More info on exlploit, and Exclusions question

[John A]

Running OK on two computers with Malwarebytes Pro, MSE, W7 x 32, IE10.  Two questions:

 

(1) I tried the Exploit Test program which produced a message that it had blocked an exploit.  Are there plans to include more info in this message , such as which process caused it?

 

(2) How do I add exclusions?  I see only a way to remove exclusions

[pbust]

Thanks for testing MBAE!

Yes, we do have plans to add more details to the alert window such as the one you mention. No ETA yet as we're still focused on finishing the engine first.

As for adding exclusions, these are added from the LOGS tab of the program interface. Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

[John A]

As for adding exclusions, these are added from the LOGS tab of the program interface. Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

The attached shows a log entry (from your test file) - when I select it, the Exclude button isn't active.

[pbust]

Yes, that is correct. When the log says "an exploit code has been blocked" it means it was one of the memory protections that blocked the exploit, so there is no file to exclude in these types of exploits.

 

The key part of my previous answer is highlighted in bold and red:

 

Once you get a blocked exploit attempt identifying a specific file in the logs, then you can select it and the "Exclude" button will be activated so that you can click it.

 

This means that when this happens you will see a log entry in MBAE that identifies a specific file on disk, such as for example "somethingbad.exe". When that happens you can exclude that file from being blocked again.

[John A]

Thanks for explaining that