hake

Pedro, I sent 2 files (attach.zip and logs.zip) to you via PM. If you are unable to access either of them, please let me know.

There is evidently an interaction between AVG 2015 and Outpost Firewall Pro 9.1. MBAE works OK when either AVG or Outpost Firewall is installed but not both. I took care to ensure that I installed AVG before Outpost Firewall and that in installing Outpost I made sure that it took account of the presence of AVG. That is as much as I can say. I guess that there more than a few who use both AVG and Outpost Firewall. My observations apply only to XP. I have not had an opportunity to try this with Windows 7.

Yup, removing AVG allows MBAE to behave normally and correctly. I have sent Pedro the information files for MBAE via a PM.

One thing I didn't mention is that after installing MBAE, it now requests a reboot. I don't think it did that before installing AVG.

MBAE service starts then immediately terminates. I have had cause to install AVG 2015 Free. Coincidentally with doing this, MBAE will not run. I am now running Agnitum Outpost Firewall Pro 9.1. MBAE was working well with Agnitum Outpost Security Suite Pro 9.1. The OS is Windows XP SP3.

I am curious that only one line in the list appears each time that Google Chrome is run but Mozilla Firefox, for example, merits three and sometimes four entries. Are all web browsers treated the same?

Layer zero is the maximum privilege kernel (innermost) layer of the operating system, e.g. Windows 7. Any software that can contrive to get itself running in layer zero has maximum privileges and can therefore do whatever it has been programmed to do without restriction. This is the holy grail of malware writers. The most skilled malware authors can take complete control of a computer and make it do all sorts of things, good or bad, without the user even being aware of it. Higher numbered layers (old fogeys like me think of the operating system as like concentric rings) have lower privileges. It is essential for application level software to run in ring 3 so it cannot do harm to the operating system because it has no direct access to ring (layer) 0. The operating system provides functions which allow application level software running in ring 3 to request that things like physical file accesses are done by the operating system ON BEHALF OF the requesting software, i.e. under the full control of the operating system. These concepts were in practical use back in 1974 when I first worked with the Prime 300 minicomputer. Primos, the Prime Computer Inc. operating system, embodied ring 0 and ring 3. It is the whole point of Anti-Exploit to prevent malware from contriving to get into layer zero.

I hope that users will share their own experiences and knowledge of using MBAE and EMET. I know what works for me and the Windows XP, Vista, 7, 8 and 8.1 systems which I support. The users of all of my supported systems which are physically remote from me have not raised a single concern. I am now confident enough to send non-tech users away with their laptops without anxiety about their computers continuing to be stable, useful and usable. The telephone remains silent, on MBAE and EMET at least. Thanks ky331 for the comments about EMET 3, Windows 7 and IE. It's definitely on my list to update the laptop with that version of EMET to EMET 5.1.

I have omitted to label the screen shots. The first screen shot is of EMET 4.1 update 1 from my Windows XP 32bit system. The second screen shot is of EMET 5.1 from my Windows 7 64bit system.

I am providing some notes about the rules of thumb I use to enable EMET and MBAE to be used together. These rules of thumb are not absolutes, merely guidelines as there will always be occasional exceptions which rear their heads unexpectedly. Please read my comments in conjunction with my attached screenshots of my EMET settings for my WinXP 32bit and Win7 64bit systems. I find that with those Windows systems (and also a friend's Win8.1 system), the displayed settings work well with MBAE Premium. The MBAE protected applications are those with the reduced selection of EMET mitigations (i.e. the mitigations provided by EMET3 less the EAF mitigation). Those applications which are not protected by MBAE are the ones with all EMET mitigations set. The EMET5 EAF+ mitigation has been found not to cause the slightest problem with MBAE. As an aside, I have found that some older applications do not like the EMET Stack Pivot mitigation but this is not related to the use of MBAE. I just mention it in passing. MS Publisher 2000 is such an application. I protect Skype in MBAE as 'other'. Please note that Skype will not run if the EMET SEHOP and EAF mitigations are enabled for Skype, regardless of whether Skype is protected by MBAE. For MBAE Free, only the browser applications (plus Java, if used) would have the reduced selection of EMET mitigations. Basically, the screenshots illustrate my rule of thumb when using MBAE and EMET together. I cannot guarantee that my fairly informal rules of thumb will work in absolutely every circumstance but I have not yet encountered a single exception.

Make that three Windows XP systems.

With the advent of MBAE 1.05.1.1016, I am seeing reason to be optimistic that the issue of Opera 12 (32bit) process termination has been fixed. I have tried it on two XP systems so far and in both cases Opera consistently vanishes from the Task Manager process list on being closed. One MBAE is Premium and the other is Free.

It is confusing for a lay person to read conflicting information on any subject. I have no choice but to take things I read at face value. While web browsers are not actually being targetted, they are a key part of the POODLE problem and my ignorance and wishful thinking set me to thinking that it would be nice if MBAE were able to mitigate it.

I have read that the main targets are browsers because the attacker must inject malicious JavaScript to initiate the attack. Would this be detectable and protectable by MBAE?

Are there issues between MBAE 1.05 and OnlineArmor v7 ? I have noticed that the Opera 12 issue in this thread occurs with MBAE 1.05 but not MBAE 1.04 and has only been observed on both Windows XP and Windows 7 systems using Emsisoft OnlineArmor. The systems using other firewalls (Outpost and Windows own) do not exhibit this issue. The existence of the redundant Avast Online Security in Opera 12 seems to be a red herring.

Does MBAE detect and prevent this? I understand that 'evil' javascript is used by attackers.

Aaaaaah! So that's why swapping between MBAE 1.04.1.1012 and MBAE 1.05.3.1012 lost my added shields.

It has just occurred to me that this problem Opera 12.17 32bit installation inherited its appdata folders from a Windows XP installation of Opera 12.17. I have recently realised that this included an installation of an obsolete Avast Online Security extension. I removed it from the XP installation and this appears to have resolved another apparently unconnected issue with Agnitum Outpost Security Suite which showed a constant 2% CPU consumption (acs.exe process) after Opera had been in use for a while. After removing Avast Online Security extension from Opera, this issue appears not now to be occurring. I mention this to bring some closure to the issue.

Thanks Pedro. Also the install of MBAE 1.05.1.1014 does not give the option for the desktop shortcut.

On installing the new release MBAE Premium 1.05.1.1014, I was surprised to see that my added shields were not retained. This was unexpected.

Lifetime licences create a slippery slope of investment stagnation. A certain Russian security software firm is finding this, I suspect. I think that MalwareBytes is being wise to steer clear of it.

I am asking for confirmation that 'automatic' renewal is exactly that and that no interaction with MBAE Premium on any of the three computers for which the purchased combination of Licence I.D. and Licence Key applies is required. In other words, is the renewal of a MBAE Premium licence silent and seamless? I paid for MBAE Premium through PayPal and it is classed and processed by PayPal as a Pre-approved payment.

Thanks Pedro. Got it. I have substituted Office 2003 for Office 97. Office 2003 works great with experimental MBAE on my main XP system. I have similarly removed 32bit Opera on my Win 7 64bit system, now relying on 64bit Opera instead. Again, the reported difficulty has ceased. I am happy with this but frustrated that I could not supply more helpful information which might have led you understanding why the problems occurred. I am looking forward with anticipation to the production release of MBAE 1.05.

DEEP disappointment. Suddenly, MS Office applications became unresponsive. I have reached the limits of my abilities to troubleshoot this. Works fine with MBAE 1.04.1.1012. I will install the next MBAE final release of 1.05 more in hope than in expectation.

Forgot to mention, I have also ceased to run OSA.EXE. This little darling is said to 'improve' performance(?). I find the opposite and, not needing the automation in Office 97, OSA.EXE has been 'retired'. There, that's my 102nd post already.