[MBAE blocked exploit code. Nothing shows up on log]

It seems the malvertising in this case loaded from smart-ads.gr which in turn was loaded by enikos.gr or (less likely) frontpages.gr.

 

MBAE blocked the malvertising exploit from executing so you are safe.

[Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit Process will Be Terminated]

Welcome to the forum gaia.

 

Reboot and login as administrator. Then please follow the steps outlined here:

https://forums.malwarebytes.org/index.php?/topic/171634-anti-exploit-not-started-under-windows-10/

[MBAE blocked exploit code. Nothing shows up on log]

Welcome to the forum dirla.

 

It looks like a valid detection of an OS security bypass attempt (ROP gadget detected).

 

You probably encountered some malvertising while navigating a normal site. There is a lot of that going around nowadays. You can learn more about it in our blog:

https://blog.malwarebytes.org/category/malvertising-2/

[Disable Stop Protection]

Hi Scoutt,

 

there's a few answers to your question:

 

1- The user can only stop protection if they are an admin user. If they are running as a limited user account (LUA) they cannot stop it.

2- If you deploy MBAE from the Malwarebytes Management Console, even if the user stops MBAE, the Management Server will overrule it and turn it back on.

3- Yes we are working on adding more protection so that even admin users on the endpoint cannot stop it.

[Downloaded Installation Zip File]

Hi Boyd,

 

Which model do you need?:

 

1- Install a Malwarebytes Server and deploy to all your machines through a centralized management console.

2- Just install on the Windows Server 2012 R2 to protect it (and maybe some other business computers).

 

(1) is recommended if you have more than 10 or 20 PCs and you want to manage them from a central console.

(2) is recommended if you have less than 10/20 machines and you don't mind installing on each manually one-by-one.

 

If you want to do (2), simply open the ZIP, go to the "Standalone" subdirectory and run the mbae-setup-1.08.2.1045.exe file. It will ask you for your license key during installation.

[Agnitum Outpost Web Control unnecessary with Anti-Exploit?]

You are correct hake, no need for old-school methods like these. With MBAE you don't need to worry about allowing active content.

[Selected threat does not contain a valid payload checksum]

Hi Webbie1,

 

please provide MBAE logs and we'll be able to troubleshoot further. Instructions can be found in my signature.

 

Thanks!

[Conflict ESET 9, Firefox and Anti-Exploit]

We were able to replicate this problem.

 

We are working on a fix.

 

Thanks for reporting!

[False Positive: Turbo.net running Google Chrome]

Turbo.net launcher is disabling the Chrome sandbox. This is insecure and not recommended.

[Cisco Advanced Malware Protection (AMP)]

AMP basically waits for the file to be known at VirusTotal and scanned by 50+ scanners before AMP can detect it.

 

Malwarebytes is the company proactively discovering the zero-days with an actual Research lab manned by reverse engineers and sending zero-minute malware to VirusTotal so that "VirusTotal query scanners" like AMP can catch up to us and don't lag too far behind.

 

Also AMP does not include any proactive technologies like Anti-Exploit or Anti-Ransomware.

 

If I had to rank AMP with all the endpoint products on the market, it would be towards the end next to ClamAV and other similar ones like that.

[MAEB turned Off]

Sorry scoutt, been out for a while. Can we try again early next week?

[MWB_BR tool - Licensing]

Hi CeeMcGee,

 

You might want to contact us directly instead of CDW if you want a more expedited approach:

https://www.malwarebytes.org/business/breachremediation/

 

Thanks!

[How to protect 'Safezone' browser?]

Moving this to Questions sub-forum since it's not supported by default.

[VLC update triggering behavior block by MBAE]

It's an update that is applied automatically to all users. No fresh build needed.

[Does it work?]

Then you probably have system tray notifications disabled in general.

[Validity of License Key]

Hello and welcome to the forum.

 

Currently MBAE does not have this feature. We are working on it.

 

In the meantime you can check for your purchase confirmation email to see the validity of your license, or contact our Customer Service department to have someone look it up.

[VLC update triggering behavior block by MBAE]

Thanks for reporting @sman. Fixed by whitelisting the VLC upgrade.

[Locky Ransomware]

MBAE Free does not protect Word, only MBAE Premium.

[Does it work?]

It might be that Chrome.exe is already running in the background after you close the visible window. So after running it again you don't see the notification since it was already running and protected by MBAE. Test with other applications like Word, Acrobat, etc. to see if you see the notifications.

[Malwarebytes Anti-Exploit blocking "Office Tab"]

Hi Michael. Can you please attach your FRST logs?

 

Thanks!

[Locky Ransomware]

This is prevented by MBAE Premium only.

The Office, PDF and other shields are only available in Premium.

[[SOLVED] 3 1/2 months of dated logs have been replaced with 1601-01-01 logs]

Anytime!

 

I will close this thread as solved but feel free to create a new thread whenever you need.

[[SOLVED] 3 1/2 months of dated logs have been replaced with 1601-01-01 logs]

Everything seems in order. Maybe due to some corruption of the data file.

 

Simply click the clear logs option in the UI and let me know if it happens again.

 

Thanks!

[Protection not active at startup]

Beta5 solves this. Download and install beta5 from the forum announcement and reboot.

[[SOLVED] 3 1/2 months of dated logs have been replaced with 1601-01-01 logs]

Welcome to the forum. This is weird. Probably due to a missed version upgrade as MBAE only keeps/upgrades the data format for one version prior to the last.

 

I think you forgot to attach the MBAE logs. Can you please try it again?

 

Thanks!