Jump to content

MBAE 1.08 Beta Preview

pbust

By pbust
in Anti-Exploit Beta

 Share

Recommended Posts

stealthsub2

stealthsub2

Posted
Posted

My original post #55 (09 Sept 2015) stated that MBAE Beta 1.08.1.1016 fixed the Firefox "Can't load XPCOM issue".  But, like Schwarzenegger said "I'll be back", the issue resurfaced.  I uninstalled MBAE 1.08.1.1016 and installed Beta 1.08.1.1044.  The FF issue went away again -- no "Can't load XPCOM" error [also IE (which I don't use) also loads].

 

Link to post
Share on other sites
  • Replies 386
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

stealthsub2

stealthsub2

Posted
Posted

re: post #303

forgot to note -- (1) installed on Windows 7 Home Premium Edition Service Pack 1 build 7601 (64-bit).

(2) recall that I uninstalled previous MBAE beta.

(3) I restarted after installing Beta 1.08.1.1044 -- could not figure how to get task running in taskbar & did not get the bubble message that MBAE was protecting the browser when started.  After rebooting, these two issues disappeared.

Link to post
Share on other sites
sman

sman

Posted
Posted

Of late, when at times try to access Right click context menu in start, taskbar hangs and then get "remote procedure call failed" error, followed by disapperaing of some of the systray icons (MBAE amongst them).. Though all MBAE services r running, the absence of UI then is akin to working in the dark with a false sense of security (as any action/threats will no longer be alerted or logged)..

 

This then , forces one to reboot, to get the UI back.. Being very much integral to MBAE working, UI's functioning is a cause of concern...

Link to post
Share on other sites
  • Staff
pbust

pbust

Posted
  • Author
  • Staff
Posted

@sman, sounds like some application is buggy and making your explorer.exe crash. This of course affects many other third-party applications.

 

However, the MBAE UI is not needed for MBAE to continue providing protection. Even if the UI crashes or you close it, the MBAE Service will continue running. The MBAE Service is the one that provides protection.

 

I'd suggest you find out which of your installed applications is making your explorer.exe crash and disable or uninstall it.

Link to post
Share on other sites
sman

sman

Posted
Posted

Yes @pbust, it's true that protection will remain, but sans UI alerts/logs essential to act upon it.. On RPC failure, I'm all at sea as to what is causing it, some suggest it could be some shell call or so, but not sure..

 

Now, w/o UI in place, will I still be alerted of any threat blocking/any action by MBAE??.. Tks..

Link to post
Share on other sites
sman

sman

Posted
Posted

More on erratic behavior -

 

- Open say FF at 12.00 hrs, MBAE UI icon comes out of hiding from Systray but no balloon alert of protection

- Close browsing session by 12.10 hrs

- at 12.15 hrs get balloon alert that FF is being protected (15 mts after opening and long after closing of browser)

- UI log shows protection as from 12.00 hrs..

 

Have no idea, why this happens?..

Link to post
Share on other sites
hake

hake

Posted
Posted

I have observed this behaviour of mbae.exe since I started using MBAE.  It happens with XP on older (slower) hardware.  I allow at least 30 seconds to elapse from being presented with the logon prompt at startup before responding and this ensures that MBAE runs as it ought to.  A little use of the command line 'taskkill' (available in Windows 2003 Resource Kit) and other command line stuff to restart mbae.exe through a convenient desktop shortcut should do the job.

Link to post
Share on other sites
Pijuvwy

Pijuvwy

Posted
Posted

I use Windows 8 64 bit, Firefox 41.0.1, Comodo IceDragon 40.1.1.18. This is the third time I've tried MBAE, and the third time I've had to uninstall it to have web-browser functionality.

 

03-11-2015

11:01am    Installed mbae 1.08.1.1044. No warnings from Avast or Comodo.

11:02        Tried to start Comodo Ice-dragon. Small system notification: "Comodo Ice-Dragon (and add-ons) is now protected my Malwarebytes Anti-exploit Free." Failed to open.

11:03         Tried to start Firefox. "Firefox (and add-ons) is now protected my Malwarebytes Anti-exploit Free." Failed to open.

11:06        Tried to open IE. "Internet Explored (and add-ons) is now protected by Malwarebytes Anti-exploit Free." IE partially opened, did not complete, closed.

Logged-out of user account. Logged in to Admin account.

11:11        Same result on Firefox.

11:11        Same result on IE (application opens to empty application window for about 25 seconds before closing).

11:14        Comodo Ice-Dragon successfully opened. WinPatrol Alert on MBAE popped up. (screenshot1)

11:19        Paint.net successfully opened to deal with screenshot.

11:20         Clicked on Plus Info in WinPatrol notification and Firefox successfully opened to http://www.winpatrol.com/nonpluscloud.html?mbae_svc.exe&5&2&0&0&0&1&136&0&0

11:22        I closed Firefox. I successfully re-opened Firefox. Closed Firefox.

11:23        Tried to open IE. Failed as before.

11:23        Closed ice-Dragon. Successfully re-opened Ice-Dragon. Closed ice-Dragon.

11:26        Ran mbae-support.exe

11:29        Zipped C:\ProgramData\Malwarebytes Anti-Exploit

11:34        Ran FRST64.exe

11:47        Tried to open Firefox to send logs. No response.

11:48        Tried to open Comodo Ice-Dragon. No response.

11:49        Successfully opened IE.

11:50         Re-tried Firefox. Successful. Re-tried Ice-Dragon. No response. Remembered to click Accept Changes on WinPatrol popup. Ice-Dragon still doesn't work.

Sent the above plus Log files to Tom at Support, by email.

12:00        Closed Firefox to re-start with Firefox Updates. Firefox did not respond.

12:06        Logged-out as Admin, logged in as User. Firefox did not respond. Tried again. Got system notifiction,  "Firefox (and add-ons) is now protected my Malwarebytes Anti-exploit Free." Firefox opened successfully.

12:10        Firefox not responding. Had to force-quit from Task Manager.

12:11        Restarting computer.

12:16        Starting Firefox. System notification appeared but Firefox failed to start.

12:17        Result for IceDragon same as above for Firefox.

12:18        Starting IE. System notification appeared, and IE started successfully.

12:19        Microsoft Word starts successfully, as does Excel, 7-zip, PhotoFiltre, DivX Player, VLC, QuickTime Player, OpenOffice, MuseScore, Media Player Classic, Google Earth.

12:27        Re-tried Firefox. Doesn't start. Same for IceDragon.

12:29        Re-tried IE. Starts very slowly to a blank tab, but won't respond to controls.

12:31        Un-installed MBAE

12:32        Firefox starts successfully, as does IceDragon and IE.




 

Link to post
Share on other sites
btmp

btmp

Posted
Posted

DOS is from where Modern day OS has come from.. As a full time online trader, one has to be on his feet all day and all system programming, troubleshooting are all are better left to the experts..

I haven't read the entire thread, only the last few posts so perhaps I'm missing something but here we go...

 

@sman

I'd have to disagree with you there, a user (which is all I am) with a bit of experience or a willingness to learn a few things can help quite a bit. Given the timestamps and his 'log' there I think s/he has what it takes to do just that. Some things are missing but s/he seems to have put forth a bit of effort.

 

@Pijuvwy

Do any of those programs, eg Firefox, IE etc.. share any addons or do you use any type of third party program for proxies or ad blocking? Sending those logs to pbust will be helpful (especially as they'd help identify any such 3rd party programs or other apps that may interfere) but in my experience wading through some Process Monitor logs (overwhelming as they are) can help more than anything else but I wouldn't suggest you try that just yet.. It can help identify system specific tweaks that haven't been accounted for or some other thing that may be causing an issue but the more you can give pbust or others willing to look into the issue the better!

Link to post
Share on other sites
Pijuvwy

Pijuvwy

Posted
Posted

My Firefox setup and IceDragon setup use very similar sets of addons, as IceDragon is Firefox-based. I don't use addons with IE because, essentially, I just don't use IE. So yes, that does include adblocking extensions and anti-scripting extensions. 

 

IceDragon uses a Secure DNS Service, and I have wondered if that functionality had "leaked" to my Firefox too.

https://www.comodo.com/home/browsers-toolbars/icedragon-browser.php

 

In terms of system tweaks, the only one that comes to mind is Classic Shell.

http://www.classicshell.net/

 

Then, of course, there are various bits of security software.

Link to post
Share on other sites
Pijuvwy

Pijuvwy

Posted
Posted

MBAE Beta test 2

Since the previous test I have installed a new web-browser: Pale Moon
http://www.palemoon.org/

03-11-2015

21:18     Closed browsers and rebooted

21:21    Re-installed MBAE Beta

21:22    Rebooted

21:24    Firefox starts successfully. No MBAE balloon message. Firefox quits successfully, though a bit slow. Task manager shows I am running MBAE 32-bit. Why not 64 bit?

21:27    Firefox starts and quits successfully, no slowness. No MBAE balloon message.

21:29    IceDragon starts and quits successfully, no slowness. No MBAE balloon message.

21:31    Internet Explorer starts and quits successfully, no slowness. No MBAE balloon message.  MBAE is still in Task Manager processes, but has maved from Background Processes category to Apps category.

21:33    Pale Moon web-browser (Firefox based) starts and quits successfully, no slowness. No MBAE balloon message.

I wonder whether A) The MBAE problems have resolved themselves, or B) MBAE is not working at all.

Link to post
Share on other sites
  • Staff
pbust

pbust

Posted
  • Author
  • Staff
Posted

Do you have the UI running in your system tray?

Is it running?

Do you have the "System tray notification tooltips" checkbox enabled in MBAE UI -> Settings?

 

If you have checked all the above, could it be that you have some system tuning to not show system tray balloon notifications?

 

You can also use the following guidelines to verify that the protection is running even if there are no balloon notifications:

https://forums.malwarebytes.org/index.php?/topic/139368-how-to-verify-that-mbae-is-working-correctly/

Link to post
Share on other sites
Pijuvwy

Pijuvwy

Posted
Posted

It could be, but the problems I had previously were: MBAE was running, and preventing web-browsers from starting. It seems strange that I am now having a totally different kind of problem.

 

I'll dig a little deeper tomorrow or subsequent days. Thanks for your assistance.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.