• Announcements

    • AdvancedSetup

      Support Alert - Hurricane Irma   09/08/2017

      Due to weather in the South East United States response times may be delayed. We appreciate your patience and understanding.  

hake

Honorary Members
  • Content count

    334
  • Joined

  • Last visited

About hake

  • Rank
    True Member

Profile Information

  • Location
    Wigan, England
  • Interests
    Rugby League, Cricket

Recent Profile Visitors

5,949 profile views
  1. (I had asked another question here for which I have since found the answer but cannot rescind the post. It might be a useful forum option to allow a poster to be able to do this.)
  2. Thank you exile360 for that informative and thoughtful response.
  3. What are the prospects for continued database updates for MBAM 2 please? There seems to be no more suitable category in the forum to place this particular question.
  4. DEP Bypass Protection

    OOPS! I invariably turn ON Bottom Up ASLR for Windows 7 systems and I guess that using it with Windows XP is better than not using it.
  5. DEP Bypass Protection

    Hi Kaine, Thank you for your response. I am trying to acquire a better understanding of how these techniques work without actually having to understand them. Your comments are most helpful in furthering my quest. I have only recently discovered Comodo Memory Firewall (only 9 years late which is pretty good for me). My poor old non-Nx equipped Athlon XP 3000+ processor powered Windows XP PC needs it for any semblance of buffer overflow protection. I have a notion that MBAE's DEP Bypass Protection might be beneficial even on this venerable system, reliant as it is on software buffer overflow protection. Comodo Memory Firewall is presumably better than nothing. I have read that Bottom Up ASLR increases randomisation of memory occupied by executables. This seems to matter a lot with Windows 7 but less so with Windows 8 and later. The default MBAE advanced settings do not include the switching on of Bottom Up ASLR except for one class of application and I wondered why the benefit of greater entropy of memory allocation was not the default. I invariably turn off Bottom Up ASLR for Windows 7 systems and I guess that using it with Windows XP is better than not using it. My understanding is that Bottom Up ASLR causes different base addresses to be used each time an application is started in Windows 7 which thus increases randomisation.
  6. Is MBAE's DEP Bypass Protection equivalent to 'return-to-libc buffer overflow protection'?
  7. Exploits Explained Whitepaper (by Sophos) I stumbled across this document which I found very helpful. It summarises the various types of exploits with a fairly simple explanation of each. Simple is good. The URL is https://community.sophos.com/products/intercept/m/cdabc438f8/9415
  8. Build 1.10.1.24

    Furthermore, when I uninstall Bit-Defender anti-ransomware tool on either Windows 7 or Windows XP, the Dynamic Anti-HeapSpraying Enforcement remains stably enabled. I don't yet use later versions of Windows.
  9. Build 1.10.1.24

    Possible explanation for the Dynamic Anti-Heap Spraying Enforcement issue:Bit-Defender anti-ransomware tool is installed on the affected systems.
  10. What is the difference between Dynamic Anti-HeapSpraying Enforcement and good old honest down to earth plain Anti-HeapSpraying Enforcement? I have noticed that a couple of Windows XP installations I am responsible for do not seem to support Dynamic Anti-HeapSpraying Enforcement. The Browser protection option becomes unticked in Advanced Settings -> Application Hardening ever time MBAE starts. The processors of those two systems coincidentally support SSE2 instructions. MBAE installed on Windows XP with no-SSE2 processors and Windows 7 installations seems to allow Dynamic Anti-HeapSpraying Enforcement. Possible explanation: Bit-Defender anti-ransomware tool is installed on the two affected Windows XP systems.
  11. Build 1.10.1.24

    MBAE 1.10.1.24 works fine. I have only one issue to raise which dates back to MBAE 1.09. When Advanced Settings -> Application Hardening -> Dynamic Anti-HeapSpraying Enforcement is enabled (non-Chrome web browsers) that setting only remains TRUE until MBAE stops running on certain systems. When it is started, the Advanced Settings 'tick' for Dynamic Anti-HeapSparing Enforcement has cleared on some systems. I cannot say any more as I have no evidence to present.
  12. Malwarebytes and Avast?

    I get this too. I am using MBAM Free 2.2.1.1043. My workaround is to uninstall Avast 17 in safe mode and then reinstall and load the most recent Avast config. Behaviour Shield is a sensitive soul and Avast 17 has caused more difficulties than any previous version I have experienced.
  13. Microsoft has created a danger by this standardisation on Defender anti-malware software which would enable the black hat hackers to concentrate on defeating one anti-malware product instead of many.
  14. Hello 1PW. Thank you for your trouble in replying to this and for what you have to say. I infer that BETA8 is still considered effective. The recent ransomware difficulties seem to have particularly affected users on internal networks and the Microsoft patches seem to have corrected issues with SMBs among other networking things. I deal with home users and so am exercised with the bad stuff from web sites and in emails. Since MBAE Premium is deployed and those computers are fully patched, I suppose that I should not be too tense about the possibility of ransomware. I look forward to being sufficiently confident to shift them over to MBAM3. The MalwareBytes heads-ups are very valuable information. My issues with distance is the distance that I have to drive when either of my wife's two sisters has a problem with her computer (this is known as The Homer Simpson Problem).
  15. "A new strain of ransomware, a Petya-esque variant being called Petya/NotPetya, is swiftly spreading across the globe today" Does the Beta8 AntiRansomware not provide protection? I have held back from installing the Premium Malwarebytes Antimalware because of problems with its behaviour, even with version 3.1.2, because I live a considerable distance from the affected computers. Is an update of the Beta version likely?