Jump to content

grunf

Members
 View Profile  See their activity

  • Content Count

    71

  • Joined

  • Last visited

About grunf

  • Rank
    Regular Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. grunf grunf changed their profile photo
  2. grunf
    Is it normal to check this frequent? It started with the latest update. This one is new.
  3. grunf
    I thought it was the telemetry data because of latest problems with windows 7. Thank You, Exile.
  4. grunf started following Exploit Protection, MBAM Service sending data and Exploit protection
  5. grunf
    What's with the MBAM service sending data every few minutes to this two addresses? It's about 100kb of data in approximately 5 minutes. It started today although usage and threat statistic has been turned off. It's a bit annoying as it slows down internet.
  6. grunf
    I posted a topic in Malwarebytes 3 support forum about MBAM exploit protection fails to block HMPAlert's heap spray. Here is the link: I got an answer that this is the best place to ask. Thanks in advance.
  7. grunf
    I tried it many times, waited between tests and it always the same result. I'll ask for clarification on Anti-Exploit Beta forum. Thank You for all Your help @exile360 Cheers
  8. grunf
    Don't get me wrong on this I like MBAM and will continue to use it and recommend it to people as it helped me great deal in the past. I want to know why it doesn't block something it should?
  9. grunf
    Ok, I added test to the custom shield: And here Mbam block ROP gadget: Here Mbam fails to block heap spray attack:
  10. grunf
    Ok, this is what their manual says: "If your anti-virus, exploit mitigation or anti-exploit software has a feature to shield custom applications, you can add the hmpalert-test.exe and hmpalert64-test.exe executables to the list of protected applications. This way you can also test the abilities of this other security software without abusing a third-party application. " It doesn't matter if one uses already protected application or add test executable to the shield, it should trigger anti-exploit protection.
  11. grunf
    Yes, Browser (IE11, Firefox etc.) IS being exploited with test to launch calc.exe.
  12. grunf
    @exile360 Thank You for Your answer. Adding an application You trying to test Your security with to a shielded apps doesn't make much sense. As You can see in the image I posted, test ran against IE 11 which is shielded by default. Same for the Firefox. Stack Pivot, Stack Exec and all ROP tests were successfully blocked, but completely failed at Heap-Spray. Null Page hasn't been blocked nor started the calculator so I think it failed.
  13. grunf
    If I understood this correctly. Heap-Spray protection works as pre-allocating common Heap-Spray addresses used by pen-test software and exploit kits. HMPAlert test uses different addresses that's why it wasn't detected? Thank you!
  14. grunf
    Why Mbam doesn't block none of the heap spray technique in HMPAlert test? As you can see in capture I attached, calculator hasn't been blocked although anti-heap spray protection was on. Thank you.
  15. grunf
    On every boot I got error message in Event Viewer about MBAM service fail to start although everything seems fine, no application crashes or BSOD's. Faulting module is SelfProtectionSdk.dll. I haven't tried to disable self protection. Logs are in attachment. mbst-grab-results.zip Mbam Error.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept