hake

Windows XP can be hardened by using Control Panel -> Internet Options -> Security to set the Internet Zone to HIGH security. I prefer to set all four zones to HIGH security. That should close down a lot of possibilities for exploits. I have not yet observed any ill effects of doing this. I have noticed that Bit Defender free AV needs the Internet Zone to be set to MEDIUM HIGH (or lower) to enable it to be installed and then for its GUI to work. Consequently I do not use Bit Defender.

Does Malwarebytes Anti-Malware scan NTFS alternate data streams?

I had wondered if something like that was the reason. I could not imagine that it was unintended.

I have a notion that installing MBAE 1.07.1.1014 over 1.07.1.1011 causes 'Application Hardening -> Disable Internet Explorer VB Scripting' to be unchecked when it was previously checked.

I did restore the mitigations one by one and all are now in use. The issue no longer arises so I assume that the web page has changed.

Aw, shucks! (as they say in Wigan). The page doesn't crash Google Chrome any more. Trouble is that this newspaper page is somewhat dynamic. It includes links to other content which are liable to change and also a discussion forum. I have looked a lot of other sites with this browser today and no other issues have arisen.

All exploit mitigations unchecked -> No crash. What are FRST logs?

I an running Google Chrome (x86 version) on WIndows 7 (64-bit). Google crashes on a certain web page. I have copied the details from the message box displayed after the crash. Problem signature: Problem Event Name: BEX Application Name: chrome.exe Application Version: 43.0.2357.132 Application Timestamp: 559b2699 Fault Module Name: mbae.dll Fault Module Version: 1.7.1.1010 Fault Module Timestamp: 5591339a Exception Offset: 0000423d Exception Code: c0000409 Exception Data: 00000000 OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 2057 Additional Information 1: bc01 Additional Information 2: bc011edf44722d0b9da610c7bc289b15 Additional Information 3: f686 Additional Information 4: f6864490c506fdefd9108941275e119a The web page URL is : -http://www.telegraph.co.uk/finance/economics/11731694/Brexit-vote-could-trigger-European-free-market-chain-reaction-say-Swiss-and-Icelandic-MPs.html This web page should be available for at least the next few days but I won't be as I am off on vacation.

Enable MBAE log protection events and then look at what is listed after you have run NitroPDFReader.exe.

Thanks Pedro. That's good news and just what I hoped you would say.

Thank you Pedro. Does the assumption of Opera Chrome compromise protection for Opera Presto? I suppose that what I am really asking is whether MBAE Google Chrome protection will also be useful with a non-Google Chrome type browser like Opera Presto, especially with mitigation of Flash plugin exploits. I can always comfort myself with the thought that Opera Presto has the virtue of security through obscurity. In its supported days, the old Opera only had less than 1% share of browser use. By now, that must be a tiny fraction of the previous 1%. Not much incentive for hackers.

Opera 12 (Presto) and Opera (Chrome) are very different web browsers, sharing only a name. Is MBAE able to discriminate between these two completely different web browsers and provide effective protection for each?

Thank you Pedro. I am very grateful that this issue has been raised by others. I thought that it was a peculiarity of my systems that was to blame. Thanks to your advice, things are much improved. I have not noticed the issue with Windows 7, only Windows XP. Everything in the garden is lovely.

From the short time since I followed your installation procedure, the startup situation seems to have improved. I would still advise people not to rush the startup but it appears to have materially improved things. WinPatrol has a feature which can delay the launch of mbae.exe. It has the ability to vary the delay time.

I have followed the instructions. So far so good. I have been living with this issue since the early days of MBAE. My old, slow but very good computer needs a little time to get going, hence my 20 second wait to logon after the prompt. I guess that there is an absolute blizzard of things going on at system start and have assumed that this issue is due to those exigencies of startup. I have also found that Agnitum Outpost Firewall is prone to its service process (acs.exe) sometimes not starting if logon at startup is rushed. Again the issue with Outpost goes back a few years. I have used this firewall in its various versions since 2001. These remarks apply to Windows XP. The issue does not seem to be noticeable with Windows 7 but the Intel Prescott 3.2GHz dual core processor which powers that seems to be a bit more than twice as fast as the Athlon XP 3000+ which powers my main Windows XP system. All my systems are more than abundantly endowed with RAM. Your procedure could well have some wisdom behind it. I have noticed that a more rapid logon seems to allow MBAE to start more reliably. Time will tell.

I see this with my AMD Athlon XP 3000+ equipped PC running Windows XP SP3. I count 20 seconds from seeing the logon prompt before clicking and the problem does not then occur. Patience is a virtue. My MBAE 1.07.1.1010 installation works well otherwise.

I have reworded this post. It should have read as follows : - I believe that disabling program updates causes the database updater to fail to confirm that the database update is complete when the update progress bar has reached the right hand end of its travel. It should replace the words 'Updating database' with the new database version number but fails to do that. Those Windows XP users who have had to continue to use MBAM 2.1.6.1022 are probably also seeing what I am seeing if they have resorted to disabling program updates. This behaviour seems also to occur with MBAM 2.1.8.1057 but since I doubt if anyone normally disables program updates, no one will notice.

I think that disabling program updates might be causing the database updater to hang when the database update progress bar has reached the right hand end of its travel without any confirming indication that the database update is complete. A number of Windows XP users have had to remain with MBAM 2.1.6.1022 so they may also be seeing what I am seeing if they have resorted to disabling program updates.

That's good for me because I look after my friends' PCs unpaid. The fewer of the dreaded phone calls begging me for help the better. MBAE reduces stress. Could add years to my life.

I am having a problem with MBAM 2.1.8.1057. It became apparent after I had accepted the invitation to update MBAM from MBAM 2.1.6.1022. The installation procedure completed but mbam.exe failed to start and produced a message box (see attached jpeg file). My hardware is old with AMD Athlon (32-bit) processors (which might not possess some instructions present in later processors). I am finding that some other software producers seem not to be aware that older processors might not have all the capabilities of modern processors with the result that their software will not run. Fortunately I can revert to MBAM 2.1.6.1022 as I have retained the installation setup file for this version. I am running Windows XP SP3.

MBAE 1.07 now works great with Windows XP. All the issues have been solved. Good work guys. I have tried it on four XP systems without any issues. It also works fine with Windows 7 64-bit. In addition, all advanced settings options are enabled on each installation of MBAE 1.07.1.1010. All MBAEs are running with EMET versions 4.1u1 (WinXP) XOR 5.2 (Win7). In each case, MBAE protected applications have DEP, SEHOP, NullPage, HeapSpray, * EAF+, * ASLR and BottomUp mitigations enabled in EMET without apparent issues. (* these mitigations only with Windows 7) EMET EAF and all ROP mitigations are disabled for MBAE protected applications.

Thank you Pedro. That's good to know.

The word is patch Adobe Flash urgently or risk being attacked via the Magnitude exploit kit. For those non-techs who rely on the very unreliable Adobe Flash automatic updates, will MBAE save their bacon?

Can MBAE protect against Dyre? I quote from krebsonsecurity.com: - According to a recent in-depth report from Symantec, Dyre is a highly developed piece of malware, capable of hijacking all three major web browsers and intercepting internet banking sessions in order to harvest the victim’s credentials and send them to the attackers. Dyre is often used to download additional malware on to the victim’s computer, and in many cases the victim machine is added to a botnet which is then used to send out thousands of spam emails in order to spread the threat.

Thank you for those insights Pedro. With EMET 3 on a couple of Windows 7 systems and EMET 5.2 on others, I have ensured a solid column of ASLR opt-ins and no application has yet complained, regardless of whether or not they have had the option included by the producers. I have not felt the need to update EMET 3 to EMET 5.2 on the two systems because there are no vulnerable applications running on them which do not enjoy MBAE's ROP exploit protections.