hake

Please count me in.

Mostly it starts, sometimes it doesn't. When it starts, sometimes the tray bar icon is absent. I cannot detect a pattern with this behaviour. I do check Task Manager to see if mbae.exe is running. I am really looking forward to the production version release. If it does what we expect it to (that is because it bears the Malwarewbytes brand) it should be great value for money.

Running Win 7 (32bit), Google Chrome does not like MBAE with EMET 4.1 SEHOP, EAF or ROP mitigations enabled. It is fine with Deep Hooks enabled. When running Chrome with MBAE under Win XP SP3 (32bit), it is able to run with SEHOP mitigation enabled.

I have at last dipped my toe into Windows 7 (32bit) and find that on this very fresh installation of Win 7 that Adobe Reader 11 is able to run in protected mode and be mitigated by EMET 4.1 with Deep Hooks activated. This is in contrast to Win XP SP3 (32bit) where this has not been found possible in my (limited) experience.

From the start of my trialling of MBAE, I have assumed that MBAE doesn't block downloads but instead reacts to unwanted/malicious behaviour when a download attempts to become active. Is this assumption correct?

The traybar icon should be able to indicate if Anti-Exploit is protecting or not. Perhaps the inverted V could be green for 'on' and red for 'off'. Thus, at a glance, the user could have visual confirmation of the status of Anti-Exploit.

Is Anti-Exploit effective against exploits contained within secure web pages?

Herewith the file: mbae-default.log mbae-default.log

Is there an alternative to posting mbae-default.log to the thread, like an email?

MBAE version 0.09.5.0250. I will send the log file later today (UK time).

When I am a bit too quick to delete private data using Tools -> Delete private data... before Opera has finished doing something, Anti-Exploit can throw up an exploit alert. This is with Opera 12.16 on Windows XP SP3. It has occurred on two XP systems.

Thank you.

Is Malwarebytes Pro able to detect and block malicious web sites when Avast Web Shield is in use?

Correction of my last comment: Adobe Reader 11 was able to run with EMET mitigations as I stated BUT not when used in web mode, i.e. as a PDF reader in a web browser. I had to revert to completely removing AcroRd32.exe from the EMET list.

That view seems quite reasonable. Google's advice is surely authoritative. Coincident on my previous comment, I have noticed that Adobe Reader 11 now runs in protected mode on that system with EMET mitigations enabled except for Caller, SimEx and Stack Pivot. Previously it would not run in protected mode with all mitigations in EMET disabled (that is there was an entry for AcroRd32.exe in EMET with ALL mitigations unchecked).

Concerning Google Chrome on Windows XP SP3 with EMET 4.1 Without an obvious system change, Google Chrome became unresponsive after it was started (last evening it worked as it should). I was able to get Chrome working in the following circumstances: - 1. Deep Hooks disabled in EMET 4.1, MBAE Anti-Exploit protection enabled and all EMET 4.1 mitigations enabled except EAF for Chrome. 2. Deep Hooks enabled in EMET 4.1, MBAE Anti-Exploit protection disabled and all EMET 4.1 mitigations enabled except EAF for Chrome. 3. Deep Hooks enabled in EMET 4.1, MBAE Anti-Exploit protection enabled and EAF, Load lib, MemProt, Caller, SimEx and Stack pivot mitigations disabled for Chrome in EMET 4.1. Subsequent to these evolutions, Acrobat 6 Professional would not start fully. A system restart seems to have restored stability and Acrobat 6 Pro now works again as it had previously and should with all EMET 4.1 mitigations and Deep Hooks enabled. On a second Windows XP SP3 system, Google Chrome runs with Deep Hooks enabled and all mitigations for Chrome except EAF enabled.

With Windows XP SP3, Opera 12.16 and MBAE 0.09.5.0250 work faultlessly.

The executables in question are in C:\Program Files\Microsoft Office\Office\ The filenames are winword.exe and EXCEL.EXE (as displayed by Explorer). Thanks

Pedro, do you ever sleep?

I want to apologise for starting this thread. It was unfair as I have never received other than the utmost courtesy and thoughtfulness from Malwarebytes personnel in all my previous communications with the company. I can only plead that it was an act of impulse when I realised, with some horror, that I had installed the previous Anti-Exploit beta on three computers which were, by the time of the expiry, physically beyond reach. To my relief, I was able to talk each of the users through uninstallation, thanks to the useful and usable Advanced Uninstaller PRO 11 which made the uninstall procedure simple for these non-tech users to follow. Thanks also to Malwarebytes for making the beta uninstall so well. I look forward to observing the fruits of development of the very valuable security tool which Anti-Exploit will become. For me, the WWW is the greatest threat to the well-being of Windows PCs and to harden the web browser against this attack vector will be a most significant contribution to user privacy and security.

As far as my XP SP3 system is concerned, I still need to remove Adobe Reader 11 from EMET 4.1 for it to run in protected mode. I have tried disabling 'deep hooks' but to no avail. However, Acrobat 6 Pro no longer requires the EMET EAF mitigation to be disabled. Does Anti-Exploit protect Office 97 apps?

I have no problems whatsoever with the interactions between Anti-Exploit and Outpost Firewall Pro 9 or Security Suite Pro 9.

More feedback to come I promise. I don't object to the beta expiring. It was the lack of information about the possibility. Forewarned is forearmed. When is version 0.09.5.0250 due to expire?

I've calmed down now (did I ever need Michael Winner more). I have installed this on my wife's sister's laptop. She is 40 miles away. Hence the panic. I see that the traybar icon issue seems to have disappeared (unlike the icon) with the latest version.

I should also have said that it was not exactly made obvious that the beta was liable to expire. I now consider myself warned but not in the way I would have preferred.