hake

Unannounced by Malwarebytes, the RET ROP Gadget Detection features in OS Bypass Protection can now be checked without any apparent adverse on any of my protected applications on Windows XP SP3 and Windows 7 Ultimate (64-bit). I gleefully discovered that I can check every protection feature in MBAE Premium with versions 1.08.1.2572 and 1.09.1.1235 and all protected applications that are installed run just fine. This is some compensation for version 1.09 not being executable on my two pre-SSE2 processor equipped systems. Caveat: I imagine that there are applications that will fall foul of such monumentally reckless user behaviour but I am obviously not using any of them. On Windows XP SP3, I use Agnitum Outpost Pro Firewall 9.3, Panda Free Antivirus 17.0.1, BufferShield software DEP (by System-Safe), Mozilla Firefox ESR 45.4, Opera 12.17, Outlook Express 6, SumatraPDF 3.1.2, Acrobat Pro 6, MS Office 2003, MBAE 1.08.1.2572 On Windows 7 Ultimate (64-bit), I use Agnitum Outpost Pro Firewall 9.3, Avast Free 12.3.2280, Google Chrome, Mozilla Firefox ESR 45.4 , Opera 12.17, Thunderbird 45.4, SumatraPDF 3.1.2, OpenOffice 4.1.2, Skype, MBAE 1.09.1.1235

I was instructed by the MBAM support team to download a number of runtime support files for MBAM and to copy them into the MBAM Program Files folder. Those runtime support files which are pre-SSE2 compatible are called: - Qt5Core.dll Qt5GUI.dll Qt5Network.dll Qt5Widgets.dll qgif.dll qwindows.dll I will try to find the link to the download.

I do not know of anyone who has succeeded in using MBAE 1.09 on hardware with pre-SSE2 processors. Apparently it is a surprise to Malwarebytes that the issue exists. There is one way that might help to resolve this. Will Malwarebytes please give us instructions and diagnostic software so that we can feedback data to Malwarebytes on the failed installations.

Those who use old hardware with non-SSE2 processors will find that MBAE 1.08.1.2572 persists in trying to offer MBAE 1.09.1.1235 in spite of it being unable to execute. I'm afraid that the opportunity to have coded MBAE 1.08.1.2572 so that it recognises pre-SSE2 hardware, and so does not install an unusable version update, appears to have been lost.

I use Agnitum Outpost Firewall Pro 9.3. Versions 9.2 and 9.3 of Outpost Firewall would not run on my hardware. The techs at Agnitum kindly took note of my request for the continued compatibility with SSE only processors and issued an update to version 9.3. I understand that this was the result of a recompile. I am glad they did because Outpost 9.3 is their best and final version. Yandex has since bought Agnitum and Outpost has ceased to be developed and will receive no more data updates after 31 December 2016. You can imagine that I esteem the memory of Agnitum and its people very highly. I have a decent firewall for Windows XP, 7 and 8.1 for several years to come. Not sure about Windows 10 in the long term. To be fair to Malwarebytes, the thoughtful gesture by Agnitum was made in the knowledge that the Outpost Firewall Pro product was on borrowed time and it would probably not have been possible to maintain pre-SSE2 compatibility in the longer term.

The unwanted MBAE version update can be blocked by adding the following line to the HOSTS file: - 127.0.0.1 data-cdn.mbamupdates.com I also recommend that you uncheck the MBAE setting 'Automatically upgrade to new versions'. If you use Malwarebytes Antimalware (Free or Premium), this will have the effect of preventing it from downloading data updates so the HOSTS file modification might be a nuisance.

Please could it be confirmed that MBAE1.09 will not execute on processors which do not support SSE2 instructions.

Build 1225 works without issues on Windows 7 Ultimate 64-bit and Windows XP SP3 with post SSE processor. I gave Trusteer Rapport another try after nearly 2 years since I last gave up on it in disgust. IBM seems to have done good work because it runs far more slickly and causes no problems with MBAE, at least it doesn't with build 1225. I can only guess that the improvement apparent with Trusteer Rapport build 3.5.1609.103 is down to its improved product quality. I use Rapport with Mozilla Firefox and Google Chrome. Installed real-time security software: Agnitum Outpost Firewall 9.3, Avast Free 12.3.2280, MBAE 1.09.1.1225, Trusteer Rapport 3.5.1609.103.

News of this in http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/ makes me glad I use 'senior' hardware. Here is the paper on the subject: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf. I would be amazed if Malwarebytes' techs have not already read and inwardly digested it.

Works faultlessly on my Windows 7 64bit and Windows XP SP3 (SSE2 processor) systems. As is typical of a user with no self-control, all Advanced Settings are checked with the exception of Ret Rop Gadget Protections (Chrome browser options ARE checked). Additional shields for SumatraPDF (pdf) and Mozilla Thunderbird (other) are in use.I guess that support for pre-SSE2 processors is at an end. If that is the case, I hope that automatic updating is inhibited for systems with SSE only processors.

I should have added that all Advanced Settings are ON excepting the RET ROP gadgets (32 and 64 bit). However, both the RET ROP gadgets are ON for Chrome Browsers, the scope of which also protects 64bit Opera 12 which is quite happy with the settings. I have yet to find that using these Advanced Settings causes any problem but I would not chance it except on my own computers.

MBAE beta 1.09.1.1175 works without issues on Win7 64bit and Win XP SP3 (with SSE2 processor). It does not run when a pre-SS2 processor is in use. I have no problems with IE11 on Win7.

I am not in a position to do so at the moment. The computer concerned is 50 miles away from my home and I just happened to be there when the user asked me to do something about the issue which I did by providing alternative access to the Downloads folder for Google Chrome. I posted my comments in the hope that someone else might also have experienced the issue.

This issue does not seem to happen on Windows 7 64bit.

My sister-in-law uses Windows 8.1 64bit. I created a Download folder access in the bookmark toolbar of Google Chrome. MBAE 1.08.1.2572 is setup to use the default Advanced Settings. When she tries to open a web page which has previously been saved in her download folder, MBAE kills Google Chrome. I am unable to show the error message box but the problem is in the OS Bypass Protection. I have added a bookmark toolbar item to enable her to access her stored web pages as files in the local Downloads folder and this causes no problem. All relevant software is at the latest version at the time of writing. The Google Chrome Download feature appears in the address bar as chrome://downloads/ Open a previously downloaded .html file by using Google Chrome to access the download folder with 'chrome://downloads/' and the problem happens. Open the same .html file with file:///C:/Users/fred/Downloads/webpagefilename.html and the previously downloaded web page and its components opens in Google Chrome.

Same here on Win7 64bit and Windows XP SP3 (SSE2 Pentium 4 processor). Protected apps seem always to crash on termination.

No worries Pedro. Thank you for the response. I am perfectly happy with MBAE 1.08 and the Windows XP pre-SSE2 systems are not security critical anymore. I quite understand that your priorities properly lie elsewhere. Chris

MBAE beta 1.09.1.1142 continues to crash at startup on my pre-SSE2 AMD Athlon XP 3000+ Windows XP system which I first reported when I attempted to install MBAE beta 1.09.1.1130 (DDS files PMed to Pedro). It appears not to be possible to install a working MBAE beta 1.09 on my other pre-SSE2 Intel Celeron Windows XP system unless it is installed over an existing MBAE version 1.08. Without it, the MBAE beta 1.09 installer does not add the mbae-svc.exe to the services list. If the previous 1.08 MBAE version is preinstalled with the trial option set, the same failure to add mbae-svc.exe to the services list occurs after MBAE beta 1.09.1.1142 is installed and so that service fails to run when the system is restarted. If MBAE 1.08 is reinstalled over MBAE 1.09, the MBAE GUI continues to show the version number as 1.09.1.1142 (this also applied with beta versions 1130 and 1140). If you guys decide not to continue to support pre-SSE2 processor hardware, I promise not to chew any carpets. It would be nice if a way of continuing to use MBAE 1.08 on pre-SSE2 systems could be made possible without the need to add 'data-cdn.mbamupdates.com' to the HOSTS file to suppress continual offers of version updates.

I seem to be having a lot of problems with Windows XP on pre-SSE2 processor equipped systems. It is making me wonder if pre-SSE2 processors are at the end of the line with MBAE. I have a fair bit of work to provide useful feedback for pre-SSE2 systems so please watch this space. If it does prove to not be possible to continue to provide a pre-SSE2 compatible MBAE, will it be possible to prevent MBAE 1.08 from being updated to MBAE 1.09 and later? Obviously MBAE 1.08 is better than no MBAE at all. I have no issues with MBAE beta 1.09.1142 on my Windows XP systems with SSE2 (and later) processors or with Windows 7 systems.

MBAE 1.09.1.1140 (and also 1.09.1.1130) runs fine on an Acer TravelMate 220 with Celeron 3 (mobile) SSE only processor. I imagine that MalwareBytes will, eventually, be unable to continue to offer updated versions of MBAE to users of wrinkly hardware. I accept this but hope to be able to continue to use whatever version last worked by being able to switch off the update feature but without having to block updates by modifying the HOSTS file (which also prevents MBAM from downloading data updates). Out-of-date MBAE is better than no MBAE.

Hello Pedro. I have tried MBAE 1.09.1.1140 and this problem still persists. The system state is the same as when I PMd the DDS.com output files to you on about June 30.

So it isn't just me. It didn't seem right. Previous MBAE betas I have tried have been with Premium features.

I have found that the 1.09.1.1130 beta runs as a Trial Version even though the option is unchecked at installation. I am just pointing this out in case it is unintended behaviour.

Thank you Pedro.

Hi Pedro. I tried what you suggested but without success. Outpost Firewall Pro 9.3 and Avast were completely disabled and no signs of the MBAE 1.09.1.1130 beta installation process being obstructed were apparent. The MBAE service remained absent from the services list and MBAE.exe again fell over the illegal instruction after system restart. I reinstalled MBAE 1.08.1.2563 as I had done previously and it worked properly though still with the wrong version number for 1.08.1.2563. The MD5 for the MBAE 1.09.1.1130 beta used for the installation is fc92e509abb62079e068a78ca2d2b164. I have PMd you with the DDS.com output files in a zip. Regards, Chris