Jump to content

[SOLVED] Shielded Apps and Blocked exploit attempts


Wide_Glide
 Share

Recommended Posts

Windows Vista Home Premium x 64   SP2

Avast free/Mbam Pro/SAS free

 

post-31116-0-38099600-1373938034_thumb.j

 

post-31116-0-21966300-1373938062_thumb.j

 

post-31116-0-65967800-1373938108_thumb.j

 

post-31116-0-30894300-1373938134_thumb.j

 

post-31116-0-51164500-1373938316_thumb.j

 

post-31116-0-77683000-1373938352_thumb.j

 

Shielded Applications are showing more there than there actually are.

NO support yet for Pale Moon, :(

 

If you notice Blocked exploit attempts.   It is at 4.   What 4 attempts?   No alert to anything

Link to post
Share on other sites

  • Staff

Did you have a previous install of MBAE or ExploitShield in the same computer? It might be a leftover as that counter is read from the registry. Please post the full log mbae-default.log to see what is going on with those exploit attempts.

 

In regards to Pale Moon, a little while ago I posted some instructions on how to do that with Pale Moon portable. I'm sure the regular install would be a similar fix:

http://www.wilderssecurity.com/showpost.php?p=2249912&postcount=194

Link to post
Share on other sites

Did you have a previous install of MBAE or ExploitShield in the same computer?

 

Yes, i did.   For testing purposes, uninstalled the Newest version 0.9.2.1400 as @ Instructions.   Deleted remaining from Program Files.    Cleaned Registry of 10 entries 

Re-installed latest version.  NO Change in Blocked exploit attempts.    Still shows at 4 as above pic's show

Do Tell: Where might I find those mbae-default.log's. There's nada, nothing in the logs tab

 

So far as Pale Moon.   I really hope you don't expect a New to average user to have to set-up Pale Moon that way..............

NOTE: I do not have PM Portable and NOT re-installing Pale moon just for this

Link to post
Share on other sites

  • Staff

Check the file at %ProgramFiles%\Malwarebytes Anti-Exploit\mbae-default.log and post it here or PM it to me.

The counter for the blocked attempts are stored in HKLM/SOFTWARE/Malwarebytes Anti-Exploit.

In regards to Pale Moon, it is not oficially supported yet. Only the browsers that show up in the SHIELDS tab are oficially supported.

Link to post
Share on other sites

Mbae-default log

 

2013-07-16 00:53:20 - The Malwarebytes Anti-Exploit task scheduler has been successfully created
2013-07-16 00:53:20 - Malwarebytes Anti-Exploit Driver Installed successfuly
2013-07-16 00:53:20 - Malwarebytes Anti-Exploit Driver is running
2013-07-16 00:53:20 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-07-16 00:53:20 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-07-16 00:53:20 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.dll
2013-07-16 00:53:20 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.dll
2013-07-16 00:53:22 - 0 (8684)chrome.exe (5596)Google Chrome is now protected
2013-07-16 00:53:22 - 0 (8372)iexplore.exe (6424)Internet Explorer is now protected
2013-07-16 00:53:22 - 0 (2444)explorer.exe (8372)Internet Explorer is now protected
2013-07-16 00:53:22 - 0 (2444)explorer.exe (8684)Google Chrome is now protected
2013-07-16 01:19:36 - 0 (2444)explorer.exe (5092)Firefox is now protected
2013-07-16 02:12:58 - Stopping Injection with: MBAE.dll
2013-07-16 02:12:58 - Stopping Injection with: MBAE64.dll
2013-07-16 02:12:58 - Malwarebytes Anti-Exploit Driver stopped successfuly
2013-07-16 02:12:58 - Malwarebytes Anti-Exploit Driver has been successfully uninstalled
2013-07-16 05:22:31 - The Malwarebytes Anti-Exploit task scheduler has been successfully created
2013-07-16 05:22:32 - Malwarebytes Anti-Exploit Driver Installed successfuly
2013-07-16 05:22:32 - Malwarebytes Anti-Exploit Driver is running
2013-07-16 05:22:32 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-07-16 05:22:32 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE.dll
2013-07-16 05:22:32 - Starting Injection with: C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.dll
2013-07-16 05:22:32 - DLL Injection has been successfully started  C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.dll
2013-07-16 05:23:48 - 0 (3300)explorer.exe (4800)Google Chrome is now protected
2013-07-16 05:24:03 - 0 (4800)chrome.exe (6760)Google Chrome is now protected
2013-07-16 05:24:16 - 0 (3300)explorer.exe (6944)Google Chrome is now protected
2013-07-16 05:24:26 - 0 (6944)chrome.exe (5276)Google Chrome is now protected
2013-07-16 05:31:46 - 0 (3300)explorer.exe (5504)Google Chrome is now protected
2013-07-16 05:31:49 - 0 (5504)chrome.exe (5000)Google Chrome is now protected
2013-07-16 05:52:37 - 0 (3300)explorer.exe (6424)Google Chrome is now protected
2013-07-16 05:52:43 - 0 (6424)chrome.exe (6276)Google Chrome is now protected
2013-07-16 08:50:53 - 0 (3300)explorer.exe (6780)Google Chrome is now protected
2013-07-16 08:50:58 - 0 (6780)chrome.exe (5548)Google Chrome is now protected
 
End of Log
 
In Regedit  @ HKLM/SOFTWARE/Malwarebytes Anti-Exploit
 
blocked               Reg_DWORD              0x00000004 (4)
Link to post
Share on other sites

  • 1 month later...

Just a Update!

 

Value changed in the Registry for " blocked               Reg_DWORD              0x00000004 (4)"   to (0)

 

Note: There where no Blocked attempts from a prior installation.  Present version performing as it should be

" Blocked Exploit Attempts-----------0 "

No issues with Chrome or IE

 

 

None of these have been seen:

yC0psWv.jpg

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.