hake

Final comment on Rapport: I observed that Rapport 3.5.1507.77 and MBAE beta 1.08.1.1039 have no apparent effect on each other. However, Rapport still has the effect on a more modestly performing system of slowing that system considerably. This is not due to the presence of MBAE because I observed that the behaviour also occurred when MBAE had been uninstalled.

Outpost Firewall and Outpost Security Suite each guard internet settings (including DNS) among many other registry settings. A prompt is issued if attempts are made to alter those settings. I have used Outpost since version 1. My preferred way of avoiding MiTM/MiTB is to use a dedicated PC and encrypted (Open)DNS via remote TCP port 443. The PC is 16 years old, running Windows XP Pro SP3 (with access to POSReady security updates), MBAE, BufferShield (a PaX type tool originally developed for Linux - the old hardware lacks DEP), Outpost, AVG 2015 and Firefox ESR with NoScript. No unnecessary software is installed. Firefox is right up at the latest and best standards of SSL/TLS capabilities. Unless HSBC's web site is infected, I consider it unlikely that my transactions with the bank will be compromised. Local network traffic is via Novell IPX only on that PC. There must be an Achilles heel somewhere but my less than expert knowledge has not yet revealed it.

Thank you sman. That is very interesting. Phew! It's the Q2 report, BTW. Since Rapport is not regarded by me as anti-malware, firewall or HIPS, I am going to continue to use it. AVG is good, Outpost detects keyboard and screen copying (among many things) and EMET/MBAE detect exploits which are the vehicles for importing the malware. I'm not complacent and being a distrustful cynic am fairly resistant to social engineering. This information you have furnished me with is my bonus for trying Rapport out as a challenge to MBAE beta. I have satisfied myself that Rapport and MBAE can work together. I guess that the combination of MBAE, EMET, Rapport, AVG and Outpost comprises a decent layered defense.

Trusteer Rapport endpoint protection Following some recent comments I made in this section of the forum about Trusteer Rapport, I installed Trusteer Rapport endpoint protection (3.5.1507.77, the latest version) on a Windows 7 Ultimate 64-bit system. I was pleasantly surprised with its behaviour, the previously reported sluggish performance seemingly much improved. I accessed my online banking facility using IE11, Google Chrome and Firefox ESR (all are the latest versions) without any problems whatsoever. MBAE beta 1.08.1.1039 is installed with all advanced settings boxes ticked. I am also running AVG free 2015, Agnitum Outpost Firewall Pro 9.1,and EMET 5.2 (EAF and ROP mitigations disabled for all MBAE protected applications). Rapport installed smoothly. I have enabled all of its options in Security Policy (i.e. to include my own choices of protected sites). After a little hesitance by the system on initial install, I restarted the system and it ran well thereafter. At no time did MBAE beta 1.08.1.1039 take exception to anything. As a consequence, I am resuming regular use of Rapport endpoint protection. It even worked well in Firefox ESR on which an extremely restrictive setup of NoScript is installed, i.e. nothing but secure web pages from my bank's website are allowed any functionality. Rapport works quite happily with this and dns-crypt also works well.

MBAE 1.08.1.1039 works without any issues for me. Regarding Trusteer Rapport, I have tried on many occasions in the past five years to use it and am constantly frustrated. Trusteer are unable to reliably keep up with Google Chrome versions so you never know if the green address bar thingy will be absent when a new version of Google Chrome is installed. The slowdowns that Rapport inflicts on older PCs suggests that the low-level/driver-level Rapport software could be better implemented. So paranoid am I about my online banking, especially with the advent of Dridex, that I use an older PC which is used solely for online banking. Naturally it is protected by MBAE, along with Agnitum Outpost Firewall Pro (LAN TCP/IP disabled to keep out worms). I use Firefox ESR with heavy NoScript-imposed restrictions. I also use dns-crypt using the port 443 over TCP option. No email client is installed.

Not just bowing deeply, I am positively prostrate.

Thank you oh deity. It works.

This issue also applies to MBAM 2.2.0.1024 when run on prehistoric hardware. The fix previously supplied for MBAM 2.1.8.1057 does not work with the new version.

MBAE 1.08.1.31 works without problems. No repeat of finger printing issue.

The fingerprinting detection issue on my Windows XP system (Firefox ESR, Panda Antivirus 2016, local file system) appears to have been fixed.

Regarding my Fingerprinting detection issue, the affected Windows XP system runs Panda Security free antivirus 2016 (my other systems all run AVG free 2015). The issue has ONLY occurred when Firefox is instructed to load a local file, i.e. from the local Windows XP file system. Internet access by Firefox did not trip the MBAE alert.

Thanks Pedro. I will not PM anything to you. I look forward to trying the fix for the bug. The issue does not seem to occur with my other systems.

I have seen an alert for 'Detection of Anti-Exploit fingerprint attempts'. This arose with Windows XP and Firefox ESR 38.3.0. I attempted to open a file in a local folder and MBAE killed Firefox. Unchecking the 'Detection of Anti-Exploit fingerprint attempts' option in MBAE's Advanced settings stops the behaviour. I am unable to get the dds.txt and attach.txt files as DDS.com will not run to completion. Windows XP locks up and I am forced to restart. I can only PM the MBAE application folder contents to you. The alert screenshot is in this post.

Consequent on my previous post about an installation difficulty, MBAE beta 1.08.1.1025 installed without a hitch. Nothing else to report. It works.

This only happened on one system. I found that although the install was said to have rolled back that it left MBAE 1.08.1.1023 installed and working BUT was absent from Control Panel's Add or Remove Programs list. It therefore seemed like a good idea to run the MBAE unins000.exe and I followed this with a registry clean by CCleaner and a fresh install. I have since tried to replicate the behaviour but cannot get it to do a repeat performance. No one else has reported this, I believe, so I am inclined to think that it's only my particular copy of XP that has temporarily exhibited the behaviour. MBAE 1.08.1.1023 works well.

Just wondered if other XP users have encountered a file open conflict when attempting to install a later beta MBAE over a previous one.

MBAE beta 1.08.1.21 EXCELLENT! MS Office (97 and 2003) and Opera 12 issues fixed in WIndows XP. No other issues arise.

MBAE beta 1.08.1.21 EXCELLENT! MS Office (97 and 2003) and Opera 12 issues fixed in WIndows XP. No other issues arise.

Tarnak reports an issue with Opera. I use Opera 12.17 and find that the ROP issue occurs with this version. I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera. The old and new Opera browsers are, I imagine, completely different from each other.

Pedro, I have PMd the application folder files you asked for in a zip.

Thank you ky331 for that advice. It was spot-on!

Hi Pedro. I have attached the zip file to the PM.

The problem is RET ROP Gadget detection (32bit). I unchecked it and Winword 2003 and Excel 2003 now work.

All seems to work smoothly with MBAE 1.08.1.1016. As usual I have no self-control and have checked all the MBAE Advanced Settings boxes and run EMET (with EMET ROP mitigations unchecked where the application is protected by MBAE) and it works without a murmur of discomfort or discontent. This comment applies to Windows 7 with EMET 5,2 and Windows XP with EMET 4.1 (update 1). I run Open (aka Libre) Office with Windows 7. MBAE recognises Libre Office as its log shows. There is no mention in the MBAE log of individual components, e.g. swriter.exe. Could it be confirmed that swriter, sbase, scalc, sdraw, simpress, smath and sweb are included under MBAE's Libre Office umbrella? HOWEVER, I am unable to run MS Office 2003 which I have installed on Windows XP. I removed Winword and Excel from the scope of EMET and reverted the MBAE Advanced Settings to default but to no avail. I attach the MBAE alert image. Please note that this issue also occurs with MS Office 97. For the time being, I have to run MS Office 2003 deactivated in MBAE but protected by EMET 4.1u1.

Thank you for the information, David. That's good to know.