32/64), what other security software is installed and what add-ons & components do you have installed in IE and FF?

 

Windows XP Pro SP3 (32-bit), avast! V8.0.1489 Free including its Online Security Plug-in [WebRep], MBAM Pro, Windows Firewall, EMET 2.1, OpenDNS Family Shield, IE8 & Firefox22 (both using WOT; KeyScrambler 2.9.3 in IE), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner only), Secunia PSI (scanner only) [and Sandboxie 4.0.2, which I wasn't testing]

P.S. MC-Shield (My City)

 

Can you try completely disabling EMET and Sandboxie and trying again to see if the problem persists?

 

Since nobody is answering my previous question, can somebody provide a way for me to test if this is working or not? I take full responsibility for what happens to my system, so you can PM me malicious links.

 

Your last post was about the traybar icon disappearing. Check the .LOG in the program installation directory. It is not locked so you can delete it at anytime. After you replicate the icon disappearing, delete the log, check that the mbae.exe/mbae64.exe process is running and then open a bunch of apps (browsers, Adobe, Java, Word, Excel, WMP, etc.) and finally check the new .LOG. Is anything showing up in there?

PS: don't know what MWB's policy on PM'ing exploit URLs is. I'll have to ask before sending you any. But in the meantime I recommend you check MDL or urlquery.net for up-to-date exploit URLs.

 

Trusteer has just notified me that they are working in white-listing MBAE again.

 

Just to update this I had to restore an image. I then reloaded all the previous security s/w including anti exploit and cannot now get the fault with A/E to repeat. But at the time it was definitely only happening when A/E was installed.

The reason for going back to another image was that I thought that I had a virus, but in the end it was traced down to Sandboxie 4.02 giving problems.

Sorry that I cannot further this problem. I think I have kept the image with the problem so could restore that if it helps.

 

Nice, thanks!!

 

Now that you are part of the Malwarebytes team, you should probably go with the recognized term "MBAM" rather than "MWB."

 

If I'm not mistaken MBAM refers to the product "Malwarebytes Anti-Malware" while MWB refers to the company, "Malwarebytes".

 

You are indeed correct. Using the .1000 version. Thank you for your help.

 

Should Anti Exploit update the applications under the Shields tab?

I have used K Melon Browser, PDF Exchange Viewer and neither have been added.

 

No, for now that list is maintained by us and hard-coded into MBAE. In the future we might add more application shields based on criteria of widespread use and exploits found ITW attacking the application.