Jump to content
pbust

MBAE 1.08 Beta Preview

Recommended Posts

The beta 1.08 is now displaying balloon messages and reporting correct logs for Outlook 2013 and Chrome.

Initially Avast hardened mode- aggressive -reported the install file for mbae 1.08 as suspicious but added to exclusions so was then able to install okay. 

Thanks

 

 

 

Share this post


Link to post
Share on other sites

Thanks for the logs @ky331 and @sman!

 

@sman, uncheck the RET ROP techniques for the Other profile under the Advanced settings to see if the problem persists.

 

@Tarnak, in your screenshot RET ROP is disabled. Do you mean that after a reboot Opera works even with RET ROP enabled?

Share this post


Link to post
Share on other sites

Hi Pedro,

 

It was like that when I checked after the reboot....I did nothing to the setting! 

Share this post


Link to post
Share on other sites

Hmm that's weird. Is anybody else experiencing the RET ROP settings becoming deactivated after a reboot?

Share this post


Link to post
Share on other sites

I think you are referring to 'RET ROP Gadget detection' and I unchecked for both 32 bit & 64 bit. The protection is fine now. Tks..

Share this post


Link to post
Share on other sites

Hello,

 

Thanks for the good work you and your team put in regarding Kaspersky 2016 and all the other bug and issue fixing you did.

 

I can use Firefox.

 

The beta is working fine, with no issues so far.

 

Hope you and your staff are well.

 

Regards,

 

Casablancajoe (Nicholas)    :D

Share this post


Link to post
Share on other sites

I was having a conflict with Kaspersky Internet Security 2016.

 

This Beta has fixed that.

No problems opening IE9, Chrome or Firefox.

 

Using Vista basic

Share this post


Link to post
Share on other sites

Pedro asked "Hmm that's weird. Is anybody else experiencing the RET ROP settings becoming deactivated after a reboot?"

 

I don't know exactly when it happened, but yes, I noticed that:

all the REP ROP Gadget settings (both 32 and 64 bit)

the anti-heap spraying, and

the anti-exploit fingerprinting

were all spontaneously UNchecked on my Win7x64 Pro system.

After saving screenshots (attached), I restored to default settings and applied... and so far, they've been holding

 

 

EDIT:   I had DEactivated the IE shield on that system  --- Could that have somehow implemented these changes?

post-1081-0-67012200-1441623196_thumb.pn

post-1081-0-18178300-1441623215_thumb.pn

Share this post


Link to post
Share on other sites

Replicated under Win7. Under Win8 didn't happen. Seems like a bug with the configuration.

 

Thanks for reporting. We'll take a closer look.

Share this post


Link to post
Share on other sites

Nice work, kudos to you and your team.

This version has solved all  problem encountered with my OS's configuration and KTS 2016

Share this post


Link to post
Share on other sites

Hello All:

 

MBAE 1.08.1.1016 was installed over-the-top of MBAE 1.07.1.1015 Premium installs in the following two systems:

 

1.) MBAE Version 1.08.1.1016 Premium is working fine with a XP Home x86 SP3 test bed system running Microsoft Office XP (2002) where the only MBAE exclusion necessary is for Microsoft Office Excel (10.0.6871.0) 2002 (32bit) and I too needed to UNtick MBAE GUI > Settings > Advanced settings > OS Bypass Protection > MS Office/RET ROP Gadget detection (32bit) to allow Excel 2002 to launch without error. Neither M.S. Word 2002, nor M.S. Powerpoint 2002 required any additional exclusions.

 

EDIT: As expected, through the reports of others, Opera's 12.17.1863.0 32bit browser also required a similar exclusion under Chrome Browsers.

 

2.) On a Windows 10 Pro x64 system with Microsoft Office 2010, the M.S. Office applications seem to be launching/running trouble free without exclusions/changes to MBAE 1.08.1.1016 Premium so far.

 

Thank you to all.

Edited by 1PW

Share this post


Link to post
Share on other sites

Thanks for reporting guys!

 

@1PW, can you send me your MBAE logs to verify that the block of Excel in your XP is the same as others? I want to make sure we don't miss anything while fixing this.

Share this post


Link to post
Share on other sites

All RET ROP Gadget Detection mitigations are unchecked for 32bit, and 64bit applicatons. I'm using Windows 7X64 Ultimate. I know this has arleady been confirmed, but I thought I would report it in case you need to look at my log files.  Do you need to see my logs?

Share this post


Link to post
Share on other sites

@cutting_edgetech, the problem with RET ROP seems to be under XP only for now. So no need to disable it in your Win7. Only need logs if you get an FP.

 

Thanks!

Share this post


Link to post
Share on other sites

Yes, that's a different issue (disabled new techniques after reboot). Go to Advanced settings and click "Restore defaults". This should restore and keep them that way.

 

We're working on a new beta build that fixes the above issues.

Share this post


Link to post
Share on other sites

When I clicked on restore default I think a check was added for Dynamic Anti-Heapspraying for Browsers. I cant be sure, but I think I saw at least one check added when I clicked on restore default. I can't be positive which mitigation the check was added for, but I had the application hardening tab open when I saw the check added.

Share this post


Link to post
Share on other sites

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

Share this post


Link to post
Share on other sites

Yes would be interesting to know which version triggers it. Upon initial attempt to repro it didn't trigger with the latest Opera.

Share this post


Link to post
Share on other sites

MBAE "free"; W7 SP1 x64; SBIE 4.2 (settings per FAQ); latest Fx and IE. No problems.

 

MBAE upgraded over-the-top of version 1.07.1.1011. All settings retained before and after boot.

Share this post


Link to post
Share on other sites

Tarnak reports an issue with Opera.  I use Opera 12.17 and find that the ROP issue occurs with this version.  I was wondering if Tarnak is using the old Opera or the current Chrome version of Opera.  The old and new Opera browsers are, I imagine, completely different from each other.

Yes would be interesting to know which version triggers it. Upon initial attempt to repro it didn't trigger with the latest Opera.

It was Opera 12.15...so, old Opera. Hope that helps. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.