Jump to content
pbust

[SOLVED] Looking for alpha testers for upcoming MBAE 0.10

Recommended Posts

Ok.  I attempted to print something from firefox while running current build.  It wouldn't print.  I didn't get any error, the printer just wouldn't connect.  I stopped the service and shut down MBAE and it still wouldn't print.  I uninstalled MBAE and rebooted.  I went and printed the same document and it printed without an issue.  I didn't delete the data folder yet. I'll install it again and try to pull those logs for you.  Any other suggestions?

Share this post


Link to post
Share on other sites

Hello ky331,

 

Unfortunately just disabling MBAE alpha is not enough I had to completely uninstall it, but after a reinstall the print preview in Firefox worked again.

 

Have you read my post #96 I posted a link there you should find interesting.  A similar problem has arisen with MBAM 2.00.0.503 but can be rectified by unticking the "Enable Self Protection Module" box, this can be found in "Settings → Advanced Settings → Enable Self Protection Module"

 

By default the "Self Protection Module" is Unticked (off), so unless you had specifically changed it you should be okay.

Share this post


Link to post
Share on other sites

Can you guys please:

 

1- Delete all logs of the MBAE logs directory.

2- Have MBAE installed and active.

3- Replicate the issue trying to print from FF

4- ZIP and PM me all the files from the MBAE logs directory.

 

This looks like it might be a bug with the hooking framework. We have a .1000 build almost ready to go out in which we optimize some of the memory protections, so that might take care of it.

Share this post


Link to post
Share on other sites

I have installed EMET 5.0 Tech Preview 1 (TP1) on my Win 7 Pro 64-bit SP1 OEM running MBAE 0.10.0.0300 Alpha.

 

Functionally, my system is still operating as it was with EMET 4.1 and EMET 5.0 TP1 still requires that all occurrences of ROP/SimExecFlow mitigations, where MBAE protected applications exist, be unticked.

 

HTH

Share this post


Link to post
Share on other sites

<Snip>

 

This looks like it might be a bug with the hooking framework. We have a .1000 build almost ready to go out in which we optimize some of the memory protections, so that might take care of it.

Just curious Pedro, how's that .1000 build doing?

Share this post


Link to post
Share on other sites

We'll probably release .1000 next week

 

 

do you think about introducing new functionalities before going out of beta - anti-keylogging, anti-crypto, and so on?

Share this post


Link to post
Share on other sites

Thanks for your reply Pedro. Looking forward to it. :)

Share this post


Link to post
Share on other sites

@Wojtek, those are not really anti-exploit features (which prevents the infection) but rather post-infection and therefore out of the scope of a pure anti-exploit like MBAE.

Share this post


Link to post
Share on other sites

I just started having a weird issue.  I have MBAE running twice.

 

It has happened three times already, so I know it is not a temporary glitch.

 

Attached logs:

 

mbae-default.zip

Share this post


Link to post
Share on other sites

Can you provide a screenshot of procexp showing the user to which each process belongs to?

Share this post


Link to post
Share on other sites

bah - I just closed out both of them in order to get the most up to date log.  Let me see if I can recreate it again (on reboots, I think) and then I'll get a screen shot and PM you with it from Process Hacker.

Share this post


Link to post
Share on other sites

It has happened to me three times, but since then I have not been able to duplicate it.  I suspect that it is occurring after reboot initiated by software install.

 

I will keep testing and report back if it occurs again.

Share this post


Link to post
Share on other sites

Got it to happen again.  One is running under NT AUTHORITY\SYSTEM (SID=S-1-5-18), and the other is running under my username (SID=S-1-5-21-4056269498-2856061673-2210526970-1001).

 

Screenshot sent to PM.

Share this post


Link to post
Share on other sites

Since the final 0.10.0.1000 build has been released, I'm going to close this thread.

 

@John, I'll follow up with you via PM on the details you sent me.

@oldgeek, please send me the logs via PM. I'm going to split your posts here into a new thread so we can track that issue separately.

 

Everyone thank you very much for helping finetune this new MBAE architecture! You've been a great help and your time is greatly appreciated. If you have any questions you know where to find us and if you find any more issues please post them in the main MBAE Product Support sub-forum.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.