Jump to content

puff_m_d

Honorary Members
  • Posts

    141
  • Joined

  • Last visited

Everything posted by puff_m_d

  1. Hello Nathan, I can verify that the issue is fixed... Thanks!
  2. Hello, I see you have the NOD32 version of ekrn.exe. If you need it, attached you will find the ESS version of ekrn.exe. I will get the program data files for MBARW later today when I reinstall MBARW. Please let me know if you still need them. (I realize that fixing the false positive for NOD32 may have also fixed it for ESS but wanted to be sure you do not still need more information from me) ekrn.7z
  3. Hello, Just to add... I get the same false positive except with ESET Smart Security 9.0.349.14 (64-bit) on a Windows 10 Pro 64-bit Version 1511 (OS Build 10586.63). C:\Program Files\ESET\ESET Smart Security\ekrn.exeMBARW tried to quarantine the file but the ESS self-protection module blocked it as the file did not show up in the MBARW quarantine. The MBARW service started using about 25 % CPU. The only way to stop this was to add the ESS file to the MBARW exclusion list and reboot. After this, the MBARW CPU usage went back down. On a side note: On a reboot, MBARW appears both in the system tray and minimized to the task bar. I have to open MBARW from the task bar and then close the window to have it appear only in the system tray. I would think that the desired action here would be for MBARW to start minimized to the system tray only, not also to the task bar. For the time being, I have removed the MBARW beta as with this first release there seems to be to many false positive/quarantine issues. I will install the next build when it is released to test further. If you need any further information to help you troubleshoot this issue, please let me know and I will install this version again if needed. MBARW looks very promising but it is a bit early in the beta stage to run it full time on a production machine.
  4. Hello Pedro, I can confirm that the issue with Chrome 64 bit on Windows 10 64 bit is indeed now fixed on my system. Kudos to both you and Kaine!
  5. Hello, I just wanted to verify and add that I am having the the exact same issue as stated by the OP with MBAE 1.08.1.1185: The initial tab when opening Chrome just stays in the always opening state, with the Kill/Wait window popping up eventually, Clicking "Kill" does nothing. I can open other tabs but they will not let you navigate to any web pages, basically the newly opened tabs will do nothing. The original tab never fully loads. I am on the most recent version of both Windows 10 Pro 64 bit (Version 1511 - OS Build 10586.36) and Chrome Dev Channel 64 bit (49.0.2612.0 dev-m (64-bit)). The only other security software that is running is ESET Smart Security 9.0.349.14. I have reverted back to the stable 1.08.1.1045 version for the time being as it has no issues.
  6. Hello bluenorse00, Maybe the thread Frequently Asked Questions, specifically # 24 - How do I protect programs running within Sandboxie?, will answer your questions... There is also the thread - Is there a way to make SBIE x4 and MBAE compatible, which may provide you with answers. HTH...
  7. Hello Pedro, No, I did not. The issue just reappeared after a week of working fine. The reboot fixed the issue for whatever reason without disabling the RET-ROP techniques that you mentioned. Since the Windows 1511 update, I have had this issue twice and both times it seems a reboot fixes it without disabling those techniques.
  8. Hello Pedro, The issue appeared out of the blue again today. When it happened, I decided to reboot my system to see if that had any effect. After the reboot, the issue was gone and all was working as it should. I do not know if this helps you but thought I would mention it just in case.
  9. Hello Pedro, Thanks for the reply. If I encounter these issues again, I will let you know. All has been problem free for the last 2 days.
  10. Hello Pedro, Update: The issues I reported persisted for 3 days, however, upon booting my system this morning, all is now working as previously. I can launch all three mentioned browsers successfully without any issues. The only things that have been done on the affected systems was running disk cleanup to remove the ~ 14 GB of files related to installing the 1511 update, doing a defrag, and then making an image (backup) of the new system. The issues have just disappeared and all is once again working well. I have no clue as to what has changed and why the issues no longer exist. I see no reason to create and send you the logs from FRST but if you would still like them even tho the issue is fixed, I can still create and send them. I have updated software and done a few reboots this morning and the issues have not returned, so you may close this thread as solved. Thanks again for your help.
  11. Hello Pedro, Thanks for the prompt reply... I will get the FRST logs to you sometime over the weekend (probably by attaching to a PM with reference to this thread). I just finished getting my systems updated to the new Windows 10 build but still have to optimize the systems and create new system image backups before I do anything else. As soon as I finish those tasks, I will get those logs created and sent to you.
  12. Hello, I just updated to Windows 10 Pro 64 bit Version 1511 (OS Build 10586.3) and cannot launch any browser. When launching Chrome, I get the following message: When launching Edge, I get the following message: When launching IE11, I do not get any message from MBAE, but IE11 will not launch. The only thing that was changed on my system was the OS upgrade. All was working fine with the previous Windows version. I did try uninstalling MBAE and deleting the program data folder, followed by a reboot and a fresh install of MBAE but the issues remain. Attached you will find my MBAE logs. Thanks in advance for your help in investigating these issues... If you need any other information, please ask and I will supply it. Malwarebytes Anti-Exploit.7z
  13. Hello tony321, The last beta version 1.08.1.1044 is the same as stable released version 1.08.1.1044. If you have this version installed, there is no need to update. HTH...
  14. Thanks Pedro... It seems that fixed it. I wonder why I do not get an alert for this as it seems that others that are having issues with the ROP-RET mitigation are getting an alert with other applications. It must be something specific with ClipMate.
  15. Hello Pedro, I have a program that I use called ClipMate that I have always shielded with the "MS Office" template since custom shields have been available in MBAE. ClipMate has always ran fine being shielded by MBAE until version 1.08. ClipMate hangs when launching and consumes 60 % to 95 % CPU and never fully launches. I have to use task manager to manually kill the ClipMate process. I have always used the "MS Office" template with ClipMate and have also now tried the "Other" template with the same results. For the time being I have been forced to disable the shield for ClipMate as I cannot get it to run with MBAE 1.08. I am on a fully updated/patched Windows 10 Pro 64 bit system. If you need my MBAE logs just let me know and I will PM them to you. Thanks.
  16. Hello dmass2, Your previous post was answered... https://forums.malwarebytes.org/index.php?/topic/170902-chrome-not-showing-balloonlog-as-protected/page-3#entry982073 See post # 56 and # 57 below yours...
  17. Hello x0red, Welcome to the Malwarebytes Forums! Pedro will more than likely need you to follow the instructions in this thread: [README FIRST] and post back here the logs that are requested. HTH...
  18. Thanks Pedro!!! I thought that was the case from previous posts but wanted to clarify...
  19. Hello Pedro, A quick question about the changing of the default setting for "Disable Internet Explorer VB Scripting": Is that the only change from 1010 to 1011? Is this considered a temporary fix for those that have experienced issues or is this going to be permanent default setting now? I am wondering if you have plans to fine tune this setting and re-enable it again in the future. I ask for those that have not had any issues with this setting being enabled and assume if we have had no issues with it that it would be good to enable this setting. Thanks ...
  20. Hello Pedro, Just to add: I have no automatic optimizations or temp file cleaning done on my system, so that is not an issue... Also, this was occurring in all of the experimental 1.07 releases as well as the current 1.07 release. Edit: You posted an answer while I was making my post ...
  21. Hello Pedro, I get the same behavior as dprout69 with the logs tab being cleared on every boot/reboot (Windows 8.1 Pro 64 bit system). It also happens after a fresh install. The data seems to be retained in mbae-report.dat, however it is hard to verify positively as the file does not view in notepad correctly but I can see enough of the data to believe the info is being retained in the file itself, just not in the logs tab.
  22. Hello Pedro, Thanks for the reply. That explains it as I had quit using Chrome for a while and just recently starting using it again. That explains why I had not noticed the difference earlier...
  23. Hello Pedro, Thanks for your reply... I was just confused as at one point in previous MBAE versions the mbae64.dll was being injected into all chrome.exe processes and at some point that behaviour changed. I just wanted to clarify that Chrome and all of its processes/add-ons/plug-ins were still being fully protected and no bug or issue had appeared. Thanks...
  24. Hello Pedro, Just some extra information "FYI"... I just did the 17 optional Windows updates and a new version of Chrome (45.0.2431.0 dev-m (64-bit)) was available and now installed also. I am still seeing the same thing in regards to the injection of mbae64.dll into the chrome processes. I have, however noticed a pattern: the parent chrome process and the first child process always has mbae64.dll injected but all of the chrome child processes after the first do not (so no matter how many chrome.exe are running, only two have mbae64.dll injected). I do not know if this helps you any but it might...
  25. Hello Pedro, When I launch Chrome (Version 45.0.2427.7 dev-m (64-bit)) with the latest MBAE experimental build, I get both the notification traybar tooltip and a corresponding entry in the logs showing Chrome is protected as expected. However, when I manually check each of the chrome.exe for the mbae64.dll, I do not always find it present. The parent chrome.exe shows the injected mbae64.dll but of the six (6) children chrome.exe, only one of the six has the mbae64.dll injected. I had not noticed this behavior until these experimental MBAE builds so here is my question: Should not all of the chrome.exe have the injected mbae64.dll present and does this mean that Chrome is not being fully protected? I am on a fully updated Windows 8.1 Pro 64 bit system with no other security software except for ESET Smart Security 9.0.117.0 Beta. MBAE logs are attached if they are needed... Malwarebytes Anti-Exploit.7z
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.