MBAE Self-Defense in Anti-Exploit Beta Posted February 19, 2014 Under the active development and great customer support offered by Pedro and Malwarebytes, MBAE is going to be the number one Anti-Exploit Application available in the very soon future. Therefore, it itself is going to be the target of attacks! Such as modification/elimination of MBAE files (including program files and logs files directory), tampering with its registry keys and termination of MBAE processes. Are there any self-defense mechanisms already implemented into protecting MBAE? Such as Malwarebytes Chameleon which is implemented as a self-protection module in MBAM 2 Beta. Are there any (further) plans for future self-protection techniques? I can see that with alpha version 0.10.0.0200, you introduced a new architecture which runs MBAE as a Windows Service. This made "mbae.exe" process to run with limited rights and therefore less exposure. The situation was different during the whole beta phase in which mbae.exe process was fully elevated. I was playing with MBAE service "MbaeSvc" which is running under LocalSystem account and tried to change its account type and run it under LocalService account which has a lower level of privileges than the previous one and consequently reducing the surface attack of Mlwarebytes Anti-Exploit! Naively "MbaeSvc" failed to launch! Also, with this new architecture non-admin users can not stop protection of MBAE nor they can manage exclusions of MBAE's excluded list, which are in my opinion very good additions. Currently, I am protecting both "mbae-svc.exe" and "mbae.exe" processes with EMET 4.1!They are configured with ALL EMET mitigations enabled.