Jump to content
pbust

[SOLVED] Looking for alpha testers for upcoming MBAE 0.10

Recommended Posts

As for starting/stopping MBAE within an open/running program (after having adjusted SimExecFlow in EMET), it would appear that there's no longer a[n absolute] conflict... but there DOES seem to be a very considerable LAG before I can access the program (e.g., IE) again.

Share this post


Link to post
Share on other sites

On that basis, I'd have to wonder about other add-ons that are called (e.g., java.   I doN'T have java, so I can't test it here).

 

java.exe, javaw.exe and javaws.exe

 

 

As for starting/stopping MBAE within an open/running program (after having adjusted SimExecFlow in EMET), it would appear that there's no longer a[n absolute] conflict... but there DOES seem to be a very considerable LAG before I can access the program (e.g., IE) again.

 

This is normal as the service and protection are starting/stopping in the background.

Share this post


Link to post
Share on other sites

Sorry forgot to mention that alpha testers need a minimum post count and/or have previously helped out with MBAE beta testing. If you've previously helped with MBAE beta in another forum like Wilders, send me a PM from that other forum so I know who you are.

Share this post


Link to post
Share on other sites

Please count me in.

Share this post


Link to post
Share on other sites

A suggestion for future alpha/beta releases:

 

I realize that the point of alpha/beta releases is to TEST the product for performance/safety/reliability... especially given the multitude of esoteric hardware/software configurations that people have:   I understand there's no way you can anticipate all possibilities, and so need public assistance in testing them out.

 

HOWEVER, given that MBAE clearly overlaps EMET (in part), and that EMET, being backed by Microsoft, must be viewed as a popular (dare I say "de facto standard") anti-exploit product among a significant number of security-conscious users, I do believe that "in-house" testing on your part requires testing MBAE against a default EMET configuration... at the very least, relative to the most current EMET 4.x... and ideally, relative to other still-supported versions like 3.x... before making even an alpha release available for testing.   Put bluntly:   Something as basic as IE and FF not opening should have been caught in-house.   In order to guarantee the largest user-base, every effort needs to be made to have MBAE fully-compatible with EMET.  Just my strong opinion/suggestion.   

Share this post


Link to post
Share on other sites

MBAE & EMET compatibility is something we have in mind but not a priority right now. The reason is that since we're still making many additions to the engine in order to have the most complete anti-exploit product in the market, there's no point in making the effort now to make it compatible as next build will have some new technique which will make us repeat all those compatibility tests and fixes, therefore becoming a waste of time. Once we're finished with the engine then we'll do thorough compatibility tests with EMET.

Share this post


Link to post
Share on other sites

PM sent, Pedro.

Share this post


Link to post
Share on other sites

Thanks Pedro

Installed on xpSP3 and aside from emet considerations already mentioned, no glaring issues as yet. :)

Share this post


Link to post
Share on other sites

I had one issue that resolved itself after a reboot.

 

After installing MBAE, my task manager replacement, Process hacker, which I had set to be the default system Task manager, all of a sudden was not default, and I was unable to make it default again until I rebooted my machine.

 

Not 100% Sure if this occurred with the new install or the uninstall of the old version.

Share this post


Link to post
Share on other sites

That's weird, MBAE does not interfere with anything related to the system in the way you are describing.

 

The only thing that comes to mind that could interfere with this is the MSVC*.DLL runtimes that ProcessHacker (maybe) and MBAE uses.

 

Can you replicate the problem consistently?

Share this post


Link to post
Share on other sites

I can try.  I'll play around and see what is going on and try to pinpoint the issue.

 

Luckily, I still have the 0.09.5.1000 setup file available as well :D

Share this post


Link to post
Share on other sites

@D Bone,

 

Maybe you've already noticed and you already tested MBAE beta for a while, but just to be sure:

Sorry forgot to mention that alpha testers need a minimum post count and/or have previously helped out with MBAE beta testing. If you've previously helped with MBAE beta in another forum like Wilders, send me a PM from that other forum so I know who you are.

 

Regards,

Durew

Share this post


Link to post
Share on other sites

If I may nominate myself. :rolleyes:

 

Currently using Malwarebytes Anti-Exploit 0.09.5.1000 (started testing since it was called ZeroVulnerabilityLabs' ExploitShield ).

 

Thank you.

Share this post


Link to post
Share on other sites

The problem with IE and EMET's SimEx mitigation is a one-off 'per system' problem.  I guess that the disruption of IE in this way causes some internal OS malfunction which resulted in my case in Win XP being crippled.  A restart revealed a Windows statement that a severe problem had occurred but XP and IE then ran well with no further problems.

Share this post


Link to post
Share on other sites

Regarding the issue I mentioned earlier - I cannot duplicate it Pedro.  I'll keep trying though.

Share this post


Link to post
Share on other sites

...but XP and IE then ran well with no further problems.

 

You mean with both MBAE and EMET with SimExecFlow mitigations enabled or disabled?

Share this post


Link to post
Share on other sites

Now testing on a second system, this one is 32-bit XP Pro SP3 with EMET 2.1.   Since this older version of EMET does not offer SimExecFlow mitigations, I've encountered no conflicts here... all is running smoothly so far.

 

MBAE even acknowledged/protected WORD 2000 !

Share this post


Link to post
Share on other sites

Hi Pedro, I sent you a PM. I would also like to participate in this alpha testing phase. Since I've been with the program since the ZVL days I believe I meet your criteria for a tester and I am looking forward to evaluating this newest build!.
 

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Third (and last) test system:  Win7x64 Pro SP1 with EMET 3.0.

All running smoothly so far.   I intend to continue using/testing this alpha on these 3 systems.

 

So in my testing of 3 systems/configurations, the only issue/conflict noted was with EMET 4.x's SimExecFlow mitigation (which is not included in EMET 2.x nor 3.x).

 

On all 3 systems, WORD (and EXCEL, when I had it) showed up in the LOGS tab, and there was no crash when I started/stopped MBAE with protected programs open :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.