grunf

Is it normal to check this frequent? It started with the latest update. This one is new.

I thought it was the telemetry data because of latest problems with windows 7. Thank You, Exile.

What's with the MBAM service sending data every few minutes to this two addresses? It's about 100kb of data in approximately 5 minutes. It started today although usage and threat statistic has been turned off. It's a bit annoying as it slows down internet.

I posted a topic in Malwarebytes 3 support forum about MBAM exploit protection fails to block HMPAlert's heap spray. Here is the link: I got an answer that this is the best place to ask. Thanks in advance.

I tried it many times, waited between tests and it always the same result. I'll ask for clarification on Anti-Exploit Beta forum. Thank You for all Your help @exile360 Cheers

Don't get me wrong on this I like MBAM and will continue to use it and recommend it to people as it helped me great deal in the past. I want to know why it doesn't block something it should?

Ok, I added test to the custom shield: And here Mbam block ROP gadget: Here Mbam fails to block heap spray attack:

Ok, this is what their manual says: "If your anti-virus, exploit mitigation or anti-exploit software has a feature to shield custom applications, you can add the hmpalert-test.exe and hmpalert64-test.exe executables to the list of protected applications. This way you can also test the abilities of this other security software without abusing a third-party application. " It doesn't matter if one uses already protected application or add test executable to the shield, it should trigger anti-exploit protection.

Yes, Browser (IE11, Firefox etc.) IS being exploited with test to launch calc.exe.

@exile360 Thank You for Your answer. Adding an application You trying to test Your security with to a shielded apps doesn't make much sense. As You can see in the image I posted, test ran against IE 11 which is shielded by default. Same for the Firefox. Stack Pivot, Stack Exec and all ROP tests were successfully blocked, but completely failed at Heap-Spray. Null Page hasn't been blocked nor started the calculator so I think it failed.

If I understood this correctly. Heap-Spray protection works as pre-allocating common Heap-Spray addresses used by pen-test software and exploit kits. HMPAlert test uses different addresses that's why it wasn't detected? Thank you!

Why Mbam doesn't block none of the heap spray technique in HMPAlert test? As you can see in capture I attached, calculator hasn't been blocked although anti-heap spray protection was on. Thank you.

On every boot I got error message in Event Viewer about MBAM service fail to start although everything seems fine, no application crashes or BSOD's. Faulting module is SelfProtectionSdk.dll. I haven't tried to disable self protection. Logs are in attachment. mbst-grab-results.zip Mbam Error.txt

Two Factor Authentication is not secure and can be bypassed. https://www.howtogeek.com/212219/here’s-how-an-attacker-can-bypass-your-two-factor-authentication/

Yahoo has been breached so many times that it's better to forget about it. Try to contact Yahoo to close your account. Also, change all Your passwords for all sites You're using. Do that from a clean computer. (friends for example). And look for help on Malware Removal section in this forum or ask administrator to move it there.