MBAE 1.08 Beta Preview

[mightaswell]

The beta 1.08 is now displaying balloon messages and reporting correct logs for Outlook 2013 and Chrome.

Initially Avast hardened mode- aggressive -reported the install file for mbae 1.08 as suspicious but added to exclusions so was then able to install okay. 

Thanks

 

 

 

[pbust]

Thanks for the logs @ky331 and @sman!

 

@sman, uncheck the RET ROP techniques for the Other profile under the Advanced settings to see if the problem persists.

 

@Tarnak, in your screenshot RET ROP is disabled. Do you mean that after a reboot Opera works even with RET ROP enabled?

[Tarnak]

Hi Pedro,

 

It was like that when I checked after the reboot....I did nothing to the setting! 

[pbust]

Hmm that's weird. Is anybody else experiencing the RET ROP settings becoming deactivated after a reboot?

[sman]

I think you are referring to 'RET ROP Gadget detection' and I unchecked for both 32 bit & 64 bit. The protection is fine now. Tks..

[casablancajoe]

Hello,

 

Thanks for the good work you and your team put in regarding Kaspersky 2016 and all the other bug and issue fixing you did.

 

I can use Firefox.

 

The beta is working fine, with no issues so far.

 

Hope you and your staff are well.

 

Regards,

 

Casablancajoe (Nicholas)   

[kangaroo319]

I was having a conflict with Kaspersky Internet Security 2016.

 

This Beta has fixed that.

No problems opening IE9, Chrome or Firefox.

 

Using Vista basic

[ky331]

Pedro asked "Hmm that's weird. Is anybody else experiencing the RET ROP settings becoming deactivated after a reboot?"

 

I don't know exactly when it happened, but yes, I noticed that:

all the REP ROP Gadget settings (both 32 and 64 bit)

the anti-heap spraying, and

the anti-exploit fingerprinting

were all spontaneously UNchecked on my Win7x64 Pro system.

After saving screenshots (attached), I restored to default settings and applied... and so far, they've been holding

 

 

EDIT:   I had DEactivated the IE shield on that system  --- Could that have somehow implemented these changes?

[pbust]

Replicated under Win7. Under Win8 didn't happen. Seems like a bug with the configuration.

 

Thanks for reporting. We'll take a closer look.

[Wilpower]

Nice work, kudos to you and your team.

This version has solved all  problem encountered with my OS's configuration and KTS 2016

[1PW]

Hello All:

 

MBAE 1.08.1.1016 was installed over-the-top of MBAE 1.07.1.1015 Premium installs in the following two systems:

 

1.) MBAE Version 1.08.1.1016 Premium is working fine with a XP Home x86 SP3 test bed system running Microsoft Office XP (2002) where the only MBAE exclusion necessary is for Microsoft Office Excel (10.0.6871.0) 2002 (32bit) and I too needed to UNtick MBAE GUI > Settings > Advanced settings > OS Bypass Protection > MS Office/RET ROP Gadget detection (32bit) to allow Excel 2002 to launch without error. Neither M.S. Word 2002, nor M.S. Powerpoint 2002 required any additional exclusions.

 

EDIT: As expected, through the reports of others, Opera's 12.17.1863.0 32bit browser also required a similar exclusion under Chrome Browsers.

 

2.) On a Windows 10 Pro x64 system with Microsoft Office 2010, the M.S. Office applications seem to be launching/running trouble free without exclusions/changes to MBAE 1.08.1.1016 Premium so far.

 

Thank you to all.

Edited September 8, 2015 by 1PW

[cutting_edgetech]

I just upgraded from build 1.07.1.1015 to beta 1.08.1.1016 on Windows 7X64 Ultimate. I will report back if I discover any issues.

[pbust]

Thanks for reporting guys!

 

@1PW, can you send me your MBAE logs to verify that the block of Excel in your XP is the same as others? I want to make sure we don't miss anything while fixing this.

[cutting_edgetech]

All RET ROP Gadget Detection mitigations are unchecked for 32bit, and 64bit applicatons. I'm using Windows 7X64 Ultimate. I know this has arleady been confirmed, but I thought I would report it in case you need to look at my log files.  Do you need to see my logs?

[pbust]

@cutting_edgetech, the problem with RET ROP seems to be under XP only for now. So no need to disable it in your Win7. Only need logs if you get an FP.

 

Thanks!

[cutting_edgetech]

RET ROP were all unchecked on my Windows 7X64 machine. I did not uncheck them. I noticed they were all unchecked after I rebooted. Do you need any logs?

[pbust]

Yes, that's a different issue (disabled new techniques after reboot). Go to Advanced settings and click "Restore defaults". This should restore and keep them that way.

 

We're working on a new beta build that fixes the above issues.

[cutting_edgetech]

Ok, thanks! I will pm you a link to the logs.

[cutting_edgetech]

Which files do you need from the programdata folder? I can't remember which ones you need.

[cutting_edgetech]

When I clicked on restore default I think a check was added for Dynamic Anti-Heapspraying for Browsers. I cant be sure, but I think I saw at least one check added when I clicked on restore default. I can't be positive which mitigation the check was added for, but I had the application hardening tab open when I saw the check added.

[pbust]

Defaults should look like this:

 

 

 

[hake]

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

[pbust]

Yes would be interesting to know which version triggers it. Upon initial attempt to repro it didn't trigger with the latest Opera.

[Tarnak]

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

Yes would be interesting to know which version triggers it. Upon initial attempt to repro it didn't trigger with the latest Opera.

It was Opera 12.15...so, old Opera. Hope that helps.

[sstick]

Latest cum. update Kb3081455 to WIn 10 installed today. No impact on MBAE and wrkg fine..