Jump to content

How to verify that MBAE is working correctly


Recommended Posts

  • Staff

There are two ways to verify that Malwarebytes Anti-Exploit (MBAE) is installed and running correctly.


1- MBAE Exploit Test - For regular users

The attached mbae-test.exe utility was developed by Malwarebytes to simulate an exploit behavior in order to verify that MBAE is installed and working correctly. The utility only has two buttons labeled Normal and Exploit. The Normal button will open the Windows Calculator (calc.exe) using normal system calls which are typically used when users are trying to open the Calculator. The Exploit button will attempt to open the Windows Calculator using system calls which are typically used by exploits to launch their payloads (i.e. malware). Keep in mind that mbae-test.exe is NOT malicious. Even if you don't have MBAE install and click the "Exploit" button, the only thing that will happen is that the Windows Calculator will open. However if you have MBAE installed and running correctly, you will see an alert popup window from MBAE.


2- DLL Injection Verification - For techie users

Techies might prefer to verify that MBAE is working correctly with a more direct approach. The way MBAE works is by injecting its DLLs into protected applications. It does so by injecting mbae.dll for 32bit processes and mbae64.dll for 64bit processes. To verify that MBAE is working simply run Process Explorer or any other similar advanced task management utility, and use the Find (Ctrl+F) function to search for "mbae.dll" or "mbae64.dll". You should see mbae.dll listed under the process space of running and MBAE-protected applications. Remember to run Process Explorer as admin or click on "File -> Show Details for All Processes" to view all details.




Edited by Arthi
updated zip file
  • Thanks 1
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.