Jump to content

MBAE and Kaspersky


XhenEd
 Share

Recommended Posts

Does MBAE not conflict with Kaspersky Internet Security 14?

Can MBAE be run alongside KIS14 just like with EMET?

 

KIS has Automatic Exploit Prevention.

I already asked about this in the Kaspersky forum. The reply I got is that there might be a conflict since MBAE is running in real time.

But, here in the MBAE forum, I found some users that has both MBAE and KIS installed. That's why I want to be sure.

 

As of now, I run them both with no system crashes or anything problematic.

Link to post
Share on other sites

Hello XhenEd,

 

I have been running Kaspersky Internet Security 14 along side MBAM, MBAE and EMET for a long time (over a year) and have never had any conficts.  One thing I have done is to set exclusions for MBAM and MBAE in KIS 14, and excusions for KIS 14 in MBAM.

 

If you are unsure of what exclusions to set post back here and I will tell what they should be step by step.

 

I hope this helps.

 

Kind regards.

Link to post
Share on other sites

I don't use MBAM. I use only MBAE which I already excluded from the KIS.

 

 

My problem is this:

For example, my system is being exploited. I have both KIS and MBAE installed. Which program will first detect and stop the exploit? Is it KIS or MBAE? Both? Or none?

Because of possible conflict, maybe neither will stop the exploit.

Link to post
Share on other sites

Hi,

 

I've never come across a live exploit in the wild, but there is a way to do a safe test, then you will be able to see if either MBAE and/or KIS 2014 detect the exploit.

 

Goto this section of the forum and run the test: https://forums.malwarebytes.org/index.php?showtopic=139368

 

If you need any more help just post back.

 

Regards.

Link to post
Share on other sites

I'm sorry your having problems, unfortunately I don't have access to a Windows 8.1 computer, I'm running Windows 7 64bit, and once I had downloaded the .zip file and extracted it, it ran without problem for me.

 

If you post here the exact message in the pop up I'm sure another forum member that uses Windows 8.1 will be able to help you.

 

Sorry I couldn't be of more help.

Link to post
Share on other sites

KIS doesn't block the test because the test is added in the Trusted group. The test is digitally signed by Malwarebytes, that's why.

KIS blocks it if I transfer it to Low Restricted or High Restricted.

 

But, by default, KIS let the test (the exploit button) run.

 

 

 

I guess what I need to test is a safe exploit sample that is not digitally signed.

Link to post
Share on other sites

Hi XhenEd,

 

Sorry for the delay, I had to go out for a few hours.

 

I did as you asked and disabled MBAE and when I ran the test KIS14 detected the test exploit and deleted the file automatically.

 

To check if KIS14 is detecting it (in KIS) click on the reports button and check under the word "Nutralized" if it shows a report click on it and see if its the test file.

 

If the test has not been detected try clicking on "Settings → Additional → Threats and Exclusions"    Make sure the Detect other Software box is ticked, then retry the test.

Link to post
Share on other sites

I already checked the box in the threats and exclusions... but no blocking from the KIS...

 

the file is automatically added in the Trusted group... I suppose it's because of the "Trust digitally signed applications"... But even if I don't enable it, the test will still be automatically added to the trusted group... :(

I'm sure KIS is working because it can detect the eicar file...

 

MCFatTongue, what's the detection name given by KIS to the test file?

 

Wilpower, can I ask you to run the test file while MBAE is disabled?

Link to post
Share on other sites

Hi XhenEd,

 

Below  is a screen shot of the KIS14 detection report for the test file:

Hello MCFatTongue:

I just re-scanned mbae-test.exe and mbae-test.zip at VirusTotal, and although both files tested 1/51, it was the Rising engine that gave the (false) positive and notably not Kaspersky.

 

This implies that Kaspersky heuristics might not be used at VT but obviously heuristics were used in your system's environment to include archives.

 

FWIW

Link to post
Share on other sites

1PW,

 

I think we have our wires crossed a bit, the kaspersky detection of mbae-test.exe is not a false positive, it has been detected correctly.  The kaspersky detection only occurs if MBAE is deactivated (test as requested by OP). When MBAE is active its that that detects the test file and not Kaspersky.

Link to post
Share on other sites

1PW,

 

I think we have our wires crossed a bit, the kaspersky detection of mbae-test.exe is not a false positive, it has been detected correctly.  The kaspersky detection only occurs if MBAE is deactivated (test as requested by OP). When MBAE is active its that that detects the test file and not Kaspersky.

I've been beta testing MBAE for many months and I'm only pointing out the disparity between the consumer's Kaspersky engine and the Kaspersky engine used at VirusTotal.

I'm really only making a slightly off-topic observation. My theory is that the KIS2014 product might be set context sensitive to code like mbae-test (while executing) and the Kaspersky engine in VT can never be.

Link to post
Share on other sites

Hi XhenEd,

 

I have just read the Kaspersky forum topic you posted.

 

I use Kaspersky because in my humble opinion it's the best AV on the market, likewise I use MBAM and MBAE because its the best anti-malware on the market.

 

For me, I have used Malwarebytes and Kaspersky products for a number of years, and have never found any conflict between the two.  If a problem ever did arise I know which one I would dump, and it would not be Malwarebytes, I'd just find an alternative compatible AV.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.