Rsullinger

Hello Flydonna, The anti-exploit test tool will work if you are using the free version of the program. So if the protection is not stopping that test tool, it may be best to do a clean re-install. Remove the program from programs and features and use our clean tool found here: https://forums.malwarebytes.org/topic/177164-how-to-remove-mbae-leftovers-after-uninstall/ Once you do that, try to install the latest version from this link: https://downloads.malwarebytes.org/file/mbae Then, test it again. Let me know if it still does not work for you after that and we can look into it further.

Hello Hsengler, I am going to send you a private message with some steps I want to have you run to diagnose this further.

Hello Utomo, To bounce off of what Dale mentioned, I want to let you know the reasoning as why we do not protect e-mail clients by default. Our developer has mentioned this in a prior thread about this: "Basically the list of applications shielded by default from factory is a direct relation with applications that we've seen targeted in the wild with exploits. In some rare cases we've added applications by popular demand (some weird browser vendors, LibreOffice, etc.) and not because we've seen exploits in the wild for them. We could add some email clients in the future, but that would require a lot of testing on our part from QA perspective and we've just simply been focused on other things (adding new techniques, fixing bugs, etc.). But for the future we could probably add some of the more popular ones." However, like Dale mentioned, since you are on the paid version of the product you can add a shield for these if you want to give them added protection.

Hey John, I am going to be sending you a PM with next steps that we want to have you run.

Hello Hsengler, No problem. Do you mind collecting the logs noted in this posts: https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/ Those will be for the program so I can take a closer look as to why these are being blocked.

Hello John, Do you mind getting us the logs from the new version as well? I want to get this looked into on our side.

Hello Utomo, When did you receive that message? Was that when you were trying to put shields on the programs or changing any settings?

Hello REGITDept, There was no bug fixes or features in the new build. The new build was created and released due to the new anniversary update from Microsoft which required the program to use counter-signed digital certificates from Microsoft. So that is all that is different from that build and the last.

Hello Diotallevi, Can you check to see if there is any background processes of Nitro running when you are testing this? This sounds like a common thing that normally users of google chrome runs into. Because it keeps a process of google chrome running in the background, we are still protecting it. So even though a new window is opened, it won't show the alert that it is being protected.

Hello Ky331, The double release on that date was because we re-created the build using counter-signed digital certificates from Microsoft in order to work with the new anniversary update they just put out. That version of 1.08 has the same features and fixes as the prior build, but just with that counter-signed certificate. The 1.09 build will be going through more builds of public beta testing. So if you want to test the new builds and give any feedback you can download the latest versions from this area in the forum: https://forums.malwarebytes.org/topic/184939-mbae-109-preview/

Hello John A, Please try the latest version of anti-exploit here: https://malwarebytes.box.com/s/2xgny7v45pgcv3ubu3vwqna22vk1r5m5 That should fix the issue so let me know if it does or not.

Hello Mknopsnider, There is a way to push this through the management console. If you go into the policy pane and open up the policy your clients are on, you should see the anti-exploit tab. The options will be there. I am also attaching a screenshot of the settings you would want to set to make it silent if you do not want them seeing anything.

Hello Powella and welcome to the forums! Without getting to in-depth into it, when you launch a program that mbae protects, we inject into the program to protect them from exploit based attacks. While we are protecting it, we will only take action when something falls under one of our protection layers as being malicious. If it does, we will block it at that time. It is not like SEP's real-time protection from what I have seen. We also have customers running SEP and anti-exploit working side by side. So I would continue to test and if you run into any issues, please let us know!

Hey Capyj, No problem! Let us know if you have any other issues.

Hello BeachGuy and all, One thing to check if you have this issue as well is Trusteer rapport. It is part of our known conflicts. If you do have it and are running into this issue, you can use the instructions from our known conflicts: https://forums.malwarebytes.org/topic/135127-known-issues-conflicts/ Trusteer Rapport (maybe limited to older versions of Trusteeer) may conflict with MBAE. As a workaround simply disable the ROP and malicious return address protections in MBAE's advanced settings to make Trusteer work alongside MBAE.

Hello Beachguy, I am going to send you a PM as well to get me more information as well. ROP blocks can be different depending on what we are triggering on.

Hey Capyj, Thank you for those logs. I am going to be sending you a PM with instructions on a log I want to have you grab to fix this issue.

Hello CapyJ! I want to have you gather some information so we can look into this further. I want you to follow the instructions in this posts to gather the needed logs: https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/ Thank you,

Hello Jeemag, Do you mind attaching the two FRST logs ( FRST.txt and Addition.txt ) as well? We want to see if anything is interfering with the program to cause this issue.

Hey Darryl, Do you mind sending me a PM with the e-mail you used to purchase and the best e-mail to contact you with? I want to get some information so I can look into this issue for you!

Hello Gaia Technologies! Do you mind sending me a PM with the e-mail you used for purchasing the product? I want to look it up on my side and see if I can get it activated. If I can, I can provide you with something to help activate that computer and the other 10. Ron S

Hello ludolf, You are correct. If you only have the anti-exploit purchased, then the anti-malware database definition update does not apply to you. In case anyone in the future has this issue as well, you can find the area to disable this in the e-mail alerts by opening up the management console and going to the admin pane>Email notifications Tab> change button> notifications tab. The option for it is 'signature database on server out dated'. Simply remove that checkbox and you won't be alerted by that in the future.

Hello esherret, 1.09 is available for testing with the new setting Pedro mentioned in this posts. You can find it here: https://malwarebytes.box.com/s/y506ua4jdgrds490kg6g6k3qc76qb4y3 The setting will be under advanced settings>Java> Allow insecure java Operation on internal ranges. If you test it and it fixes the issue, please let us know so we can get some feedback on this! Thank you,

Hello Swood, Normally if you see an outgoing block in a browser it is usually 1 of 2 scenario. Either it is an infection or a blocked connection that the user is making (either ad or bad page). If you are noticing this happen all the time and your users are not reporting their sites are being blocked, then it may be an infection. I would like to have you grab me some logs to take a closer look at this. If you would like to this, send me a PM with your e-mail and I will create a support case to look into this further for you. -Ron

Hello nclark, Welcome to the forums! We want to have you collect some logs to look into this issue further. If possible, can you send me a pm or reach out to corporate-support@malwarebytes.org and reference this post so we can assist further? Ron S