-
Posts
629 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by hake
-
[SOLVED] Looking for alpha testers for upcoming MBAE 0.10
hake replied to pbust's topic in Anti-Exploit Beta
Please count me in. -
Mostly it starts, sometimes it doesn't. When it starts, sometimes the tray bar icon is absent. I cannot detect a pattern with this behaviour. I do check Task Manager to see if mbae.exe is running. I am really looking forward to the production version release. If it does what we expect it to (that is because it bears the Malwarewbytes brand) it should be great value for money.
-
[SOLVED] False exploit stopped Google Chrome from opening
hake replied to droyls's topic in Anti-Exploit Beta
Running Win 7 (32bit), Google Chrome does not like MBAE with EMET 4.1 SEHOP, EAF or ROP mitigations enabled. It is fine with Deep Hooks enabled. When running Chrome with MBAE under Win XP SP3 (32bit), it is able to run with SEHOP mitigation enabled. -
I have at last dipped my toe into Windows 7 (32bit) and find that on this very fresh installation of Win 7 that Adobe Reader 11 is able to run in protected mode and be mitigated by EMET 4.1 with Deep Hooks activated. This is in contrast to Win XP SP3 (32bit) where this has not been found possible in my (limited) experience.
-
From the start of my trialling of MBAE, I have assumed that MBAE doesn't block downloads but instead reacts to unwanted/malicious behaviour when a download attempts to become active. Is this assumption correct?
-
The traybar icon should be able to indicate if Anti-Exploit is protecting or not. Perhaps the inverted V could be green for 'on' and red for 'off'. Thus, at a glance, the user could have visual confirmation of the status of Anti-Exploit.
-
[SOLVED] Crashes in MBAE.dll upon Opera exit
hake replied to mpawlowski's topic in Anti-Exploit Beta
Herewith the file: mbae-default.log mbae-default.log -
[SOLVED] Crashes in MBAE.dll upon Opera exit
hake replied to mpawlowski's topic in Anti-Exploit Beta
Is there an alternative to posting mbae-default.log to the thread, like an email? -
[SOLVED] Crashes in MBAE.dll upon Opera exit
hake replied to mpawlowski's topic in Anti-Exploit Beta
MBAE version 0.09.5.0250. I will send the log file later today (UK time). -
[SOLVED] Crashes in MBAE.dll upon Opera exit
hake replied to mpawlowski's topic in Anti-Exploit Beta
When I am a bit too quick to delete private data using Tools -> Delete private data... before Opera has finished doing something, Anti-Exploit can throw up an exploit alert. This is with Opera 12.16 on Windows XP SP3. It has occurred on two XP systems. -
Malicious site blocking and Avast Web Shield
hake replied to hake's topic in Malwarebytes for Windows Support Forum
Thank you. -
[EMET] MBAE, EMET (Deep Hooks and ROP Mitigation)
hake replied to Conan's topic in Anti-Exploit Beta
Correction of my last comment: Adobe Reader 11 was able to run with EMET mitigations as I stated BUT not when used in web mode, i.e. as a PDF reader in a web browser. I had to revert to completely removing AcroRd32.exe from the EMET list. -
[EMET] MBAE, EMET (Deep Hooks and ROP Mitigation)
hake replied to Conan's topic in Anti-Exploit Beta
That view seems quite reasonable. Google's advice is surely authoritative. Coincident on my previous comment, I have noticed that Adobe Reader 11 now runs in protected mode on that system with EMET mitigations enabled except for Caller, SimEx and Stack Pivot. Previously it would not run in protected mode with all mitigations in EMET disabled (that is there was an entry for AcroRd32.exe in EMET with ALL mitigations unchecked). -
[EMET] MBAE, EMET (Deep Hooks and ROP Mitigation)
hake replied to Conan's topic in Anti-Exploit Beta
Concerning Google Chrome on Windows XP SP3 with EMET 4.1 Without an obvious system change, Google Chrome became unresponsive after it was started (last evening it worked as it should). I was able to get Chrome working in the following circumstances: - 1. Deep Hooks disabled in EMET 4.1, MBAE Anti-Exploit protection enabled and all EMET 4.1 mitigations enabled except EAF for Chrome. 2. Deep Hooks enabled in EMET 4.1, MBAE Anti-Exploit protection disabled and all EMET 4.1 mitigations enabled except EAF for Chrome. 3. Deep Hooks enabled in EMET 4.1, MBAE Anti-Exploit protection enabled and EAF, Load lib, MemProt, Caller, SimEx and Stack pivot mitigations disabled for Chrome in EMET 4.1. Subsequent to these evolutions, Acrobat 6 Professional would not start fully. A system restart seems to have restored stability and Acrobat 6 Pro now works again as it had previously and should with all EMET 4.1 mitigations and Deep Hooks enabled. On a second Windows XP SP3 system, Google Chrome runs with Deep Hooks enabled and all mitigations for Chrome except EAF enabled. -
With Windows XP SP3, Opera 12.16 and MBAE 0.09.5.0250 work faultlessly.
-
The executables in question are in C:\Program Files\Microsoft Office\Office\ The filenames are winword.exe and EXCEL.EXE (as displayed by Explorer). Thanks
-
Pedro, do you ever sleep?
-
I want to apologise for starting this thread. It was unfair as I have never received other than the utmost courtesy and thoughtfulness from Malwarebytes personnel in all my previous communications with the company. I can only plead that it was an act of impulse when I realised, with some horror, that I had installed the previous Anti-Exploit beta on three computers which were, by the time of the expiry, physically beyond reach. To my relief, I was able to talk each of the users through uninstallation, thanks to the useful and usable Advanced Uninstaller PRO 11 which made the uninstall procedure simple for these non-tech users to follow. Thanks also to Malwarebytes for making the beta uninstall so well. I look forward to observing the fruits of development of the very valuable security tool which Anti-Exploit will become. For me, the WWW is the greatest threat to the well-being of Windows PCs and to harden the web browser against this attack vector will be a most significant contribution to user privacy and security.
-
As far as my XP SP3 system is concerned, I still need to remove Adobe Reader 11 from EMET 4.1 for it to run in protected mode. I have tried disabling 'deep hooks' but to no avail. However, Acrobat 6 Pro no longer requires the EMET EAF mitigation to be disabled. Does Anti-Exploit protect Office 97 apps?
-
I have no problems whatsoever with the interactions between Anti-Exploit and Outpost Firewall Pro 9 or Security Suite Pro 9.
-
More feedback to come I promise. I don't object to the beta expiring. It was the lack of information about the possibility. Forewarned is forearmed. When is version 0.09.5.0250 due to expire?
-
I've calmed down now (did I ever need Michael Winner more). I have installed this on my wife's sister's laptop. She is 40 miles away. Hence the panic. I see that the traybar icon issue seems to have disappeared (unlike the icon) with the latest version.
-
I should also have said that it was not exactly made obvious that the beta was liable to expire. I now consider myself warned but not in the way I would have preferred.