.jpg.9677e5689bab176f751e57ec4ce6e9a4.jpg)
Rsullinger
-
Posts
533 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Rsullinger
-
-
Hello IdefixPC,
Do you mind sending me a PM with the license information that was still working? I am curious as to why that is and I want to take a look at it.
Thank you,
-
Hello Fortsand,
You are using the free version correct? I want to have you collect me the logs by following the instructions found here:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
-
Hello Hydropepon,
I want to have you grab the logs since you are still experiencing this issue. Please use these instructions to collect them:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
-
Hello John,
The issue for this particular issue will be fixed in an upcoming build.
-
Hello All,
We just posted a new build on the sticky. Can you try that one and let us know if the issue still persists?
-
Hello All,
We just posted a new build on the sticky. Can you try that one and let us know if the issue still persists?
-
Hello IdefixPC,
The easiest way to remove the license to put in the new one is to do a clean re-install with this tool located here:
https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/
The ID and Key is stored in the registry so it may not have been completely removed when you did that initial un-install. Using this tool will make sure all files and registries are removed so you can do a clean re-install.
-
Hello DBADoug,
This looks like a conflict with some program on the computer. This looks eerily similar to an issue in the past with Comodo. Can you go to this link and collect the logs for FRST:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
I want to confirm if there is any known conflicts. You can also check them out by looking at this link:
https://forums.malwarebytes.org/topic/151933-known-issues-conflicts/
Also, are you able to reproduce this alert or was it a one time thing during the startup? I may need to have you collect another set of logs for more troubleshooting but we will need to reproduce the issue.
-
Hello KeZa,
As far as I am aware it is not because it is an XP machine. All of the testing and information I have been giving you has been from me testing on my xp sp3 machine that I am using. It even works on a 64 bit version of it which is not something our anti-malware has on it. I am reaching out to a member of our team to look into this further based on the logs you have provided.
-
Hello KeZa,
I do remember this is XP, but I may have forgotten how how cmd launches with xp. But you are correct, the logs you collected are just errors I would see normally that would not really explain the issue. From the logs you sent prior as well, I see that there is potentially many different drivers and services loaded at any given time. As a test I want to have you try to disable all the services and startup items that you have set to start to see if it allows the program to load. Press the windows key + R like before and type in msconfig and hit enter. In there, go to the startup entries and check the box for hide all Microsoft services. Once you do that, uncheck all but the Malwarebytes anti-exploit service. Then go to the startup and disable anything there as well.
Now I know security is a concern for you as well, so if you want to disconnect from the internet as well while doing this test that will be ok. Mainly just want to have you reboot after you do this, test to see if you can launch the executable for anti-exploit and see if it works.
-
Hello Rubinontheroad,
I want to have you collect some logs from the computer just to make sure there is no issues:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
A long with that, I want to have you check to see if that file exists. It should be in this location: C:\Windows\System32
-
Hello KeZa,
Based on the screenshot that was sent, it doesn't look like CMD was right clicked on and ran as admin as mentioned in this step:
" Right-click Command prompt, and then click Run as administrator. "
It should be running the command line window from C:\Windows instead. Can you try that again and see if it gives the same message? I am trying to eliminate a possible authentication issue as well.
As for the device attached to the sytem is not working, that is generic messaging from the event ID you posted before. To get more information from this, I would need to see the eventveiwer log that relates to that message. To do this:
1. On the keyboard, press the Windows key + R to open the Run menu.
2. In this menu, type in eventvwr. This will open up the Event viewer.
3. From here, right click on the application object and click on export list.... Save that log to a place you can easily attach it here.
4. Do the same for the System events as well and send them to me.
-
Hello Axe0
That is an interesting fix. What operating system are you using? I wonder if this has to do with windows updates or something similar like what we sometimes see with windows 10.
-
Hello KeZa,
EMET shouldn't be causing this issue as the service is not installing correctly. However, I do want to mention that you won't be able to test anti-exploit very easily with EMET installed. You will get a lot of false alerts due to emet and anti-exploits protection conflicting. So once we get anti-exploit fixed, you may have to remove EMET if you want to properly test the product.
As for the issue, I want to have you run the install command in command line to see if this will install for you. Let me know if you do not understand any of my instructions.
-
Click Start, click All Programs, and then click Accessories.
-
Right-click Command prompt, and then click Run as administrator.
-
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
-
Once it launches, put in this command: cd C:\Program Files\Malwarebytes Anti-Exploit
-
That should change it to that directory. Once you do that run the command: mbae-svc /install
Take a screenshot of the output it gives you there so I can see what it tells you.
-
-
Hello Axe0,
It looks like this is due to a new update of anti-exploit being applied on the computer. A reboot is sometimes needed for the new anti-exploit service to be applied to the program. Can you try rebooting the computer again and see if that fixes the issue? If it does not, then you will just need to do a clean re-install to the new version and that should fix it for you. You can use the clean removal tool from this link to make sure everything is removed:
https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/
Then, reboot the computer and re-install the latest version from this link:
https://downloads.malwarebytes.org/file/mbae
-
Hello Hake,
Do you mind collecting the logs for this? You can use this link for instructions on grabbing the logs:
-
Hello SvenBNE!
I want to have you check some of the files that I am seeing in this FRST log. Do you mind if I create a ticket so I can ask you to run some instructions? I want to keep any information that may be sensitive out side of public view since this is a business computer. If you are ok with this, do you mind sending me a PM with your e-mail so I can create that ticket?
-
Hello JCV!
It should be showing that all the time. Anti-exploit is a real-time protection program and the 'running' means that the real-time protection is enabled. If you open it up and click the 'stop protection' button, you will see the running change to stopped. So as long as you are activated and you see the 'running' you are all set with anti-exploit!
-
Hello Marka2k!
A program opening up wscript is a common way that exploit based attacks are done which is why we are blocking that type of attack. So if you are not sure where it is coming from then it may be a real exploit. However, I want to have you collect me the logs so I can see what is triggering this:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
Thank you,
-
No problem Ian! Let us know if you have any other issues.
-
Hello Ian,
This seems to be an issue with Trusteer rapport (Trusteer endpoint protection). I noticed you have it on your computer as well which would explain the block. We do have a known conflict for this so all you have to do is make some minor changes in anti-exploit to make them work side by side.
"
- Trusteer Rapport (maybe limited to older versions of Trusteeer) may conflict with MBAE. As a workaround simply disable the ROP and malicious return address protections in MBAE's advanced settings to make Trusteer work alongside MBAE.
"
So you will just open up the program and go to the settings tab> Advanced settings button> Advanced Memory Protection and disable the 'Malicious return address protection' for chrome.
Do the same but go to the OS bypass protection and disable the chrome browser checkbox for both of the ROP gadget detection options.
After you do that, it should work right away. However, you may need a reboot.
-
Hello Ianpps!
Can you grab the files mentioned in this posts:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/
Makes sure you grab the FRST logs in number 5. I want to check for conflicts and see why this is occurring!
-
8 hours ago, AndyPP said:
With that answered, to clarify my second question - is about when Outlook views/launches an attached Office document, will Anti-Exploit provide protection?
The moment this occurs and word opens, anti-exploit will shield word and will harden it from exploits. Same can be said if it opens a pdf as well. If you click on it once in outlook to 'preview' the file, it will not protect it but outlook opens it up as read only view so no macro's would be ran from it anyways. Anti-exploit looks for the moment Word.exe or any other of the .exe's open before it starts protecting it. That is why when you create a custom shield it asks for the .exe of the program you are trying to protect.
edit: I kept using office instead of word making it confusing.
-
Hello Isommerville and welcome to the forums.
That message just means that the protection for anti-exploit didn't start. This can sometimes occur with the update of a new version of the software. If you have not done so already, I would try rebooting the computer to see if the issue comes up again. If it does, you will want to do a re-install of the product. To do this, remove the program from programs and features and use our clean tool found here to clean up any leftover entries:
https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/
Once you do that, try to install the latest version from this link:
https://forums.malwarebytes.org/topic/181797-latest-mbae-corporate-build/
After you do that, you should be able to activate the product and should not see that message anymore.
1175 causing Windows 10 to hang
in Anti-Exploit Beta
Posted
Hey John,
Does this happen every time that you rebooted the computer that this issue occurred? If so, I would like to see the logs after the issue happened. You can post them in the thread. Here are the instructions just in case anyone else has the issue:
https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/