Jump to content
TheDukeUK

[SOLVED] Browsers not opening with MBAE & Comodo

Recommended Posts

IE11 fails to start on Windows 7 with MBAE On. It has worked fine up until today and the only things I have done recently is upgrade Comodo Endpoint Security to 8.2, Update to Adobe Acrobat Reader DC from X11, Update TomTom Home and apply a Windows Update KB2952664. If I stop protection with MBAE IE starts up fine or if I uninstall MBAE it starts fine. I have disabled all add ons but still IE will not start with MBAE enabled. I have done a Malwarebytes Full Scan recently and I am 100% sure I have not been anywhere to acquire an exploit in the past week.

 

I know that it was working fine on 25th July 2015 and that was the last time I used IE till today when I either get a popup from MBAE or an egg timer then IE just closes.

 

Zip of Programdata as requested attached

Malwarebytes Anti-Exploit.zip

Share this post


Link to post
Share on other sites

This is the popup message I get

 

Application Internet Explorer (and add-ons)

Protection Layer Application Hardening

Protection Technique Exploit blocked by Anti-HeapSpray Enforcement

post-190827-0-31506600-1438410703_thumb.

Share this post


Link to post
Share on other sites

I had the same issue today. I ran malwarebytes (0 threats), then cleaned temp files with ccleaner and the popup hasn't returned.

Share this post


Link to post
Share on other sites

I have the exact same problem when I started up my pc today

 

Everything was fine yesterday.

 

 I ran malwarebytes (0 threats) and then firefox and IE worked fine.

 

But as soon as I rebooted and tried again, malwarebytes stopped both browsers from starting again.

 

No problems with chrome.

Share this post


Link to post
Share on other sites

Are you guys running the Kaspersky 2016 beta by any chance?

 

Please post your FRST logs.

Share this post


Link to post
Share on other sites

Thanks for confirming @onlinebusinesssupport.

 

Instructions for FRST logs can be found in the readme first link in my signature.

Share this post


Link to post
Share on other sites

Are you guys running the Kaspersky 2016 beta by any chance?

 

Please post your FRST logs.

 

Not running Kaspersky. Running Comodo Endpoint Security which is the same as Comodo internet Security.

I posted the Logs on my original post at the top.

Share this post


Link to post
Share on other sites

There is a known issue with Comodo. Can you uninstall Comodo temporarily to see if the problem persists?

Share this post


Link to post
Share on other sites

Thanks onlinebusinesssupport, but please also attach the FRST logs. Instructions and link to FRST in the readme first link in my signature.

Share this post


Link to post
Share on other sites

I uninstalled Comodo Endpoint Security 8.2 and MBAE and IE11 ran fine. So it's a false positive from your software. Is it fixable ?

Share this post


Link to post
Share on other sites

There is a known issue with Comodo. Try the workaround mentioned in the Known Issues list but instead of adding the Firefox folder, add the IE folder.

Share this post


Link to post
Share on other sites

There is a known issue with Comodo. Try the workaround mentioned in the Known Issues list but instead of adding the Firefox folder, add the IE folder.

 

Excuse me I let this got the first time but Comodo is the top Internet Security Company in the world who do a variety of security products. Two such products which I believe you refer to are Comodo Endpoint Security and Comodo Internet Security. The issue is not with either of these products it is with your MalwareBytes Anti Exploit product giving a False Positive rendering it next to useless. Instead of providing workarounds it would behove you to fix your product and make it more accurate.

The "workaround" you suggest is dated  Oct 19 2013 and you still have not fixed the false positive reading in your software.

However I have added C:\Program Files\Internet Explorer and C:\Program Files (x86)\Internet Explorer to the HIPS -> Detect shellcode injections -> Exclusion list in Comodo Endpoint Security and can now open IE11 with MBAE enabled.

Disabling a security feature in one product to get round a deficiency in another is hardly a satisfactory "workaround" as it leaves one more vulnerable instead of more protected which should be the aim of all internet security companies.

I have installed CIS and MBAE on dozens of Friends computers and would appreciate a more active interest from your company in fixing this problem with your software please. So I do not have to implement this, almost 2 year old, "workaround" on them all. Thanks in Advance.

Share this post


Link to post
Share on other sites

The issue (and consequent workaround) is actually pretty recent. The Known Issues list is from Oct 2013, but it is a live post which changes over time as new versions of MBAE are released.

 

The fix from our end is on our backlog, but it is to be expected that products that have similar anti-exploit technology, like MBAE and EMET, might conflict like this. This is not to say that Comodo has anything near what MBAE does, as the source of the conflict is not due to conflicting mitigations in this case.

Share this post


Link to post
Share on other sites

Had the popup block again today. I don't have Comodo, Norton, or Kaspersky. FRST logs attached along with mbae programdata. A few minutes after startup, it finally let me open both IE and Firefox, possibly something to do with checking for mbae updates before opening the browser?

logs.zip

Share this post


Link to post
Share on other sites

The issue (and consequent workaround) is actually pretty recent. The Known Issues list is from Oct 2013, but it is a live post which changes over time as new versions of MBAE are released.

 

The fix from our end is on our backlog, but it is to be expected that products that have similar anti-exploit technology, like MBAE and EMET, might conflict like this. This is not to say that Comodo has anything near what MBAE does, as the source of the conflict is not due to conflicting mitigations in this case.

 

Thank you ... it possible please would you reply to this thread when there is a fix released for it please so I may update the dozens of friends computers I have installed your MBAE on ?

Share this post


Link to post
Share on other sites

FRST is a very well known troubleshooting tool. What you are seeing is a false positive from Norton.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.