hake

Can MBAE prevent Abusing JSONP with Rosetta Flash? Adobe has released Flash Player 14.0.0.145 which is said to help mitigate a security threat, highlighted by Michele Spagnuolo, a security engineer at Google. http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

Payments apart, I wish to know what procedures will be necessary on actual PCs running MBAE Premium. Two of the licenced PCs are in the hands of my wife's sisters and are 50 miles away from where I live. My question is therefore does renewal entail procedures being performed on each PC on which MBAE Premium has been installed? If the anniversary renewal fee is not paid at expiry, does MBAE Premium automatically revert to MBAE Free? I wonder if these concerns might have prompted others to ask about lifetime licences. I am not concerned about the actual payment method. PayPal is my choice and gives me the comfort of having full control over the payment side of things.

Hi Kaine, Please do not apologise. You are obviously a gentleman and it is I who should apologise for my obscure sense of humour. I hasten to add that I have never enjoyed the hospitality offered by HMP. :-) Regarding MBAE and EMET in conjunction with Windows XP, I find that Windows Media Player also does not like any ROP mitigations enabled in EMET when protected by MBAE.

I checked Adobe Reader 11 on a 32bit Windows 7 system. The behaviour of Adobe Reader 11 with Enhanced Security enabled is like most applications protected by MBAE which is that EMET SIM mitigation will be tripped so it should be disabled in EMET. I can only guess that 32bit Vista is the same and the 64bit versions of Windows post XP need no disabling of SIM mitigation. I will have my hands on a 64bit Windows 7 on Saturday so can confirm that then.

I forgot to say that all my remarks about EMET are on the assumption that Deep Hooks, Anti Detours and Banned Functions are all enabled.

Different Windows versions, different compatibility problems. MBAE is a wonderful means of mitigating the imperfections and vulnerabilities of Microsoft Windows. It is hardly surprising if two or more mitigation tools, each trying to achieve similar ends, should get across each other. I would not even think of using three. I was puzzled for a while by the initials HMP which for a Brit means Her Majesty's Prisons. Definitely avoid these. With Win32 systems, Google Chrome (and also Comodo Dragon) do not like any EMET ROP mitigations when MBAE is also in use. They also do not like EMET's EAF mitigations. I have found that, with Windows XP at least, it helps application stability if EMET SIM and Stack Pivot mitigations are disabled for all applications protected by MBAE. With Windows XP, Adobe Reader 11 with Enhanced Security enabled is so sensitive when both MBAE and EMET are used that it will not run even if it is listed in EMET without ANY mitigations whatsoever being enabled. Time taken to experiment with EMET mitigations for applications protected by MBAE will pay dividends. You can't crash the OS while doing this. MBAE is a wonderful tour de force and I am very pleased to have the protection it affords. I also use EMET and enjoy the protection of most of its mitigations, including ROP. To paraphrase Boswell's Life of Samuel Johnson from which I have taken and 'modified' one of his quotations of the great man: "Sir, using MBAE and EMET together is like a dog walking on its hind legs. It is not done perfectly but you are surprised to find it done at all." In other words, MBAE is doing an almost impossibly difficult job effectively and acceptably well, especially with EMET.

I have a Malwarebyte AntiMalware Pro licence but my ancient AMD Athlon XP 3000+ CPU is not powerful enough for it. Anti-Exploit, on the other hand, is feather light on performance. I therefore make do with the excellent on-demand scans that AntiMalware 2 makes possible.

I run Windows XP SP3. Running the MBAE GUI by starting from the desktop shortcut causes an extra traybar icon to appear each time. Once they appear, it seems impossible to get rid of them, short of restarting the system.

Malwarebytes Anti-malware 2.0.2.1012 continues to work well on a XP system which previously was unable to run earlier versions prior to 2.0.2.1012 or version 1.75.0.1300 and previous. Obviously I am delighted since this software is so valuable.

Thank you for the advice. I installed version 2.0.2.1012 and am delighted with the results. The program improvements have mitigated the problems on the XP SP3 system on which the scan was hanging. The scan time was reduced from 25 to 21 minutes. On another 13 year-old PC running XP SP3, the scan time was reduced from 48 to 32 minutes. I always enable the anti-rootkit option.

Malwarebytes anti-malware 2.0.1.1004 often hangs during scans, either during file or heuristic scans. Please give me instructions so that I can provide information to help you to diagnose the problem. I can say that it never hangs on the first scan after installation but subsequent scans often do not complete.

I haven't noticed any change effects in either WinXP SP3 or Win7-32bit. This URL points to details of the changes: - https://support.microsoft.com/kb/2964759

Hi Pedro, I'm glad that ritchie58 is able to oblige as I am presently not in a position to provide the files your requested. hake

Thanks guys.

With Win7-64, Win7-32 and WinXP, the traybar icon can occasionally fail to appear. This is with MBAE 0.10.0.1000. A quick fix is to kill the mbae.exe process and restart it.

I copied file 'dragon.exe' to 'chrome.exe' in the Comodo Dragon program folder. Surprise surprise, Anti-Exploit saw it and dragon.exe, oops, chrome.exe runs fine. MBAE calls it 'Google Chrome' inn its log but what the heck.

Google is dropping support for Google Chrome running on 32-bit hardware. I will therefore be using Comodo Dragon and so enter an additional plea for Dragon to be included within the scope of protection by Anti-Exploit. Comodo Dragon = dragon.exe

PatchMyPC is a useful tool and free. I won't actually allow it to update software but it is very valuable as an 'at a glance' guide to what has changed.

Use any browser except Internet Explorer and set Internet Properties security to High, for the Internet zone at least but preferably for all four zones. I found that Trend Micro's RUBotted stopped working when I did this with the Internet zone. QED: other less reputable software can also exploit the underlying support software for Internet Explorer, this being an integral part of the XP operating system.

Thank you Pedro. Do you work a 25 hour day?

When does Anti-Exploit 0.10.0.1000 expire, please?

Automatic updates of Windows XP are not affected by this bug.

I hope that MBAE will be able to auto-update, in the paid-for version at least. Timely and automatic access to protection against newly realised vulnerabilities would be a powerful motivation to purchase MBAE. Presumably the paid-for version would be named MBAE Pro?

I am not convinced of the wisdom of using EMET to mitigate exploits of Anti-Exploit processes. This is because EMET's detection of exploits causes the exploited process(es) to be terminated. I would have thought that it was preferable not to terminate mbae.exe and mbae-svc.exe. If it was possible for malware to exploit Anti-Exploit so as to then corrupt a running system then I would use EMET to mitigate exploits of Anti-Exploit. Malwarebytes Anti-Exploit is indeed a magnum opus and I look forward to giving the paid for version to friends as presents. It should save me a lot of bother with dealing with malware infections and their aftermath so call it enlightened self-interest if you like. Needless to say that I will be getting the paid for version for my own systems. Can't wait.

The problem with IE and EMET's SimEx mitigation is a one-off 'per system' problem. I guess that the disruption of IE in this way causes some internal OS malfunction which resulted in my case in Win XP being crippled. A restart revealed a Windows statement that a severe problem had occurred but XP and IE then ran well with no further problems.