Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral


About pbust

  • Rank

Profile Information

  • Location

Recent Profile Visitors

113,870 profile views
  1. Unfortunately this is a hard block for the time being. The anti-exploit component prevents any automated execution of scripting apps from Internet-facing applications. If you save the script to disk and execute it from a command line with a non-browser and non-mailclient parent process, it will be allowed to execute. We are evaluating some future enhancements to the anti-exploit component to allow more granularity around allowed/blocked dangerous actions.
  2. It is actually XP that starts unreliably and sometimes it takes longer than others, triggering the MBAE service timeout. If you really want to run the latest, try switching the MBAE service to Manual, and then creating a batch script that runs at boot, sleeps for a few minutes, then starts the MBAE service and then runs the mbae UI executable.
  3. Yes, a few years ago we added the most common and popular email clients as default internal shields for blocking malicious attachments.
  4. You're correct. This is mostly designed for corporate environments.
  5. Hey hake, long time no talk. Hope you're doing ok. Pen-testing is a legitimate activity when done correctly. Some pen-testing tactics mimic malware activity and some don't. We've basically created this option for people who want to detect pen-testing activity even if it is not found in-the-wild in malware attacks.
  6. Hi hake. You can cancel the subscription and continue using the perpetual standalone beta for consumers which is basically the same functionality.
  7. Arthi is on vacation, trying to cover for her. Try this link instead: https://malwarebytes.box.com/s/qmsnivh3l0gy795g6a1lizqsfwfqjxsy
  8. Hi hake, long time no speak. Glad to see you're still around keeping an eye on MBAE! Yes, the team is still very active and introducing lots of improvements into MBAE on a regular basis. Thanks to you and all other testers for helping us keep MBAE effective and evolving over time!
  9. Try disabling the LoadLibrary protection for Browsers under the Anti-Exploit Advanced Settings -> Application Behavior protection.
  10. pbust

    mbae-test tool

    Because by default MBAE shields certain popular apps (browsers, office, java, pdfreaders, etc.). You need to add hmpalert64-test.exe as a custom shield so it gets protected by MBAE before running the test.
  11. pbust

    mbae-test tool

    MBAE-TEST.EXE simulates exploit behavior like executing from the Heap, ROP gadgets, etc., but it is not weaponized and instead simply pops open the Windows Calculator. But it does trigger exploit behavior to see if the installed protection has real exploit mitigations in place or not. The reason that most AVs don't detect MBAE-TEST.EXE is because either (a) they don't want to detect it with signatures as it would make it obvious that they don't have any modern exploit mitigation technology in their product, or (b) they don't have any modern exploit mitigation technology in their products.
  12. Thanks for bringing this to our attention! While we hate driver/registry optimizers and crapware bundlers just as much as anybody else, and are glad that Microsoft finally caught up to our aggressive stance against them, one important distinction is that in this case Avast Free is not preventing you from updating drivers without paying, and it is not using outdated drivers as scare tactics to dupe users into purchasing. Also, the bundled software is Google Toolbar and not some other scammy toolbar (although many people would argue that ALL toolbars are crapware). We have not shied aw
  13. Adobe released updates yesterday to fix a bunch of vulnerabilities. Could be a case of path Monday vs exploit Tuesday. Please share MBAE logs and we'll be able to assist you.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.