sman

Actually it wasn't a multi-upgrade, since on boot-up found mbae.exe only riunning (no icon in systray, no run of mbae64,exe, mbae-svc.exe).. So killed mbae.exe and went for over the top to go back to 1043, during installation was alerted abt incomplete prev. activity and for RESTARTing windows (akin to alert for multi-grade in same session), which was really puzzling and did the re-start of windows, which surprisingly brought up 1044 running.. Don't know what caused the hiccup? Must say, after this 1044 upgrade, icon disapperaing from systray, protection logs/alerts skipping instances r on the rise and a bit of concern.

There seems to be problem with 1044.. Services did not start in an earlier boot and after several unsucessful re-boot, tried again the 1043 over the top, which alerted for a restart, which came up with 1044 running again.. Something strange..

No help.. Ignore

Here, this may help .. http://www.tenforums.com/tutorials/5662-notification-area-icons-reset-windows-10-a.html

Notifications is unique to Win 10 and I have many uninstalled apps still showing/listed in Notification setting.. So, just relax..

Struggle is an understatement to 1044.. Many over the tops, forced reboots, uninstall/reinstall, msconfig, restart, fine tuning of AV all to no effect.. When giving up and tried to go back for 1043 over the top, install gave error for a forced restart and this finally settled it.. Unsure, whether today's Win 10 update, just after 1044 was setup, has anything to do with the Struggle to 1044.. However other problems remain viz., disapperaing UI at times (only reboot bringing it back), skipping protection alerts/logs (though it's ok in Process explorer), Teamviewer (teamviewer.exe) though shielded it's service at sartup Teamviwer_service is not covered (undecided whether need a separate shield for this too)..

Enable EPM in IE (turned off by default by Microsoft), "Protected Mode" in Adobe Reader and enhance exploit protection.

Concluding msg's with Quarri : - Quote It's not necessarily that they can't co-exist on the same system. It's just that MBAE is protecting the entire system, while Quarri will cut out it's own space on the system and protect only that space and what's done inside it. No other processes are allowed inside, including MBAE, unless allowed in the Quarri policy that can be tuned within the Quarri Management console. Tuning the policy, however, is not a feature offered to MyPOQ users. As far as what security product to use (for something like your online banking session), I would highly recommend Quarri as we provide a vast number of protections from data leakage. Regards, Eric Wells Quarri Technologies ----- Hello Eric Wells, As any user, I only understand that it is the question of whether IE requires Quarri & MBAE for exploit protection (prior to release of patches against vulnerabilities).. The question of conflicts in functionality may also warrant turning off the functionality that conflict (probably by Quarri) if they r to work alongside.. MBAE will anyhow be protecting/shielding other apps in its cover against exploits and is only prevented to cover IE by Quarri, So, it may go beyond white listing and if the IE session is under robust protection with Quarri in action, MBAE's protection may not be required. Pl. correct me if I'm wrong. Thanks.. -------------- That sounds correct. Is there anything else I can help you with? Would you like to be put in touch with a sales rep? Please let me know if this is resolved and we can close this support ticket. Regards, Eric Wells Quarri Technologies ---------- Thank you Eric Wells.. I think we have come to conclusions on the aspects of interest and may well may be treated as final & closed. Thanks once again. -------------- - Unquote

Fine with 1043 over the top..

The ROP gadget block alert keeps cropping (from the time of TRusteer installation), whenever IE11 is started and Home page opens up, nothing serios but casusing closing and recovery of the page. If there is anything else, will let know..

Fine with 1040 ober the top..

Quarri has replied to my further queries, - Quote To answer your follow up questions: 1. Yes, Quarri prevents from ANY attempt to inject into our space, regardless of whether it's from a legitimate source or not. We can allow processes into our sandbox via a "whitelisting" method built into the management of the program as well. This can be accomplished via several different methods. 2. We don't protect system software outside the sandboxed session. However, our keylogger defense does extend out of our protected session. We do have exploit mitigation within our protected space, but how it compares to EMET I am unsure of. However, we do a very good job at blocking 0days. 3. The only software that we actually protect are Microsoft Office products and Adobe Reader. Regards, Eric Wells Quarri Technologies Senior Client Services Engineer - Unquote On this, my questions to Quarri were, - Quote 1. Now, "Protect any attempt to inject into process space", does this mean that IE will be protected from all forms of exploit attempts, not only running process but also from any change to its executable associated files in storage? 2. Does Quarri have in-built EMET or other exploit mitigation functionality to protect process (software) against vulnerabilities? 3. What happens if other apps . programs are called during the session (say opening some mail attachment say word/excel doc, pdf, media files etc.). Are these processess also protected? - Unquote So, with Quarri also having exploit mitigation functionality, it would be conflicting with MBAE working.. So, probably, for online banking and related activity Quarri may be suited for with it's protection features. Tks..

The question is, whether MBAE & Quarri are doing the same funcrion in protecting IE from exploits, when Quarri says it will prevent any attempt to inject into the process space ie IE process? Pl. confirm..

This is the reply from Quarri.. - Quote Let me answer your questions below: Q: My problem is when IE11 launches as Protected session with Quarri Agent, MBAE is prevented from protecting the IE11 Browser against exploit threats, (which it does in normal IE11 run).. A: Quarri actively sandboxes an encrypted IE11 session and protects that session from anything attempting to inject into our process space, or even debugging it. If anything were to enter our process space, the protected browser would be forced to terminate and restart the session to a new clean session. Q: Now, is it possible to include some white list for MBAE protection cover also in Quarri Protected browser session? A: Yes, if you purchase our product you obtain the ability to define "policies" for running Quarri that allow you to whitelist software, and includes many other security controls/options. Hopefully this answers your questions. Let me know if you need any further assistance. Regards, Eric Wells Quarri Technologies Senior Client Services Engineer - Unquote Any views, please..

I have written to Quarri for white listing and allowing of MBAE protection and waiting for the reply.. Meanwhile, I checked what happens if IE is already running and Quarri Agent is started. It is found that the Quarri Agent immediately senses the MBAE injection and pops a warning abt presence of MBAE injection and terminates. It seems, it is the Enforcerx64.exe injection into IE by Quarri, which works similar to MBAE and protects the processess from any malicious code injection. It shd also be noted that a Quarri agent add-on is also in place in IE during Quarri run.. But whether the combo of Enforcerx64.exe and Quarri browser add-on, will protect the Browser from all exploit threats like MBAE is not known. On this, there is pdf article at https://www.quarri.com/files/partners/Quarri_POQ_Technical_WP.pdfwhere in Page 10 under Browser Process Integrity , it is mentioned abt. code injection into Browser process and states this as a malware attack vector and need for preventing any code injection. Now, Quarri's reply can only shed further light on it's working/protection and looking forward to their response.. For your views, please.. Tks..

Yes. I fully agree with you on the unique exclusive functioning of Quarri Agent, not allowing MBAE to cover IE. Normally when MBAE sees any apps to be covered by it running, on launch it immediately starts covering/protecting those apps.. Here, even though IE is running, it is unable to cover it, because of Quarri.. Thanks pbust, I will try to check with Quarri, if there is any way out..

Yes. once the protected browser session is closed and you launch IE normally, it is protected by MBAE (with both mbae.dll & mbae64.dll injections).. This Quarri MyPOQ is a free service and just needs a registration and then subsequently login for launching it for running the protected browser session, launching the local IE browser with Quarri Agent add-on.. Even session run is limited (say 5-10 mts session only, since login with Quarri site server) but can be run any number of times (only session time is limited).. I think will get better idea with a actual session run , registering with Quarri.com .. MRG effitas has given a good report of Quarri for online banking security usage.. Hope this helps..

No. neither mbae.dll nor mbae64.dll .. No MBAE presence at all.. IE is un-protected.. Hope this helps..

Confirming again.. IExplorer.exe is running and shown by Process explorer.. Tks..

Thanks @pbust for the reply.. One correction, one Quarri Agent add-on is running in IE and setting up the protected/secure environment. Yes. IE process run is shown by Process explorer (but no MBAE dll injection) , I tried to add shield for Enforcerx64.exe (Quarri process) but though there was UI alert no dll injection found in Process explorer. I then tried to add shield for "Quarri Launch Helper.exe" which is covered by MBAE and found for mbae64.dll in Process explorer. The bottom line is, IE is not covered by MBAE.. Hope this helps..

Further on MyPOQ, once logged into Quarri site (from any browser other than IE), it launches the Quarri Install Agent Helper which starts IE in a protected / Secure environment (much like Trusteer securing the Browser), but IE not covered by MBAE (no instance in Process explorer or UI alert).. It is not a remote Browser in the Box, but a local browser run w/o any plugins/add-ons.. So, how can IE be secured under this run? Tks..

Quarri MyPOQ Secure browser launch in IE does not trigger MBAE. is it normal?..Tks..

Amen..

Quite true. No such model could be found. But as he has mentioned abt T2130, it is Dual core processor with 2Gb RAM , must be quite a handy for the reqt..

He has already mentioned it as Dell Inspiron..