Jump to content
meatkakes

[SOLVED] ASUS conflict generating IE/FF Anti-HeapSpraying & Chrome flicker

Recommended Posts

Hello,

 

Hopefully this is the proper place to post. I recently have been having issues with Tor being blocked by MBAE. I had the block notifications begin to appear, so I would then delete the Tor install folder, and install the program again. It would then work until I either signed out or restarted. Sometimes it seemed to end up working if I waited a few minutes, or if I can a cleanup utility like Ccleaner or Privazer, but as soon as I restarted/signed out, I would be given the MBAE alert.

 

I eventually reformatted my system as it had been overdue for a while anyways. Things seemed to be operating as expected for a short time, and then even Firefox began to display MBAE block notifications. I really do not know what is causing this. I have two sets of logs. The first is for the issue when it seemed to be only happening with Tor, the 2nd is for when it started happening for Firefox and Tor.

 

What is also interesting to note is that the Firefox Nightly developer version seems to not be impacted. I would open up Firefox and Tor and have the block from MBAE, but Nightly operates as expected.

 

I hope the attached logs have some useful information. Thank you for any assistance.

 

Malwarebytes Anti-Exploit.rarMalwarebytes Anti-Exploit 2.rar

Share this post


Link to post
Share on other sites

Welcome to the forum and thanks for posting ITC23.

 

This issue was reported a few hours ago at Wilders and I tried to replicate but was unsuccessful. We will try again in our QA environment to see if we can replicate and identify the problem.

Share this post


Link to post
Share on other sites

Welcome to the forum and thanks for posting ITC23.

 

This issue was reported a few hours ago at Wilders and I tried to replicate but was unsuccessful. We will try again in our QA environment to see if we can replicate and identify the problem.

 

I've done a little more testing and it seems that 32 bit Firefox is impacted as well. The 64 bit beta and the 64 bit nightly seem to be unaffected.

 

I assume it is some kind of a false positive or odd conflict since it returned so quickly after totally wiping my system. Thanks for the assistance.

Share this post


Link to post
Share on other sites

getting alerts for FF only but log shows exploit in FF and IE 11.  Disable program and launch browsers first then launch anti exploit and no alerts or exploits are noted.

Share this post


Link to post
Share on other sites

Is any of you that can replicate this consistently open for a remote support session to debug the issue?

Share this post


Link to post
Share on other sites

Interestingly, I downloaded and installed the beta of Firefox 64-bit (v40b9), and with exactly the same add-ons installed and enabled as for 32-bit Firefox 39, starting it does not trigger the MBAE alert that I get with 32-bit Firefox.

Share this post


Link to post
Share on other sites

While we continue investigating the issue, feel free to temporarily disable the Anti-HeapSpraying technique:

 

MBAE UI -> Settings -> Advanced settings -> Application Hardening -> Anti-HeapSpraying Enforcement -> Disable for "Browsers" -> Apply

Share this post


Link to post
Share on other sites

Sorry for the late reply, I think I've figured this out. So it seems that one plugin by itself won't cause the flicker, but if I run multiple plugins at once, it will. Even if I just run two plugins, it will flicker. For reference the plugins I use are: Ad Block Plus, Avast Online Security, Google Sheets, Google Docs, and Google Slides.

Share this post


Link to post
Share on other sites

Thanks for confirming meatkakes.

 

We'll have our QA try to replicate this internally.

Share this post


Link to post
Share on other sites

I downloaded the update for the security exploit that was patched and it won't allow the browser to open.

Share this post


Link to post
Share on other sites

Which version of MBAE?  I downloaded the FF patch, and just now exited and restarted Firefox with no issues (Windows 7, MBAE 1.07.2.1015)

Share this post


Link to post
Share on other sites

Hi Dan50,

 

please provide the MBAE and FRST logs in order for us to troubleshoot.

 

Thanks!

Share this post


Link to post
Share on other sites

Hi Dan,

 

unfortunately what you have attached is the C:\Program Files (x86)\Malwarebytes Anti-Exploit folder. What we need is the hidden C:\ProgramData\Malwarebytes Anti-Exploit folder.

Share this post


Link to post
Share on other sites

Hi @Ndallas75002 welcome to the forum and thanks for posting.

 

Can you please post both your MBAE and FRST logs? Instructions can be found in the "readme first" link in my signature.

 

Thanks!

Share this post


Link to post
Share on other sites

Hi Dan,

 

Do you have Comodo installed by any chance? If so take a look at the workaround in the Known Issues list.

 

Please provide also the FRST logs. Instructions can be found in my signature.

Share this post


Link to post
Share on other sites
Hello -   Firefox gets blocked when attempting to open. 

  • MBAE 1.07.1.1015
  • FF 40.0  (but problem also occurred with v39)
  • Win 7 Pro
  • MS Security Essentials
  • otherwise clean running power system
  • Attached: MBAE user data directory, First.txt and Addition.txt
I've reviewed some of the posts, and I'm sorry of I've missed a solution.   :mellow:

Addition.txt

FRST.txt

mbae-config.zip

Share this post


Link to post
Share on other sites

Thank for posting @SoCalSienna.

 

Can you please try the following:

 

1- Close all ASUS processes and stop all ASUS services so that the following are not running any more:

     () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
    (CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
 

2- Start FF40 again. Does it run now?

 

3- If the above doesn't work, stop all of the following processes and services and try again:

     (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
 

4- If the above doesn't work, stop MBAE by right-clicking on the orange/white shield icon on the system tray and choosing "Stop protection".

 

5- Open FF40 and disable all browers.

 

6- Start MBAE again and start FF40. Does it run now?

Share this post


Link to post
Share on other sites
Pedro -

 

THANK YOU for the directions. :)  Firefox now opens fine, and MBAE does not block it.  The culprit was atkexComSvc.exe. :angry:   Feel free to mark this solved.

 

 

Optional Details

  • The problem was solved after I tried the first item on your list (atkexComSvc.exe).  Using Autoruns, I selectively disabled the service, and did a reboot.  After the reboot, with MBAE running, Firefox opened normally. Problem solved.
  • I have an Asus Z87 Expert motherboard, and I think the atkexComSvc.exe file was installed along with whatever else I loaded when I built the PC.  Autoruns shows the service with a pink highlight, indicating the Description is blank.
  • Top Google result for atkexComSvc.exe: http://dyslexicanaboko.blogspot.com/2012/09/asus-com-service-atkexcomsvcexe-memory.html
    • It's a "Com Service that talks to the BIOS"
    • It has a memory leak, which sounds like a problem.  I have 32GB RAM, and haven't noticed.
    • I don't use the "Asus AI Suite" for overclocking, fan speed control, etc., so I don't expect to miss anything that relies on atkexComSvc.exe.

  • Is anyone still reading?  Wow, you are a champ. :P   If you think I'm going wrong with any of this, please add a comment.

Share this post


Link to post
Share on other sites

Thanks for confirming and for the additional details SoCalSienna.

 

This is not the first time we've had problems with crappy ASUS software so I'm not surprised about your findings.

 

Could you please send me a copy of the atkexComSvc.exe file? Actually if you can send me the entire "C:\Program Files (x86)\ASUS\AXSP\" that would be even better.

 

Either in a RAR with password to PM or via some file sharing site would be OK.

 

Thanks again!!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.