pbust
-
Content Count
3,372 -
Joined
-
Last visited
Posts posted by pbust
-
-
Yes, this is correct and by design. We'll try to add it to the next build.
-
Thanks for the logs. Unfortunately they are incorrect. You've ZIP'ed C:\Program Files (x86)\Malwarebytes Anti-Exploit\ and the logs directory is C:\ProgramData\Malwarebytes Anti-Exploit\.
Try checking for logs from your other security software to see if anything is blocking Malwarebytes Anti-Exploit from running.
-
Please follow the fresh re-install procedure, including the reboots:
https://forums.malwarebytes.org/topic/171634-mbae-fresh-re-install-steps/
-
Thanks for the logs. Unfortunately I don't see anything out of the ordinary.
Have you tried running a few second opinion antivirus and anti-malware scanners to see if there might be some malware infection?
-
Even after closing Chrome (using the "x" on the upper right) the process chrome.exe stays running in the background. This is why the next time you "open" Chrome (you're not really opening it since it is already running) there is no new notification (since it is already running).
-
Yes, got them! Thanks!
-
Good finds!
-
Welcome to the forum.
Please post your MBAE and FRST logs. Instructions can be found in the "readme first" link in my signature.
-
Thanks!
Try doing a fresh re-install following the exact steps mentioned here. This will delete all your custom shields.
After the re-install, verify if the problem persists. If the problem does not persist, then add your custom shields one by one, checking for the problem after adding each one and running the new custom shielded application.
-
They are currently enabled by default.
But some users think they are too repetitive.
What do you think about disabling them by default in future builds?
-
Interesting!
Thanks for these details.
It probably has to do with the service startup timeout. With event logging there is more activity and this may cause the timeout threshold to trigger.
-
Yes, MBAE also protects against this exploit.
-
Yes, MBAE does not suffer from the same limitations of EMET. MBAE will protect you against these advanced techniques by Angler and other Exploit Kits.
-
Thanks for the details. We found a bug that may be causing this. We're working on a new 1.09 build. Please stand by.
-
Welcome to the forum Phrank.
This is certainly a new one, since we don't interact with Windows devices or drivers.
Can you please post your MBAE and FRST logs? Instructions can be found in the "readme first" link in my signature.
-
Please click on the "readme first" link in my signatures for instructions.
-
We recently released an auto-upgrade, so it is totally possible that it is related to the hot upgrade.
-
The first problem might be due to the installer being blocked by something else due to the low prevalence of this new installer. Try deleting the registry Run entry and re-installing to see if it gets created now.
As for the Palemoon/Winrar issue, can you please post or PM me your MBAE logs?
-
Hi @hake. It sounds as if the original install was somehow blocked by some other security software.
Try re-installing and monitoring your other programs for signs of blocked components during installation.
-
Can you please post your MBAE and FRST logs?
Thanks!
-
Hi!
Can you please post your MBAE and FRST logs?
Instructions in my signature.
-
Welcome to the forum. We fixed the mbae-test download link.
Please reboot the computers and try running the mbae-test program.
-
Thanks for reporting. We're looking into it.
-
Thanks John. We'll try to repro.
MBAE 1.09.1.1130 Winrar Shield removed during upgarde
in Anti-Exploit Beta
Posted
In this latest build we've added WinRAR and some others (WinZip, 7z, etc.) to the "internal shields". Internal shields are basically apps we hook into to help determine certain logic when applying the Layer3 application behavior detection techniques. So for ex if winword.exe launches cmd.exe which in turn launches wscript.exe, that's a clear giveaway of exploit-like behavior. We added Winrar and others as an internal shield as we've detected some ransomware exploiting application behaviors (i.e. social engineering, not real exploits) which we were not blocking before.