Jump to content
Thankful

[SOLVED] Shielded applications 0, no log messages

Recommended Posts

Fired up IE 10 and FireFox.  Shield applications remains 0, with no log messages.

Windows 7 32 bit, WSA 8.0.2.155,  Admuncher.

Share this post


Link to post
Share on other sites

Fired up IE 10 and FireFox. Shield applications remains 0, with no log messages.

Windows 7 32 bit, WSA 8.0.2.155, Admuncher.

When you open the GUI are both the Start and Stop buttons active? If so, close the browsers abd shielded apps, exit MBAE and install again.

Also check the .LOG in the program install directory for any clues.

Share this post


Link to post
Share on other sites

I reinstalled after removing and deleting directory. Only stop protection button is enabled. Buttons

seem to be working fine. Same problems with shielded applications = 0 and no log entries in log tab.

mbae-default text file:

 

2013-06-22 00:05:59 - The Malwarebytes Anti-Exploit task scheduler has been successfully created
2013-06-22 00:05:59 - Malwarebytes Anti-Exploit Driver Installed successfuly
2013-06-22 00:05:59 - Malwarebytes Anti-Exploit Driver is running
2013-06-22 00:05:59 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:05:59 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:09 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:09 - Malwarebytes Anti-Exploit Driver stopped successfuly
2013-06-22 00:06:10 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:10 - Malwarebytes Anti-Exploit Driver has been successfully started
2013-06-22 00:06:10 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:10 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:12 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:12 - Malwarebytes Anti-Exploit Driver stopped successfuly
2013-06-22 00:06:13 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:13 - Malwarebytes Anti-Exploit Driver has been successfully started
2013-06-22 00:06:13 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:13 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:30 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:30 - Malwarebytes Anti-Exploit Driver stopped successfuly
2013-06-22 00:06:31 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:31 - Malwarebytes Anti-Exploit Driver has been successfully started
2013-06-22 00:06:31 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:31 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:32 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:32 - Malwarebytes Anti-Exploit Driver stopped successfuly
2013-06-22 00:06:33 - Stopping Injection with: MBAE.dll
2013-06-22 00:06:33 - Malwarebytes Anti-Exploit Driver has been successfully started
2013-06-22 00:06:33 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-06-22 00:06:33 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
 

Share this post


Link to post
Share on other sites

Everything seems ok with MBAE. Looks like something else might be blocking the injection, possibly Webroot. The Webroot issue was fixed in the past with ZVL but it might be back as MBAE is signed by MWB and not ZVL.

Can you try uninstalling Webroot or trying in another computer to see if the problem persists?

Share this post


Link to post
Share on other sites

Hey guys, I split this off into its own topic so it doesn't get mixed up with the content and other replies to that pinned topic.

Also, Thankful, one quick question for you to help me understand. What precisely do you see when you access the Shields tab? Does it look like the below image? Is it the same except every padlock is 'unlocked'? Is it just completely blank?:

post-2103-0-86917900-1371875912_thumb.pn

Share this post


Link to post
Share on other sites

pBust,

   You are correct. WSA is interfering with ExploitShield. It affects it during installation as well as after installation.

I disabled WSA during ES installation and fired up IE 10. ES appeared in the log tab and shielded application = 2. I then enabled WSA and fired up Firefox. Firefox did not appear in the log tab of ES and shielded applications reverted back to 0.

 

Exlie360,

   My shields tab looks exactly like yours with padlocks locked. The problem is with 'shielded applications' on the general tab and log tab entries.

Share this post


Link to post
Share on other sites

Exlie360,

   My shields tab looks exactly like yours with padlocks locked. The problem is with 'shielded applications' on the general tab and log tab entries.

I see, so it's not able to shield/sandbox your applications when they are launched. Thanks for clearing that up :).

Share this post


Link to post
Share on other sites

I am seeing the same as Thankful on XP Pro, but my browser of choice is Opera.

Also, using WSA and AdMuncher.

Share this post


Link to post
Share on other sites

I am seeing the same as Thankful on XP Pro, but my browser of choice is Opera.

Also, using WSA and AdMuncher.

I'm guessing WSA has some sort of sandboxing function in it, correct? I bet that's the cause of this.

Share this post


Link to post
Share on other sites

Thanks for the reports. We'll contact Webroot and get them to fix/whitelist Malwarebytes Anti-Exploit.

Share this post


Link to post
Share on other sites

Hey guys, I split this off into its own topic so it doesn't get mixed up with the content and other replies to that pinned topic.

Also, Thankful, one quick question for you to help me understand. What precisely do you see when you access the Shields tab? Does it look like the below image? Is it the same except every padlock is 'unlocked'? Is it just completely blank?:

attachicon.gifShields.png

 

Mine is pretty much the same, only thing is that both the shield and unshield buttons on the shields tab are inactive, I cannot unshield any of the applications if I wanted to. Windows 7 SP1 x64

Share this post


Link to post
Share on other sites

Mine is pretty much the same, only thing is that both the shield and unshield buttons on the shields tab are inactive, I cannot unshield any of the applications if I wanted to. Windows 7 SP1 x64

Yes that's by design for now. We deactivated these buttons until we iron out some bugs.

Share this post


Link to post
Share on other sites

I'm posting my issue in this thread, because I think it might be the same problem with Avast.

 

After installing mbae, the mbae symbol was in the system tray, but the next day it was not.

 

Today the symbol of mbae was there, but the Avast symbol was not. The main window of mbae states 0 applications are protected, while FF is running. The Logs tab indicates FF is protected.

 

When I started an Avast scan manually I got an Error notification.

 

In english it states: Avast UI proces in not working at the moment. Start this application before scanning.

 

Checked for Avast in the system tray, and the Avast symbol was not there, but when checking rummimg services , it was running.

On the Avast forum it is suggested this might have to do with the sandbox funtionality.

 

Being a fan of good pc-protection I thought I report this.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.