Jump to content

MBAE - No Feedback for Invalid Shields?


steppinwolf

Recommended Posts

I just upgraded to MBAE Premium 1.04.1.1012 and decided to check what shields were running. I have Office 2013 so was happy to at least see shields for Excel, Word and PowerPoint. They were all deactivated by default, so I manually activated Excel and Word.

 

Then, I added new shields for Outlook, OneNote and Skype, by entering the names and executable names (e.g. outlook.exe without the full path) with profile type of "office". MBAE created shield (lock) icons for each with no errors or feedback of any kind. As a sanity check, I decided to create a nonsense shield: "My Test", "thisdoesnotexist.exe", profile: "other". Same result: MBAE silently added the new shield icon with no error or feedback... Shouldn't the lock icon at least turn red or something if the executable can't be found? How can we verify that any of the shields are working?

Link to post
Share on other sites

  • Staff

Shouldn't the lock icon at least turn red or something if the executable can't be found? How can we verify that any of the shields are working?

 

No, that's not how it works. You can add custom shields for any application filename (whatever.exe). MBAE will check every application that runs on your system against its internal filter list and if it finds a match, then it protects the application. Even if the thisdoesnotexist.EXE doesn't exist in your system today, it might in the future.

Link to post
Share on other sites

I can see that's not how MBAE works now, but it probably should work that way. Security components that silently fail and provide no feedback as to their current state weaken security because customers are left in a state of ignorance and/or or given a false sense of confidence.

 

For example, what if someone adds a shield for Microsoft Outlook and accidentally misspells the executable as "outllook.exe" (contains an extra "l")?  According to your description, MBAE will silently fail to find outllook.exe and provide no feedback to that effect. The customer would be less-than-pleased to discover the typo by way of an infection making it's way in through outlook.exe. I doubt it would make them feel better to know if "outllook.exe" is created someday it will be protected.

Link to post
Share on other sites

  • Staff

What if there is an application that's "outllook.exe"? There's no way for MBAE of knowing if the shield that you're adding is for an existing application or for an application that you will after adding the custom shield.

 

MBAE works by comparing the application process filename name to the running processes.

 

You can still use the following to verify if MBAE is correctly protecting an application after adding a custom shield:

How to verify that MBAE is working correctly
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.