Jump to content

pbust

Staff
  • Content Count

    3,368
  • Joined

  • Last visited

Posts posted by pbust


  1. In our blog you can see plenty of examples of MBAE providing protection against sites which have been caught/known to be distributing malware through exploit kits. There's a lot of good reading there.

    https://blog.malwarebytes.com/category/threat-analysis/exploits-threat-analysis/

    In addition recently we started this page to show MBAE in action against interesting exploits:

    https://blog.malwarebytes.com/malwarebytes-anti-exploit-itw/

    Finally the Webinar and youtube videos and channel referenced by Ron are also a good resource.

     


  2. Welcome to the forum Drea.

    MBAE includes 4 layers of protection, from Layer0 to Layer3. Some detections happen in Layers0 or Layer1 which is very early in the attack chain, way before the malware payload is even delivered from the attacker to the machine. Some detections are Layer3, where we block the malware payload from executing on the machine. Only when there is a malware payload blocked by Layer3 can we add exclusions for these types of payloads.

     


  3. Welcome to the forum Waterdog!

    Does the problem persist if you reload the page? We've seen one minor issue sometimes during the first installation of Silverlight, but after reloading the page it is resolved.

    Also as Ron said, try disabling the MBAM Web Blocker during your tests to discard that as a potential source of blocking.


  4. In this latest build we've added WinRAR and some others (WinZip, 7z, etc.) to the "internal shields". Internal shields are basically apps we hook into to help determine certain logic when applying the Layer3 application behavior detection techniques. So for ex if winword.exe launches cmd.exe which in turn launches wscript.exe, that's a clear giveaway of exploit-like behavior. We added Winrar and others as an internal shield as we've detected some ransomware exploiting application behaviors (i.e. social engineering, not real exploits) which we were not blocking before.


  5. Thanks for the logs. Unfortunately they are incorrect. You've ZIP'ed C:\Program Files (x86)\Malwarebytes Anti-Exploit\ and the logs directory is C:\ProgramData\Malwarebytes Anti-Exploit\.

    Try checking for logs from your other security software to see if anything is blocking Malwarebytes Anti-Exploit from running.

     

     

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.