hake

Is MBAE's DEP Bypass Protection equivalent to 'return-to-libc buffer overflow protection'?

Exploits Explained Whitepaper (by Sophos) I stumbled across this document which I found very helpful. It summarises the various types of exploits with a fairly simple explanation of each. Simple is good. The URL is https://community.sophos.com/products/intercept/m/cdabc438f8/9415

Furthermore, when I uninstall Bit-Defender anti-ransomware tool on either Windows 7 or Windows XP, the Dynamic Anti-HeapSpraying Enforcement remains stably enabled. I don't yet use later versions of Windows.

Possible explanation for the Dynamic Anti-Heap Spraying Enforcement issue:Bit-Defender anti-ransomware tool is installed on the affected systems.

What is the difference between Dynamic Anti-HeapSpraying Enforcement and good old honest down to earth plain Anti-HeapSpraying Enforcement? I have noticed that a couple of Windows XP installations I am responsible for do not seem to support Dynamic Anti-HeapSpraying Enforcement. The Browser protection option becomes unticked in Advanced Settings -> Application Hardening ever time MBAE starts. The processors of those two systems coincidentally support SSE2 instructions. MBAE installed on Windows XP with no-SSE2 processors and Windows 7 installations seems to allow Dynamic Anti-HeapSpraying Enforcement. Possible explanation: Bit-Defender anti-ransomware tool is installed on the two affected Windows XP systems.

MBAE 1.10.1.24 works fine. I have only one issue to raise which dates back to MBAE 1.09. When Advanced Settings -> Application Hardening -> Dynamic Anti-HeapSpraying Enforcement is enabled (non-Chrome web browsers) that setting only remains TRUE until MBAE stops running on certain systems. When it is started, the Advanced Settings 'tick' for Dynamic Anti-HeapSparing Enforcement has cleared on some systems. I cannot say any more as I have no evidence to present.

I get this too. I am using MBAM Free 2.2.1.1043. My workaround is to uninstall Avast 17 in safe mode and then reinstall and load the most recent Avast config. Behaviour Shield is a sensitive soul and Avast 17 has caused more difficulties than any previous version I have experienced.

Microsoft has created a danger by this standardisation on Defender anti-malware software which would enable the black hat hackers to concentrate on defeating one anti-malware product instead of many.

Hello 1PW. Thank you for your trouble in replying to this and for what you have to say. I infer that BETA8 is still considered effective. The recent ransomware difficulties seem to have particularly affected users on internal networks and the Microsoft patches seem to have corrected issues with SMBs among other networking things. I deal with home users and so am exercised with the bad stuff from web sites and in emails. Since MBAE Premium is deployed and those computers are fully patched, I suppose that I should not be too tense about the possibility of ransomware. I look forward to being sufficiently confident to shift them over to MBAM3. The MalwareBytes heads-ups are very valuable information. My issues with distance is the distance that I have to drive when either of my wife's two sisters has a problem with her computer (this is known as The Homer Simpson Problem).

"A new strain of ransomware, a Petya-esque variant being called Petya/NotPetya, is swiftly spreading across the globe today" Does the Beta8 AntiRansomware not provide protection? I have held back from installing the Premium Malwarebytes Antimalware because of problems with its behaviour, even with version 3.1.2, because I live a considerable distance from the affected computers. Is an update of the Beta version likely?

Thank you for the reassurance. I look after several people's PCs and rely on MalwareBytes for a quiet life.

Read more here at adgholas malvertising campaign commentary Avoidance of malvertising seems to be sensible and some advocate using ad blockers. Does MBAE provide useful protection in the context of the AdGholas Malvertising Campaign?

That would be what I would expect if the installed MBAE was the Premium version but the MBAE version that was installed was the Free MBAE. The MBAM 3.2.1 installer obviously has not been able to make the distinction between MBAE Premium and MBAE Free. I seem to remember that installing MBAM 3.0.6 Free caused no such problem with MBAE Free.

I installed MBAM 3.1.2 Free over MBAM 3.06 Free on a Windows 7 (64bit) system. MBAE 1.09.1.1403 Free was effectively uninstalled (it vanished from the service list) and so needed to reinstalled. MBAM and MBAE are now both working as they should be.

I needed the link when I was attending on a friend's Windows 8.1 system. MBAE 1.09.1.1334 had not auto-updated (???) and I wanted to manually install what I believed to be the most recent stable release but had left my memory stick at home.

The download link for what seems to be the most recent 'stable', i.e. non-experimental release of MBAE, version 1.09.1.1384, has disappeared from your list of MBAE downloads.

I am very sorry Pedro. Of course it is a false positive. I would not expect Malwarebytes to release anything which was not of the highest standard of repute. I simply thought that you guys might wish to be aware that 'something' had triggered a false positive.

On scanning mbae-setup-1.09.1.1346.exe , Avast reports "Error: Exception in macro viruses code. (42102)". I thought you would wish know about it.

I am also finding that excluding mbae-svc.exe in AV configurations seems to promote more reliable starting of MBAE. This is just a subjective assessment but subsequent observations seem to support my hypothesis.

I get this taking too long to load thing too. My PC is rather old but runs Windows 7 (64bit) quite well. I find that allowing a few extra seconds before logging on at startup helps prevent it. MBAE seems sensitive to the startup rush of activity with both Windows 7 and Windows XP.

Thank you nukead. That tells me what I wanted to know.

Is it correct to assume that versions of MBAE pushed out as automatic updates may be regarded as stable? I am assuming that MBAE 1.9.1.1291 and 1.09.1.1334 are examples of stable releases whereas MBAE versions downloadable for manual installation between those two stable versions are for beta evaluation purposes.

I'm glad I am protected by MBAE.

It does not recover after a reboot. I hope to visit the old codger whose PC it is next week. Is your diagnostics data logging software the same as it was a year ago? I tried uninstalling and reinstalling MBAE but without success. I removed MBAE and enabled EMET 5.2 for web browsers pending that next visit. The only web browser in use is Google Chrome which self-updates. I am puzzled because I did a system restore to the time when I last attended the system and MBAE was working. After the system restore, MBAE still did not behave as it should. MalwareBytes AntiRansomware and MBAM 2 Free both work correctly.

Thank you Mr Sullinger.