Jump to content
pbust

MBAE 1.08 Beta Preview

Recommended Posts

Thanks for the info sman!

 

Btw reverted the download link in the thread announcement to 1016 build as we re-introduced the Kaspersky conflict by mistake in the 1021 build. A new build will fix this asap.

Share this post


Link to post
Share on other sites

Hello All:
 
Ref: https://forums.malwarebytes.org/index.php?/topic/172363-mbae-108-beta-preview/page-2#entry987726

Despite postings here to the contrary, and to give Pedro yet another data point, I did install 1.08.1.1021 over the top of 1.08.1.1016 on my previously mentioned XP Home x86 SP3 testbed system in part because no Kaspersky products have ever been installed on that system.

 

I have reverted all settings in build 1021 to default and now that system's Opera 12.17.1863.0 browser along with Excel 10.0.6871.0 launch and operate normally while enjoying MBAE's protections.

 

As no other issues have been uncovered there, I'll let that system's build 1021 await another Beta Preview version even while it's kept off-line.

 

Thank you.

Share this post


Link to post
Share on other sites

Welcome to the forum TheDude23112.

 

Can you please attach your MBAE logs here? Instructions can be found in the "readme first" link in my signature.

 

Thanks!

What exactly is the directory name?

Share this post


Link to post
Share on other sites

The "readme first" link explains it all and shows the directory names per OS.

Share this post


Link to post
Share on other sites

Thanks Pedro.

V. 1023 has solved the issue for me on W10 64 Bit

Appreciate the hard work. :)

Share this post


Link to post
Share on other sites

Build 1023 has been installed over-the-top on several MBAE Premium systems here, and no issues are seen.

 

Thank you to all.

Share this post


Link to post
Share on other sites

With build 1023 on Win7x64, all seems stable in quick/preliminary testing.   Two comments:

 

1) I had deactivated the IE shield in 1021... the install of 1023 overrode that setting, and activated the IE shield again.   Was that intentional on your part, to re-activate any shields that the user had chosen to deactivate? 

 

2) I had a custom (Open)Office shield [for soffice.bin] in 1021 (and earlier versions/builds).   I read that you had added protection for Libre Office in 1.08.x , but I hadn't actually noticed it until today's build:   My custom shield for (Open)Office "disappeared", and was replaced by the pre-defined shield for LibreOffice.    I'm sure it's an "even exchange" in terms of what's being protected.   Just wondering why I didn't notice it until today's 1023 build, if --- as is my understanding --- you started protecting LibreOffice in build 1016?   [Note:   I just double-checked on another system's 1021, which indeed still shows my (Open)Office but not your LibreOffice.]

Share this post


Link to post
Share on other sites

Build 1023 Premium, installed over the top, no issues at this time..will report any if any... thanks.... (Windows 7 (SP1) 

Share this post


Link to post
Share on other sites

ky331, not sure what happened with your OpenOffice custom shield. Do you remember if the filename shielded as the same?

Share this post


Link to post
Share on other sites

Hi,

 

Updated to 1023 build and everything is fine..

 

Have a few general queries..

 

- Is 'plugin-container' protection only specific to FF, which is not the case with other browsers?

- To uninstall some AV's one has to do it in Safe mode only, while in case of MBAE, from taskbar it can be killed off, so on this would it not be safer to be in line with AV's?

 

Hope this helps...

Share this post


Link to post
Share on other sites

Regarding plugin-container.exe, this is shielded by default. But it is not exclusive to Firefox. Some other Firefox-based browsers also use the same named plugin-container.exe.

 

As for uninstall, MBAE was designed as a first line of defense against exploit-based infection vectors. It is not designed to live in an infected system, while AV is. Still you need administrator privilege to unload/stop/uninstall MBAE.

Share this post


Link to post
Share on other sites

pbust,

 

Yes, I had mentioned in my post (#84) above that the filename is the same --- soffice.bin --- for both OpenOffice and LibreOffice.   So I should still have the same protection as before, it appears to be just a name change for the shield.   The same phenomenon --- my custom OpenOffice shield being replaced by a pre-defined LibreOffice shield --- has likewise occurred on my Win8.1 and WinXP systems.

 

No issues on 8.1.  

 

As for XP, I'm getting some VBscripting engine blocks in IE, for example, at the Adobe Flash test page http://www.adobe.com/software/flash/about/; but IE8 on XP is running into other "aging" problems (NOT related to MBAE), so I doubt I'll be using it much more, meaning I don't know that it's worth it to pursue this (unless you have other people requesting  it).   I can always uncheck the VBscripting option, if I really need it... but I'll probably just stick to Firefox and/or PaleMoon in XP.

Share this post


Link to post
Share on other sites

Got it, thanks! Yes its normal obviously for the default factory shield to overwrite the custom shield in this case.

 

As for VBScripting, this is a normal behavior with 1.08 as it enables the application hardening technique by default. It only applies to older IEs as newer IEs already have VBScripting disabled by default as Microsoft deprecated it some years ago.

Share this post


Link to post
Share on other sites

Hi,

 

Tks for your reply..

 

I checked with Palemoon x64 (though I rarely use it), and do not find ;'plugin-container'' shield for it in Process explorer.. Is it normal?

 

On the other aspect, I'm still not clear, if one were logged in as Admin, what happens?

 

Hope this helps..

Share this post


Link to post
Share on other sites

Yes that's normal sman. Not all browsers use the same plugin-container.exe name and not all browsers have it running at all times, only when needed by the plugins.

 

As for MBAE behavior... with Admin you can do anything (start, stop, exclusions, shields, uninstall, etc.) whereas with a limited user account you can't do anything.

Share this post


Link to post
Share on other sites

Hi, all. Just loaded build 1023 on my Win7 system with Kaspersky Internet Security 2016 installed.

 

Can now open all browsers, although link loading seems a little slower. Otherwise, working well.

 

Kudos to all MalwareBytes staff !

Share this post


Link to post
Share on other sites

Just wondered if other XP users have encountered a file open conflict when attempting to install a later beta MBAE over a previous one.

Share this post


Link to post
Share on other sites

Hi,

 

Just a bit of paranoia that admin login would give privileges to an attacker to kill off MBAE and infect the system. Hope, it remains far fetched..

Share this post


Link to post
Share on other sites

As part of my post #84 above, I reported:

 

I had deactivated the IE shield in 1021... the install of 1023 overrode that setting, and activated the IE shield again.   Was that intentional on your part, to re-activate any shields that the user had chosen to deactivate? 

 

That comment/question went unanswered.  

 

I now wish to add:    having deactivated the IE shield on 1023 on Win7x64, and rebooted (not sure if only once or several times), the IE shield was reactivated again.   That shouldn't be happening.   I will let you know if it continues to happen on subsequent reboots.

 

EDIT:   I just rebooted, as a test, and IE's shield has been reactivated yet again.   I don't consider this an "emergency"... but I will be reverting to a previous build until this issue is fixed.

Share this post


Link to post
Share on other sites

Interesting, thanks for reporting this. Will repro and fix asap.

 

@hake, can you post a screenshot of what you are seeing?

Share this post


Link to post
Share on other sites

This only happened on one system.  I found that although the install was said to have rolled back that it left MBAE 1.08.1.1023 installed and working BUT was absent from Control Panel's Add or Remove Programs list.  It therefore seemed like a good idea to run the MBAE unins000.exe and I followed this with a registry clean by CCleaner and a fresh install.  I have since tried to replicate the behaviour but cannot get it to do a repeat performance.

 

No one else has reported this, I believe, so I am inclined to think that it's only my particular copy of XP that has temporarily exhibited the behaviour.

 

MBAE 1.08.1.1023 works well.

Share this post


Link to post
Share on other sites

Build 1025 released. Download link updated in first post of this thread.

 

* Finetuning of fingerprinting detection technique

* Fix bug with default shield re-activating after boot

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.