Ray_J Posted February 8, 2014 ID:788403 Share Posted February 8, 2014 Hi, new to here. I've had MAE for a while now and it's the first time it has noticed an exploit. A good thing? The exploit block seems to have occurred when after I installed the Ginger Software (a software that corrects Grammar) and try to use Internet Explorer. Ginger software website (just in case): http://www.gingersoftware.com/ I'd like to know if this is possible a false positive or a legitimate exploit before attempting to whitelist this software. Is it possible to be able to disable certain parts of the Ginger software to avoid this exploit? I have contacted the Ginger software (team?) and should receive a response in 1-2 business days, they claim. Currently, I have uninstalled the software. Notes:Every other browser on my computer works fine (Chrome, Firefox, Safari, and Opera).IE is the only one that closes immediately when MAE notifies me of an exploit. I was also able to use the Ginger software, as well without issues. Any help or insight would be appreciated. Thanks! Ray Link to post Share on other sites More sharing options...
John L. Galt Posted February 8, 2014 ID:788405 Share Posted February 8, 2014 I've use Ginger in hte past as well, and I believe it is a FP. The software made by Ginger is not harmful in that it is hooking itself into the browser so it can check your posts on the fly for spelling and grammar, but since it hooks in like that, I think that is why MBAE is calling foul. Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788406 Share Posted February 8, 2014 Thank you for the quick reply. I shall re-install it then. How would I go about whitelisting it in MBAE? Link to post Share on other sites More sharing options...
John L. Galt Posted February 8, 2014 ID:788408 Share Posted February 8, 2014 Before you go installing it, I'd let one of the developers come in and take a look at the software itself. And he can also answer the whitelist question. Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788411 Share Posted February 8, 2014 Sure, I'll do that. It seems like a useful software but not detrimentally necessary, so I'll wait. Many thanks! Link to post Share on other sites More sharing options...
Staff pbust Posted February 8, 2014 Staff ID:788473 Share Posted February 8, 2014 Hi Ray, welcome to the forum and thanks for reporting this. As John said it is most likely an FP with MBAE. You can safely reinstall Ginger. But please also post your file C:\Program Files\Malwarebytes Anti-Exploit\mbae-default.log here so that we may see what the problem is and fix it for future versions of MBAE. Thanks! Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788520 Share Posted February 8, 2014 Thanks. I will re-install it now. My log is attached. How do I go about whitelisting it? IE closes immediately after I start it up. mbae-default.log Link to post Share on other sites More sharing options...
Staff pbust Posted February 8, 2014 Staff ID:788530 Share Posted February 8, 2014 Thanks for the log! It is a detection by one of the memory mitigations so there's not way to whitelist it until we fix it. In the meantime, do you get the same problem with EMET instead of MBAE? Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788532 Share Posted February 8, 2014 Enhanced Mitigation Experience Toolkit? Not sure what it means or what EMET does. Sorry about that. I do use Comodo Internet Security Premium... Comodo notified about having not much information on the Ginger Software when trying to install, and left me with the usual options of Run Unlmited, Run Isolated, Block. Link to post Share on other sites More sharing options...
Staff pbust Posted February 8, 2014 Staff ID:788535 Share Posted February 8, 2014 Out of curiosity, what did you choose when Comodo alerted you of Ginger? Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788539 Share Posted February 8, 2014 Initially I chose "Run Isolated" during installation. It appears it didn't install with the isolation option. So I later chose "Run Unlimited". It installed promptly after.Then the situation with MBAE after. Link to post Share on other sites More sharing options...
Staff pbust Posted February 8, 2014 Staff ID:788543 Share Posted February 8, 2014 Cool, thanks for the clarification. Wanted to rule out running in limited mode.Curiously I have exactly the same report of MBAE problem with Ginger from another Comodo user in another forum. Could you test installing MBAE and Ginger together but first uninstalling Comodo completely and rebooting?I just want to rule out potential conflicts in other areas. Link to post Share on other sites More sharing options...
Ray_J Posted February 8, 2014 Author ID:788544 Share Posted February 8, 2014 Sure. I'll make another post once done. Link to post Share on other sites More sharing options...
Ray_J Posted February 9, 2014 Author ID:788562 Share Posted February 9, 2014 Sorry for the delay. Uninstalled Ginger and Comodo. There were no differences after removing Comodo and rebooting.Re-installed Ginger, it was still blocked by MBAE, IE still immediately closes upon start up. Link to post Share on other sites More sharing options...
Staff pbust Posted February 9, 2014 Staff ID:788570 Share Posted February 9, 2014 Thanks so much for running these test Ray!It's pretty clear it's a problem with MBAE. We'll fix it asap. Link to post Share on other sites More sharing options...
Ray_J Posted February 9, 2014 Author ID:788571 Share Posted February 9, 2014 No problem, and many thanks for the help and clarifications today! Link to post Share on other sites More sharing options...
Staff pbust Posted March 7, 2014 Staff ID:800529 Share Posted March 7, 2014 Can any of you guys please try the new MBAE 0.10.0.1000 to see if this problem persists? Link to post Share on other sites More sharing options...
John L. Galt Posted March 9, 2014 ID:800939 Share Posted March 9, 2014 I have Ginger working in Chrome with no issues, other than Ginger taking it upon itself t only show sometimes when I am typing in a forum No issues detected with MBAE at all, but I haven't tested it with IE, or Firefox - yet. Link to post Share on other sites More sharing options...
Staff pbust Posted March 9, 2014 Staff ID:801013 Share Posted March 9, 2014 Thanks for the confirmation John. If you get a chance to test it under IE and report back that'd be helpful so we can close this thread finally if the problem is no longer there. Link to post Share on other sites More sharing options...
John L. Galt Posted March 9, 2014 ID:801039 Share Posted March 9, 2014 I'll try to test in IE later today. Link to post Share on other sites More sharing options...
Staff pbust Posted March 13, 2014 Staff ID:802569 Share Posted March 13, 2014 I was able to replicate this with MBAE 0.09 under Win7 x64 and IE when installing Ginger.With MBAE 0.10 the exploit blocked FP never showed again. I am closing this bug report as solved. If you find any other scenarios where MBAE conflicts with Ginger please PM me or open a new thread. Link to post Share on other sites More sharing options...
Recommended Posts