dont_touch_my_buffer

This one had puzzled me for awhile... Install/upgrade Java, with both MBAE and EMET active, failed at around 70% complete and threw the generic 1603 error code. Neither the MBA, nor EMET complained, so, my reaction had been calling Java install routine names. Java would work in the browser; however, the management inferface for Java would not. After about 3-4 updates of Java that resulted in error 1603, I've tried disabling MBAE and EMET and voila, Java installed just fine. Just a heads up for people, who run the same protection and get the 1603 error code...

I did get an email notification after all, no, it wasn't overlooked... The renewal email link is to Cleverbridge and I did update my credit card on file. There was no email confirmation for the MBAE renewal and/or credit card update. On the other hand... The email confirmation has arrived on the date of renewal, when the credit card actually had been charged. Maybe I've overlooked something, but it would've been nice if either the email and/or Cleverbridge website state something about delayed credit card charge and email confirmation. Or, I should've been procastinating as usual...

I'll contact Cleverbridge, but... That advice does not seem right since it is Malwarebytes' license that's being renewed. Shouldn't MB be able to resolve this, instead of having the customer chase after Cleverbridge? It seems that purchasing a new license every year would be a lot simpler than renewing it. I don't recall having any issues with purchasing a new license about a year ego... It's nice that it'll revert to "Free automatically", but there were number of reasons why the premium version had been purchased.

Received the email to renew my premium version, that I've done promptly online. How do I know if it's been a successful renewal? No, I have not received an email confirmation for the renewal. The interface for AE does not show license expiration date, just "MB-AE Premium Running". TIA..

You could add WinPatrol to this trio that will flag new startup programs, just in case something slips by the trio...

In addition to Pedro's comments... It's really getting to the point that protecting a PC is a daily task. Applying all of the updates to apps, AVs and other security products should be on everyone's daily tasks list. Yes, automating the upgrades works most of the times but not always and should be verified. A quick way of verification is Qualys Browser Check, it'll check the versions for the usual "suspects" and alerts you, if update is available. Antivirus can no longer protect the system on its own and as such, augmentation is a must. In addition to the great MBAE, both EMET and WinPatrol should be installed. All three of these protections can be installed as free and their default configurations will probably work in all Windows systems. With all the security programs in place, you have a much better chance of not getting infected by a malware. It's still not 100% protection, but it is pretty good for free. Logging in to Windows, any versions, with Adminstrator level access right will render these security programs pretty much useless. Utilizing a standard user account to logging on would go a long way to help the security programs, quote: Source If that doesn't convice you not to log in to Windows with an admin account, nothing will...

Windows 8.1 64-bit Pro with Bitdefender AV Plus 2016, EMET 5.2 and WinPatrol... Updated MBAE 1.07.1.1015 to 1.08.1.1031 with minor issues. The installation has removed MS Outlook protection, re-added after the installation has completed. It did detect EMET 5.2 and disabled some of the protection in MBAE, re-enabled them after the installation. The AEF, SimExecFlow and ASR disabled in EMET for IE11, Firefox 40.0.3 and Foxit Reader 6.06. All in all, everything is in working order so far, did not notice any changes... PS: I had the same issue with Kaspersky 2016 and MBAE. Kaspersky was getting on my nerves anyway, lots of other issues and it pretty much takes over the system. As such, it's been removed from my systems. Bitdefender is not as intrusive and works well with MBAE and other security programs.

Wow, using GC (Garbage Collection) for malware loading and execution is awesome in a technical sense. I wonder if EMET and/or /MBAE can protect against this buffer manipulation. Thanks for the link Nesivos... Disabling or rather removing "features" that are well known attack vectors certainly will make Edge initially more secure than IE. At least initially...

The 64-bit IE11 with sandbox (Enhanced Protection Mode) had number of vulnerabilities that are continuously patched by MS. For that matter Chrome, with a lot better sandbox than IE11, had number of vulnerabilities as well. While agree that the current time it's not easy to exploit MS Edge, only time will tell if its security will measure up to Microsoft, and in some respect your, expectations...

MBAE does seem to work with Edge: The type of protection it provides is unknown at the moment. The mbae-test app fails on Windows 10: That seems to be related to the missing msvcr100.dll and not to the actual test up. I should've said that the MBAE does run on Windows. Working is another question...

Here's to you, MBAE and don't ever stop

In addition... W10 TP also has MS Office 2016 installed. With the exception of Outlook 2016, the AEF and SimExecFlow, but not ASR, had to be disabled with MBAE protection enabled for MS Office. Please keep in mind that I am using the latest trial version of MBAE that will expire in a week or so...

Yes, I do use both EMET 5.2 and MBAE with W10 version 10166. Firefox does need AEF, SimExecFlow and ASR disabled in EMET; same as in Windows 7 and 8.x. My W10 does not have IE, instead, it has a new browser named Microsoft Edge. I've added this browser to MBAE and it works just fine. An added bonus, there's no conflict with EMET where all 14 mitigations had been enabled. Edge starts up just fine...

After further review... The same issue impacts this forum as well when trying to attach file(s) in the browser with AE version 1.05.1.1016. Adding files from the local drives did not trigger AE block, but trying to add the file from a network drive/share did. Ironically, AE blocked itself when I was trying to attach a file to my posting in this forum. Presumably, attaching files from a network drive would resulted in a block as well at any websites. After updating AE to the latest version AE 1.06.1018, thanks Pedro, AE no longer blocks attaching files in the browser from network drives. I am not certain as to why AE triggered the block, but I miss it already. Preventing the browser to upload files from a network share is a type of security protection, albeit this function isn't really part of AE protection. Maybe it should be... @gonzo... Yeah, I cannot stand "off the cuff" recommendation of the software companies. After switching from Vipre A/V to Kaspersky, I expected more. The early indication is that Kaspersky isn't as flexible as Vipre had been and it also caused issues for QuickBooks sending out invoices via email. Based on my experience with support, I am not even inclined to contact them with the QuickBooks issue. I need QuickBooks, cannot just uninstall it...

The requested logs and reports have privacy/security data that I am reluctant to post in this forum, effectively making it available to all forum members. I did contact Kaspersky that provided the standard "off the cuff' recommendation, quote: The issue can be replicated at Kaspersky tech support website, login required, where AE blocks the file named "kis15.0.2.361en_7220.exe". Please see image attached.... No other website had been displaying this issue; yes, I am careful with internet access... Maybe Kaspersky's tech support site had been hacked and it's spewing out malware. I'd rather remove Kaspersky than Malwarebytes AE...

Is this a false detection, or Kaspersky's support site running malicious scripts in the background? My hope is that this a false detection, but one never knows... TIA...

EMET 5.2 has the same conflicts with MBAE as version 5.1 did, in regards to IE11 and Firefox 36.0.1. As with the previous version, just disable EMET protection for: EAF SimExecOverflow ASROther than that, I did not notice any other conflicts. EMET EAF+ protection has no conflict MBAE, probably because MBAE does not have this buffer protection.

Oh, yes you can make the developers do almost anything, unfortunately, secure code isn't one of them... Thanks for the tip, suggestion had been posted in the appropriate forum...

The MBAM interface has links to the Malwarebytes blogs: While I like these links, there are some permission issues when the link is opened in the browser. On my system, MBAM had been started as admin by a standard user logged on, utilizing the "Run as administrator.." option of Windows 7. Following the Chameleon link in the picture for example will open the default browser that inherits the program's access level. Since the program runs with local admin right, the browser will open with local admin rights without warning. That's a bad idea, even if one trust MBAM links. While the blog website in itself does not have advertisements and certainly/hopefully no malware; however, it does have twitter links. These links open in new browser tab that also have local admin access rights. Link hopping could quickly escalate without the end user realizing that the all the browser tabs have local admin rights. And these links may not be as trustworthy as MBAM sites... On the other hand... If the non-admin account has the default browser open, with standard access right, the MBAM link opens a new tab in this user's browser with standard access rights. Shouldn't MBAM open the blog links in the default browser with standard user access rights only? Or at the very least, shouldn't it warn the end user that the browser will be opened with local admin rights? Yes, I do understand that the end user need to be careful and pay attention; however, this is easy to overlook. Especially when people are using their trusted anti-malware software and they are sort of at ease...

I wasn't asking for removing these links, I like them.... Just make the developer change the user account access level from admin to standard user, when the link is clicked on.

The MBAM scanner interface has links to MBAM blogs: I like these links, but some oddities with the opened links. On my system, MBAM had been started as admin by a standard user logged on, utilizing the "Run as administrator.." option of Windows 7. Following the Chameleon link in the picture for example will open the default browser that inherits the program's access level. Since the program runs with local admin right, the browser will open with local admin rights without warning. That's a bad idea, even if one trust MBAM links. While the blog website in itself does not have advertisements and certainly/hopefully no malware; however, it does have twitter links. These links open in new browser tab that also have local admin access rights. Link hopping could quickly escalate without the end user realizing that the all the browser tabs have local admin rights. And these links may not be as trustworthy as MBAM sites... On the other hand... If the non-admin account has the default browser open, with standard access right, the MBAM link opens a new tab in this user's browser with standard access rights. Shouldn't MBAM open the blog links in the default browser with standard user access rights only? Or at the very least, shouldn't it warn the end user that the browser will be opened with local admin rights? Yes, I do understand that the end user need to be careful and should pay attention; however, this is easy to overlook. Especially when people are using their trusted anti-malware software and they are sort of at ease...

Thanks pbust... Reinstalling over the top worked; now, even the right click works as well...

I've ran MBA evaluation for ten days and purchased a premium license. While the PC does have EMET 5.1, layered protection is good even if it initially breaks some of the apps. My question is not about that, rather about the grayed out interface under the "Shields" tab that showed up after adding the license number. Capturing the screen shows this for the tab: It doesn't make a difference, if I am logged in as admin or not. I could just remove/reinstall MBAE to fix this, but I don't know if it'll affect the licenses. Yes, the license is valid for three PCs, but it has been added to three PCs already. Short of reinstalling, is there anything else that can be done to enable shield changes? TIA...

My PC has MBAE and EMET 5.1 running on Windows 7 Professional SP1, 64-bit OS . Initially, installing MBAE broke both IE11 and Firefox 35.0 and had to make some configuration changes in EMET; this is the current configuration: So far, other programs had not experience any issues, but time will tell...