steppinwolf Posted September 10, 2014 ID:877306 Share Posted September 10, 2014 I just upgraded to MBAE Premium 1.04.1.1012 and decided to check what shields were running. I have Office 2013 so was happy to at least see shields for Excel, Word and PowerPoint. They were all deactivated by default, so I manually activated Excel and Word. Then, I added new shields for Outlook, OneNote and Skype, by entering the names and executable names (e.g. outlook.exe without the full path) with profile type of "office". MBAE created shield (lock) icons for each with no errors or feedback of any kind. As a sanity check, I decided to create a nonsense shield: "My Test", "thisdoesnotexist.exe", profile: "other". Same result: MBAE silently added the new shield icon with no error or feedback... Shouldn't the lock icon at least turn red or something if the executable can't be found? How can we verify that any of the shields are working? Link to post Share on other sites More sharing options...
Staff pbust Posted September 10, 2014 Staff ID:877475 Share Posted September 10, 2014 Shouldn't the lock icon at least turn red or something if the executable can't be found? How can we verify that any of the shields are working? No, that's not how it works. You can add custom shields for any application filename (whatever.exe). MBAE will check every application that runs on your system against its internal filter list and if it finds a match, then it protects the application. Even if the thisdoesnotexist.EXE doesn't exist in your system today, it might in the future. Link to post Share on other sites More sharing options...
steppinwolf Posted September 12, 2014 Author ID:878088 Share Posted September 12, 2014 I can see that's not how MBAE works now, but it probably should work that way. Security components that silently fail and provide no feedback as to their current state weaken security because customers are left in a state of ignorance and/or or given a false sense of confidence. For example, what if someone adds a shield for Microsoft Outlook and accidentally misspells the executable as "outllook.exe" (contains an extra "l")? According to your description, MBAE will silently fail to find outllook.exe and provide no feedback to that effect. The customer would be less-than-pleased to discover the typo by way of an infection making it's way in through outlook.exe. I doubt it would make them feel better to know if "outllook.exe" is created someday it will be protected. Link to post Share on other sites More sharing options...
Staff pbust Posted September 12, 2014 Staff ID:878092 Share Posted September 12, 2014 What if there is an application that's "outllook.exe"? There's no way for MBAE of knowing if the shield that you're adding is for an existing application or for an application that you will after adding the custom shield. MBAE works by comparing the application process filename name to the running processes. You can still use the following to verify if MBAE is correctly protecting an application after adding a custom shield: How to verify that MBAE is working correctly Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now