Jump to content

MBAE 1.06 Release Candidate


digmorcrusher
 Share

Recommended Posts

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Yes the notification entries in the log have been replaced by the traybar balloon notifications.

In addition to giving a more visual representation of the protection it also frees up the log window to find important entries related to exploits blocked.

Link to post
Share on other sites

I like the tool tip/balloon from the tray icon because it lets me know in real-time that MBAE is protecting my applications as I launch them. It frees the log file up, and it makes it easier to find other information. I guess you could give the option to log this information if the user disables the tool tip, but I prefer the tool tip instead of logging this information.  Thank you for adding the tool tip!

Link to post
Share on other sites

I asked this at Wilders, but I think I will move my discussion here so I can make good use of this account which I opened years ago. Are all of MBAE's mitigation methods listed in the advanced settings, or does MBAE use other proprietary methods no listed? If MBAE does use other mitigation methods then what type of mitigation methods are they?

Link to post
Share on other sites

  • Staff

I asked this at Wilders, but I think I will move my discussion here so I can make good use of this account which I opened years ago. Are all of MBAE's mitigation methods listed in the advanced settings, or does MBAE use other proprietary methods no listed? If MBAE does use other mitigation methods then what type of mitigation methods are they?

As mentioned over at Wilders, the ones shown in Advanced Configuration are those which are are allowing users to tweak. There are many more that are not showing, especially in Layer3 (Application Behavior).

Link to post
Share on other sites

Ok, thank you for the info! I was wondering why some users have been using MBAE with EMET. I just ask this because I wonder what the benefit is for those users that are using them together. EMET 5.1, and 5.2 list several different mitigation methods that are not listed in MBAE advanced settings. I just would like to know if EMET uses any that MBAE does not. If so then maybe it is beneficial to use them together. Below is a screen shot of the latest mitigations used by EMET 5.2. 

post-62103-0-51718800-1426557888_thumb.j

Link to post
Share on other sites

  • Staff

There's no point in running both together. It introduces more problems than solutions. Most mitigations found in EMET are included in MBAE, and then some. Also there is the fact that we finetune the mitigations to make them work seamlessly with protected applications, so there is no need to turn some of them off to make it work with certain third-party applications. So really the only reason to go with EMET instead of MBAE is that it's free to protect more than just browsers and Java.

Link to post
Share on other sites

I'm having a strange issue with the tool tip, and IE 11 on Windows 7X64. When I first launched IE I did not receive the tool tip informing me that MBAE was protecting IE unless I just missed it. I closed IE, and launched IE again. The tool tip then did not appear until about 15-20 seconds after I launched IE. After that I continued to get random tool tip notifications that MBAE was protecting IE 11 as I surfed the net. 

Link to post
Share on other sites

There's no point in running both together. It introduces more problems than solutions. Most mitigations found in EMET are included in MBAE, and then some. Also there is the fact that we finetune the mitigations to make them work seamlessly with protected applications, so there is no need to turn some of them off to make it work with certain third-party applications. So really the only reason to go with EMET instead of MBAE is that it's free to protect more than just browsers and Java.

Ok, thank you for the information!

Link to post
Share on other sites

I checked process explorer, and I don't have any iexplorer.exe processes still running. It's possible that they were still running in the background when I continued to receive the tool tips though. I'm no longer receiving the tool tips now with IE shut down. I just launched IE again, and the tooltip appeared immediately. I will surf the net for a while, and see if I continue to receive the random tool tips informing me that MBAE is protecting IE.

Link to post
Share on other sites

  • Staff

It seems that you have a few instances of rundll32.exe executing iexplore.exe child processes with specific commands to clear IE's cache:

 

C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8651 WinX:0 WinY:0 IEFrame:0000000000000000. Parent Process (1312)explorer.exe

 

Every time this happens it executes 2 iexplore.exe processes.

 

From the logs I see it happened a few times:

 

2015/03/16 - 21:54:15

2015/03/16 - 21:55:16

2015/03/16 - 22:32:00

 

Do you have some type of schedule cleaner running in the background?

Link to post
Share on other sites

No, I don't have anything like that running that I am aware of. I have CCleaner installed, but I only use it to clean the cache manually. I don't have any autocleaning enabled. I just have IE configured to delete browing history when I close it. I just closed IE again, and several seconds after closing it MBAE tool tip appeared. It has not appeared again though, and I have had IE closed for about 5 minutes now.

Link to post
Share on other sites

  • Staff

If you can replicate this at will, try the following:

 

1- Stop the MBAE service.

2- Delete all the files from the MBAE logs directory.

3- Start the MBAE service and execute mbae.exe.

4- Replicate the problem.

5- Send me a new ZIP file with the fresh files from the MBAE logs directory.

 

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.