hake

Google Chrome and Mozilla Firefox are much livelier and more responsive than previously. MalwareBytes browser extensions seem to be win-win innovations. They do just what the authors claim that they can do. I use web browsers without the complications of associated applications so that might be why I have not had any problems to report.

I want to record one disappointment which is that Firefox 45.9 ESR will not install MalwareBytes Browser Extension. I cannot run a compatible Firefox because the processor in my XP system will not execute the SSE2 instructions. Oh well, that's life I suppose. Fortunately MBAE does run on a pre SSE2 processor so I mustn't be greedy.

It works beautifully. I don't need Ghostery now. It is excellent for the non-technical user for whom it is very suitable. If I find any snags I will report them but have not encountered any yet.

I expect that it hasn't escaped the notice of the MalwareBytes techs that MS Office Excel is now JavaScript enabled.

Thanks Pedro. I guess that it makes sense that if the delivery vehicle is signed then the package within is trustworthy. OSArmor took exception to the .tmp file not being signed. An exclusion rule was created to allow future instances to execute uninterrupted.

I refer to Sampei Nihira's posts on this WildersSecurity comments page: - https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/page-65

MBAE 1.12.1.67 corrects a possible FP for blocked hollowed process in Office 97and also Publisher 2000 which occurred with MBAE 1.12.1.58. Word 97 and then Publisher 2000 were pushing output to a printer when the assumed FP occurred.

MBAE 1.12.1.57 continues to work properly with Windows 7/Google Chrome and Windows XP batch files/cmd.exe.

After several false dawns, MBAE 1.12.1.48 has been installed and Google Chrome 65.0.3325.181 has been put through its paces without once triggering the issue. I made Google Chrome perform the procedures which seem to trigger the problem, especially changing the site isolation setting and then causing Google Chrome to relaunch. This particular procedure seemed to be especially effective at kicking the issue into life. The Google Chrome Strict Site Isolation feature is in full time use. I have noticed that Google Chrome seems no longer to start with a slight hesitation as was the case during the occurences of 'the issue'. This is obviously a subjective impression but to me it is just a little bit noticeable. The Windows XP batch/cmd.exe issue also seems to have been resolved on both affected systems. The MBAE advanced settings are once again all enabled, as is usual for me, except for the RET ROP Gadget detections.

After several false dawns, MBAE 1.12.1.48 has been installed and the Windows XP batch/cmd.exe issue has been resolved on both affected systems.

I have installed MBAE 1.12.1.43 and have not yet seen a repeat of the issues with Windows XP and the batch file/cmd issue or the Windows 7 and Google Chrome issue. This post was followed by disappointment because after becoming dormant for a short time following the installation of MBAE 1.12.1.43, the issue re-emerged.

I reverted to a clone copy of the Windows 7 on the Intel Pentium 4 Prescott equipped system. This copy was taken on 4 November 2017 and so predates the Microsoft Meltdown fix. I made sure that Google Chrome was at version 65.0.3325.162 and other software was also up to date but with no additional Microsoft updates. MBAE had been updated automatically to version 1.12.1.42. There was no issue with starting Google Chrome repeatedly. I then installed the Microsoft Security and Quality Rollup offered to me by Windows Update. On completing the installation and following the system restart I attempted to run Google Chrome and the issue was immediately apparent. This is clear evidence that the issue is triggered by the Windows security rollup which coincidentally includes the Meltdown fix.

Change to initial message: - The problem with MBAE 1.12.1.37 continues. BTW, this issue applies to both 32bit and 64bit versions of Google Chrome. To Tangerine, I would be happy to supply the MBAE 1.11.1.79 installer if this does not contravene Malwarebytes forum rules. Could someone in authority say something about this.

I keep previous version installers just in case.

I have two Windows 7 (64bit) systems. One runs with an AMD Sempron 3000+ (64bit) processor. Having this processor caused me a bricked system in January. I had just performed a disk clone so recovery was easy. Microsoft immediately withdrew the January rollup security update for this hardware and as far as I can tell there has been no Meltdown fix issued for this hardware since. The Issue I am reporting here has not affected this AMD powered computer and MBAE 1.12.1.37 runs without any problems and with no error messages from Google Chrome. The other Windows 7 system, the problem one, uses an Intel Pentium 4 Prescott 3.2Ghz twin core processor and this has received the Microsoft Meltdown fix. I noticed that Google Chrome had a problem when being started on this system which was when the error message box was displayed. I did not immediately associate the problem with the update of MBAE from 1.11.1.79 to 1.12.1.37 (which incidentally also caused a difficulty on Windows XP) though I was puzzled that it did not happen with the ancient AMD Sempron. MBAE 1.11.1.79 was reinstated on the Intel Prescott powered system and the issue vanished. QED: the issue is with MBAE 1.12.1.37. I am also surmising that the Microsoft Meltdown fix is relevant to the issue. I use MBAE like an organist plays an organ with all the stops pulled out. By that I mean that I enable as many of the advanced MBAE settings as I can. When using MBAE 1.12.1.37 I noticed that disabling Anti-HeapSraying Enforcement and ASLR BottomUp Enforcement for Chrome Browsers reduced the number of instances when the error message box appeared but did not eliminate them. Setting the advanced settings to default made no difference with MBAE 1.12.1.37. Please let m know what information you need me to provide to help you diagnose the issue. I wish that MBAE's Automatically upgrade to new versions setting could simply be put to better use in preventing version updates. All it does is to cause the user to be asked if he/she wants automatic updates and then it updates anyway. It's a pain to keep editing the HOSTS file to achieve and then reverse that effect.

I am experiencing a problem with Google Chrome (32bit) and MBAE 1.12.1.37 on Windows 7 (64bit). There seems to be no problem with MBAE 1.11.1.79. I will provide more details later. I attach a screenshot of a message or protest by Google Chrome.

Just a final comment on the issue. While MBAE 1.12.1.37 was installed, the issue did not always occur at startup. In the chaos of startup, timing probably matters so the intermittency suggests to me that any interference between two or more processes did not happen at every startup. Before and since MBAE 1.12.1.37 was installed and then uninstalled and replaced by MBAE 1.11.1.79, the issue with the behaviour of the .bat initiated cmd.exe process did not and does not occur at all.

Requested files sent by PM. Frustratingly the issue seems to happen only once or twice after the new MBAE beta 1.12.1.37 has been installed. I will persist with the use of this version and report any further occurences. I can confirm that on reinstating MBAE 1.11.1.79 after first observing the issue late last week that no further occurence of this issue arises.

I use Panda Dome with Windows XP. I use a .bat file which is run from a shortcut in a startup folder. The contents of the file are attached. The problem is that since MBAE 1.12.1.37 was installed, the DOS window that .bat runs in will not close. It did close with MBAE 1.11.1.79. The job of the .bat file is to delete Panda Dome temporary files from the Temp folder in C:\Windows. This untidy arrangement only applies to Windows XP. In later Windows versions the storage is managed invisibly. Apart from this annoyance, the new MBAE beta works in Windows XP and Windows 7 without raising any other issues. delete_Panda_temp_files.txt

This has been an occasional occurrence with MBAE for as long as I have known it. Sorry I cannot shed any light on it.

Works fine on my Windows 7 and XP systems. All Advanced settings ticked except for RET ROP Gadget Detections ticked only for Chrome browsers. Nothing untoward to report.

My initial impressions have been modified. Encouraged by those with greater knowledge than mine of OSArmor, I have One Windows 7 SP1 (64bit) system and one Windows XP SP3 system using OSArmor 1.4 (Test34 version). I select only applications which are in use for the Anti-Exploit facility. It appears that the modus operandi for OSArmor is different from MBAE. As the man who jumped off the top of the Empire State Building was heard to say as he passed the 70th floor, "So far, so good."

I have found that the enabling of the Anti-Exploit feature of OSArmor is incompatible with the parallel use of MBAE. System lockups can occur and also impairment of protected application performance. Simply disabling OSArmor's Anti-Exploit protection eliminates system lockups and protected applications run smoothly. The Main Protections of OSArmor seem not to affect MBAE and operate unobtrusively. I guess that they are beneficial to the security of the systems on which those protections are applied. I have read nothing untoward about NoVirusThanks or OSArmor.

Very helpful summary of problem here: https://blog.qualys.com/news/2018/01/18/meltdown-and-spectre-arent-business-as-usual#more-24270

I think that secure browsers will be fixing 90% of the problem since the prime vector of attack is surely the browser. I have used Ghostery for a long time and find that it stops advertising but am now also using AdblockerPlus as an additional defence from malvertising. I will be delighted if anti-malware specialists become able to reliably identify delivery vehicles of Meltdown/Spectre and even the signatures and behaviour of actual Meltdown/Spectre malware.