hake

I looked on in helpless horror as the system restarted. There was no way to stop it in the short time available to act. Fortunately I always backup the system BEFORE installing a feature update.

I guess that the apparent lack of an option to wait until the next system start will be in the code. I was simply unable to cancel the restart. MBAE can also require a restart in a similar way but it has not caused a similar difficulty to MBARW, as far as I am aware. I am now on my guard. The incident happened while I was running Windows 10 2004 installer to update from version 1909 (OUCH!) so I was extremely stupid to try to update MBARW at that time. The devil makes work for idle mouse clicking fingers.

If an installation is attempted when MBARW is already auto-updating, a message box will pop up informing the user that a sytem restart is necessary. The trouble is that the user is not allowed to prevent that restart, only delay it for a short time. If another possibly critical operation is proceeding at the same time, then that is the user's bad luck. The moral of this tale appears to be not to manually update MBARW including and after version 0.9.19.56 - 1.1.330.

Come on lad! You've only got 70 yards to go.

I have made an error of omission. I forgot to mention the reporting of a Bottom-Up ASLR Exploit Blocked in Windows XP not long ago. I love this one which appears to show some evidence of modest randomisation of base addresses in Windows XP. It's a nice curiosity if nothing else. It has only happened once. I have been known to stumble across web sites which depict young ladies in bathing custumes . I use MVPS HOSTS and OpenDNS which I have used for many years as do all my 'customers'. We all have OpenDNS 208.67.222.222 and 208.67.220.220 added to our network DNS settings.

I wish that I knew why my Winows XP SP3 has managed to avoid any attempts to exploit it since 2004 (when the present incarnation was installed) and that includes after April 2014 since when I used POSReady updates (until MS broke its own rules in August 2018 and ceased to update this pre-SSE2 processor equipped system). I just cannot understand how I could have acquired this apparent immunity for any Windows systems I have installed from installation media? The Windows 8.1 and 10 systems which I have installed and currently maintain for myself and friends and relatives also enjoy such apparent immunity. One observation common to all these installations, including XP and now 7, is that no alarms/warnings have yet been shown of attempted exploitations or violations. Needless to say, I do NOT use unsupported Windows systems for any purpose which would put at risk privacy and confidentiality or failing due diligence as is required by banks. I have yet to be aware of having private information being stolen or accessed, i.e. I have not experienced any effects of such events.

I won't waste you guy's time any more by asking questions about XP. MBAE sticks at version 1.12.1.109 which works jolly well. Out of idle curiosity, I am interested to see if XP can remain untouched by malware and it is now the only system I have which provides a platform for Agnitum Outpost Firewall Pro 9.3 which runs with maximum security settings. To me it's the equivalent of driving a classic car.

Thanks Pedro. I have found that XP on faster hardware than my 18 year-old system also has uncertainty in starting MBAE. I will try your suggestion.

Thank you for that. I regret to say that I am unable to use MBAE 1.13.1.186 or 164 because of the inability of those versions to start reliably with XP. Consequently I have reverted to MBAE 1.12.1.109 for Windows XP. This version has consistenty started reliably and is able to respond to my bat MBAE start script in the very rare cases when it doesn't start properly. Sometimes MBAE starts and the system tray icon fails to show and sometimes mbae-svc.exe simply won't go. I am intrigued as to why MBAE is so sensitive at startup. Is there a timing issue? Other startups are robust and survive the chaos of startup. Fortunately MBAE in later versions of Windows seems immune to this At least MBAE 1.12.1.109 allows every advanced setting option to be ticked and to remain ticked including those for RET ROP gadgets. SumatraPDF is the only application to take exception to RET ROP gadget checking. I guess that MBAE 1.12.1.109 is better than nothing.

I have just become aware that the Outlook Express 6 executable msimn.exe (in Windows XP) has disappeared from the shield list. I had previously (several years ago) manually included it in the shield list using the profile of 'Browsers'. Assuming that I had accidentally deleted the shield, I tried to create a new shield for msimn.exe and MBAE declined to add it to the shield list, telling me the the application is already protected. By coincidence, MBAE now has the capability to block potentially malicious email attachments. Is Outlook Express treated as Outlook for this purpose? Can it be confirmed that Outlook Express is still protected from exploits using the 'Browsers' profile? There is no item shown in the shield list for Outlook so there seems to be no way of switching MBAE protection off, only the blocking of potentially malicious email attachments (I am unlikely to do this but I am unable to do so if I felt the need to). Additional note: Microsoft Outlook Express appears in the MBAE log as a protection event so it obviously receives some degree of protection but is it in the profile of 'Browsers'?

Hi Pedro. Nice to hear from you. Hope you are successfully ducking and diving through the virus hazards. In my ignorance, I wondered if legitimate pen testing could be subverted to criminal ends. Behind the barrier of my NAT router, I don't anticipate being the victim of non-ethical pen testing but I am not sure.

Isn't pen testing a legitimate activity? If it is not, then presumably I should be well-advised to enable the relevant new protection. This release works good with Windows XP, 7, 8.1 and 10.

Keep old version installation executables so there is a fall-back position. Uninstall the new and reinstall the old.

Thanks very much. No need. MBAE 1.13.1.164 seems to have settled down and is starting well consistently. Perhaps this is an example of Windows' alleged ability to tune itself. It's nice to have the latest anti-exploit protection. I do allow about a minute following the logon prompt before clicking the button to set everything rolling.

I do not use fast startup with Windows 10. I have yet to notice MBAE failing to start properly. MBAE has a history of uncertain starting on my two XP systems. I can say MBAE 1.12.1.109 started properly every time wheras 1.12.1.90 had the odd hiccup but there is no definite pattern of behaviour. At the moment MBAE 1.13.1.164 seems to be enjoying a purple patch. I have a vague hunch that the use of Agnitum Outpost Firewall Pro 9.3 might affect things but who uses that nowadays apart from me and probably very few others.

Starting MBAE 1.13.1.164 with Windows XP is iffy whereas with MBAE 1.12.1.109 it seems reliable. Windows 7, 8.1 and 10 all seem immune to the issue on my ancient to obsolete (that's the best I can do for recent) hardware. In fact I cannot recall any difficult with Windows 8.1 or 10. Of my PCs, two use Intel Core Duo, two use Intel i3 and my wife has a laptop blessed with Intel i5. All have at leat 4GB of RAM and use SSDs.

Perseverance pays. I tried again with MBAE 1.13.1.164 and just let it settle down without 'startup tweaks'. It feels as if there is some learning by MBAE as the startup difficulties have retreated. My old XP system runs better than it ever previously has. Why is XP deemed unsafe when I live this malware free charmed life? I just do not receive malware attacks or suffer the ill effects. Back to the past and to Wigan in 1948. Joe Egan was in his pomp playing hooker for Wigan at Central Park. How did we manage without MBAE in those halcyon days?

A greaaat place is Bowton and greaaat people in it. There's a photo essay book by photographer Humphrey Spendor about Bolton life in 1937 called 'Worktown People'. I became aware of it when Fred Dibnah showed a few pages from it on TV in about 1995. One of those pages was Page 60 and I jumped out my chair because my maternal gran (born 1890) was in it along with her dad (born 1859) at the Drill Hall in Silverwell Street. She and him used to go shopping in Bolton on Wednesdays. Her brother was a Wigan copper who was on duty at Burnden Park on 9 March 1946. The horrors of that day finished him off and he retired. I like the Lanky twang of Bolton. Lindsey Hoyle will do nicely for me as Speaker. The next time you need a haircut and are in Bolton, seek out Prof. H. Fryer N.H.C.S., self-proclaimed Working Man's Hair Specialist and preventer of allopecia, ringworm, scruff and dandruff. You can find him on Page 61 of Worktown People or perhaps at his laboratories at 72 Gordon Street, Manchester. I don't think he ever used MBAE. Have a look at this: https://www.martinparrfoundation.org/product/worktown-people/ (click the right arrow head three times to see pages 60 and 61) and this https://www.communityarchives.org.uk/content/organisation/bolton-worktown-collection (find enlargeable pic of the learned Professor at work). You can find the album going for around 15quid. Wigan in the early 1950s wasn't much different. Oh to be back on Gidlow Lane and Beech Hill at that time. Fred Dibnah: wonderful man. You've got to like a man who re-created a coalmine in his back yard. R.I.P. Fred. He's been gone 16 years and I miss him more and more. I saw him driving his steamroller towing two caravans on several occasions. On one occasion he had five or six friends crammed onto the roller with him while he was busy holding forth and sinking pints down his throat between Wilmslow and the Manchester Airport tunnel. Drinking and driving laws didn't apply to steam rollers I guess. God bless him.

The beer I drank in Wigan was brewed in Bolton. Magees stopped brewing about 50 years ago. I concede defeat. MBAE 1.12.1.109 starts reliably and Firefox 45.9ESR feels livelier than with MBAE 1.13.1.164. Pass the bleach.

I've tweaked startup a bit. Serves me right for using 18 year-old hardware. Some versions of MBAE start better than others. Version 1.12.1.109 clearly gets out of the starting blocks quicker than 1.13.1.164. It also co-operates with a bat file I use to restart it on the rare occasions that it fails and version 1.13.1.164 is definitely not amenable to that. Sometimes impatience encourages me to logon too quickly. Now then. Whose round is it? Mine's a pint of best disinfectant. I tried the bleach and didn't like it.

If I don't wait until the disk activity light on the front of my 18 year-old PC completely stops flickering before logging onto Windows XP, MBAE can fail to start. MBAE announces this by showing a message box stating that it is taking too long to start and instructing me to restart the system. Would it do any harm if the timer in the next update of MBAE 1.13 is allowed at least another 30 seconds (60 seconds would be even nicer) before timing out? Except for this issue, MBAE 1.13.1.164 works great on XP with its pre-SSE2 AMD Athlon XP 3000+ processor. MBAE 1.12.1.109 seems not to be susceptible to the startup timeout problem. Is there a larger timeout margin in this version?

Is the presentation to the user of the new update procedure a one-off opportunity? If the user is uncertain what to do and effectively declines the update by selecting 'No' in the UAC request, does the MBARW installation ask again?

I often visit the site without signing in. I only sign in when I wish to take part in a discussion. Why is it only occurring with forums.malwarebytes.com? All other sites that I often visit function as usual.

Firefox 45.9ESR is unlikely to have changed behaviour. That version was released three years ago.

It affects Firefox 45.9ESR, 68.7ESR and 75. I don't know about other versions. I use version 68.7ESR is on Windows 7, 8.1 and 10. Version 75 is used on Ubuntu 18.04LTS. I use Firefox 45.9ESR on Windows XP. All the other usual favicons are displayed on the tabs and in the bookmark toolbar. The Malwarebytes favicon shows on Google Chrome and also on a venerable Comodo Dragon 33.1 which lives on my Windows XP system. However, the favicon appears on www.malwarebytes.com using all browsers at my disposal. Why not when browsing forums.malwarebytes.com?