Jump to content

More info on exlploit, and Exclusions question


John A
 Share

Recommended Posts

Running OK on two computers with Malwarebytes Pro, MSE, W7 x 32, IE10.  Two questions:

 

(1) I tried the Exploit Test program which produced a message that it had blocked an exploit.  Are there plans to include more info in this message , such as which process caused it?

 

(2) How do I add exclusions?  I see only a way to remove exclusions

Link to post
Share on other sites

  • Staff

Thanks for testing MBAE!

Yes, we do have plans to add more details to the alert window such as the one you mention. No ETA yet as we're still focused on finishing the engine first.

As for adding exclusions, these are added from the LOGS tab of the program interface. Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

Link to post
Share on other sites

As for adding exclusions, these are added from the LOGS tab of the program interface. Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

The attached shows a log entry (from your test file) - when I select it, the Exclude button isn't active.

post-14642-0-65523300-1383122113_thumb.j

Link to post
Share on other sites

  • Staff

Yes, that is correct. When the log says "an exploit code has been blocked" it means it was one of the memory protections that blocked the exploit, so there is no file to exclude in these types of exploits.

 

The key part of my previous answer is highlighted in bold and red:

 

Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

 

This means that when this happens you will see a log entry in MBAE that identifies a specific file on disk, such as for example "somethingbad.exe". When that happens you can exclude that file from being blocked again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.