What custom shields are you using with MBAE Premium

[blackdove83]

I just added TeamSpeak3 64 bit client and Ventrilo to my custom shields. It says they shield and unshield when I open and close the applications, but I'm curious, how does it "know" what to do to shield these applications?

[pbust]

Basically when you add a shield for "something.exe" MBAE will look for any process being created on the system with that process name. If a process executes with that name, then MBAE injects itself into the process space and monitor its behavior.

[hake]

Outlook Express, Mozilla Thunderbird - both defined as browser

Comodo Dragon

 

A copy of the Comodo Dragon .exe file is named chrome.exe.  I do this because Agnitum Outpost Firewall recognises chrome.exe as a protected application so on systems with Outpost Firewall, I run Comodo Dragon thus.

[blackdove83]

So it will basically analyze the behavior for exploit techniques etc.?

 

And why doesn't it show Flash as being protected anymore? Is that included in the browser level protection or do I have to add a custom shield? It also doesn't show AcroRd32.exe or Acrobat.exe as being shielded, although I have premium.

 

Sometimes the shielded applications drop to 0 when I open a PDF in Internet Explorer too.

 

And one more question, I know it says in the known conflicts that it's not currently compatible with EMET, but I have EMET 4.1 Update 1 installed and just have the simexecflow mitigation disabled for IE. I've also had to remove the EMET mitigations for Acrobat.exe and AcroRd32.exe.

 

Will having EMET and MBAE at the same time cause a problem other than making things not function sometimes? Will it reduce the protection of either program to have them both on at the same time?

[pbust]

Yes, correct about analyzing behavior.

 

Flash is included in the browser, no need to add a custom shield for it.

 

The counter has some Known Issues: https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/

 

As for EMET, read the following thread, especially the posts by Kaine who has looked in-depth a both EMET and MBAE running alongside:

https://forums.malwarebytes.org/index.php?/topic/150689-mbae-emet-hmpalert-conflicts/

[MarkBevan]

MPC-HC, PotPlayer, Sumatra and Thunderbird here so far.  All working well (althought Sumatra required the 1.03.3.1225 Experimental version of MBAE).

 

Added uTorrent to my previous list of custom shields (using the other profile).

[hsweet]

I've just upgraded and entered Nitro PDF Reader, Windows Media Center ( under media player), and Open Ofice and Libre Office.  For these last two, I had to make a single consolidated entry.

 

Those who have entered Thunderbird -- What category was used?

[MarkBevan]

I've just upgraded and entered Nitro PDF Reader, Windows Media Center ( under media player), and Open Ofice and Libre Office.  For these last two, I had to make a single consolidated entry.

 

Those who have entered Thunderbird -- What category was used?

 

I used the browser profile for Thunderbird, which worked fine.  The current advice for which category to use for email, is at the end of this thread

https://forums.malwarebytes.org/index.php?/topic/156564-email-program-profile/

[hsweet]

I used the browser profile for Thunderbird, which worked fine.  The current advice for which category to use for email, is at the end of this thread

https://forums.malwarebytes.org/index.php?/topic/156564-email-program-profile/

Thanks, Mark.