• Content count

  • Joined

  • Last visited


About Rsullinger

  • Rank

Recent Profile Visitors

5,683 profile views
  1. Hello Texgal, Can you please collect the logs found here and attach them to this thread: I should be able to use those to see what is happening. Thank you!
  2. Hey, sorry for the delay. Here is the link for the latest mbmc: In the mean time, see if you can change the setting on the user side (as long as you are an admin you should be able to change it) and see if it works. I would hate to have you go through all of that work for it to not ultimately fix it.
  3. Thank you for the logs! So I reviewed it and it may be due to a setting we have that causes cmd to not be ran if Java calls it. Sometimes infections use this vector so we have that setting to block it on by default. However, you can disable this setting if you know for sure this script is good. To do this, open up the mbae UI on the users machines (or go into the mbae tab in the policy if you are using mbmc) and go to the settings tab. Click on the advanced settings button and go to the java protection tab. Disable that first option for 'prevent web-based java command line' and test to see if it works. If you are pushing it from the console, it may take a bit to be pushed down to the client.
  4. Hey MLAP, Exclusions are usually only done if there is an md5 of the file that can be excluded. I am not 100% sure why that block is occurring so I will need to see the full logs for the product. Do you mind collecting the logs from the instruction here: You can send me the data in a PM if you do not wish to post it in the forum.
  5. Heap Memory Blocked

    Hey Sheend111, No problem! It may be trying to call something that could have been malicious. If you notice anything else like that, feel free to reach out and I can confirm what is happening!
  6. Heap Memory Blocked

    Hey Sheend111, So like i thought, that application is not protected normally so I think it was just a false positive on our side. If you don't know how you triggered it then it may have just been something was trying to launch it and we monitored it at that point. Unfortunately, it looks like the logs over wrote the information about what happened during that time so I can't check. If it happens again, can you try collecting those logs again? I don't think it will happen based on what I was able to see in the logs. However, since I am not sure what triggered it, It is is hard to say for certain.
  7. MBAE Startup on Win XP 32bit SP3

    Hey Scut1, Thank you for the logs. It does look like it is hooking a bit abnormally. To be on the safe side, can you run the clean tool found here: and then re-install using this link: That should resolve the issues I am seeing.
  8. MBAE Startup on Win XP 32bit SP3

    Hey Scut1, That does not sound right. While there is way to hide the GUI, mbae.exe should still be running. Do you mind collecting the logs from here so I can confirm there is no issue with the downgrade:
  9. Heap Memory Blocked

    Hey Sheend111, Do you mind collecting the logs from this article: That block is a bit strange since it looks like that Jriver application is the process getting blocked. I want exactly it is getting blocked for in the logs.
  10. Firefox and Chrome Issue

    Hey Iam-Mike, I want to assist further with the ROP block issue you are having in chrome/firefox. I am going to shoot you a PM to collect some additional information and get this fixed!
  11. MBAE and MBAR: update frequency? MBAR filename?

    Hey Slack, In the case of mbae 1.11, the build that is posted on the forum is a build that is updated more frequently then what we push out through automatic updates. These usually include 1 or 2 fixes that we are putting in the forum to test before deploying it out. We will push it out through automatic update at a later time and it will most likely be another build number down the line. For ARW, the build that you have put are functionally the same. as it is the official release version. The numbers after that are our CU updates which do get pushed out automatically when we release them. It is not like with mbae where it is a whole new version, those are updates to our software that can be served without you needing to install a new version. So if you are seeing one that is behind, it may be it haven't reached out and made connection to our server yet to get that update.
  12. Hey Craig Leach, I am going to send you a PM with a test build that should fix this issue. I want to get some feedback if it fixes it. You should be seeing it shortly.
  13. Anti-Exploit not starting

    Hey StuartWake, No problem, I assumed that may have been the case. I am going to have you collect one more log for me so I can send this to the team for more informaiton. You can send me these logs in a PM if you want since it does give information like installed programs and such: 1: Please download FRST from the link below and save it to your desktop: FRST 32-bit version: FRST 64-bit version: 2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears. 3: Click the Scan button 4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
  14. Anti-Exploit not starting

    Hey StuartWake, It seems like the service is failing to install. All the other files looks to have swapped correctly, just the install on that service is not happening. On the installations you attempted, did you use the 1.10 version directly or try to upgrade from the prior version? Use this link if you have not been using the 1.10 directly:
  15. Anti-Exploit not starting

    Hey Stuartwake, Sometimes this can occur if the files we install for the update do not swap over correctly. Do you mind zipping up the C:\ProgramFiles(x86) directory of anti-exploit so I can see if any of the files failed to swap? Thank you,