Jump to content

MBAE 1.08 Beta Preview


pbust

Recommended Posts

This applies to Windows 10 x64 Professional and using IE 11 as the browser.  The finger printing exploit issue still occurs with build 1030. 

 

1.  Using IE 11, sign on to the MBAM forum and open the thread for the MBAE beta download.

2.  Select to download MBAE Build 1030

3.  Select "Save As" and start to navigate to where you want to save the download.

4.  The fingerprint exploit will occur before you can "save as"

 

A snapshot of the exploit window and the C:\Program Data\Malwarebytes Anti-Exploit folder is attached.

ProgramData Folder.zip

Link to post
Share on other sites

  • Replies 386
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hi,

 

I checked on @siliconman01's on IE in Win 10 and no exploit was triggered in this case, but was unable to download the MBAE file with some garbage file name that it could not be downloaded by the download manager in IE 11..

 

I had installed Trendmicro's browserguard v3.0 which covers IE (running under compatible mode in Win10, as it is of Win7 or so compatability), but even disabling of this guard, had no effect and the result was the same.

 

Hope this helps..

Link to post
Share on other sites

Hi,

 

The problem seems to be with IE, not with MBAE, or other running apps. MBAE download link works fine in other browsers, but not so in IE. Also, to check out whether the problem occurs with any other download links, I tried to login to FB from IE and to my horror, it kept repeatedly going back to the FB login page.. Also, I tried with gmail, rediffmail and the result is same.

 

One cannot login into FB, gmail, rediffmail in IE, a unique problem of sort., while there r no issues logging into these services from other browsers chrome etc.

 

I checked it out , stopping out MBAE, turning off trendmicro browserguard, heimdal security, to no effect.

 

Will have to check it out in other Win10 system, to see if it replicates. but feel will have to take it up with Microsoft support, only..

 

Hope this helps..

 

PS : Also noticed, that when in rediff, everytime get download request for some fb button of facebook.com, very weird indeed.

Link to post
Share on other sites

  • Staff

Thanks for the logs @siliconman01. Quick question to make sure we're trying to replicate it correctly. You are clicking on the link first that directs you to box.com, correct? And then once on box.com you choose save as, correct? Finally you're using IE and not Edge, correct?

Link to post
Share on other sites

The problem was with Download Manager add-on in IE, disabling off it, solved all issues in IE. So, IE was fine in 1030 build.

 

Since, there r no release notes to 1031, do not know, whether 1031 was due to siliconman01.

 

Anyway, updated to 1031 and eveything is fine..

Link to post
Share on other sites

Thanks for the logs @siliconman01. Quick question to make sure we're trying to replicate it correctly. You are clicking on the link first that directs you to box.com, correct? And then once on box.com you choose save as, correct? Finally you're using IE and not Edge, correct?

 

I am using IE 11, not Edge.  The description of the steps are correct as you stated them.

 

I just updated to Build 1031 and it is much worse.  The finger printing exploit occurs just trying to attach the C:\ProgramData\Malwarebytes Anti-Exploit zipped folder to this post.  As soon as I click on Browse to select the attachment, the exploit occurs. 

Malwarebytes Anti-Exploit.zip

Link to post
Share on other sites

I don;t know what SWB is about, or abt SAS Pro (is it tool for Software as a Service but this would be SaaS).. Is your Win 10 up-to-date? there was a recent update for Flash for IE for WIn10, hv u updated it?

 

As far as my system, I checked out whether Trendmicro Browserguard could be cause of any conflict of interest with MBAE and stopped TMBG in systray and also disabled it Toolbar add-ons in IE. No problem at all. whether TMBG is active or not..

 

So, it's 100% no issues with my system.. :D

Link to post
Share on other sites

These r only my suggestions...

 

- Do u have Norton's toolbar/extns for IE enabled?

- Did u try with 'InPrivate' mode in IE?

- Microsoft itself is moving away from IE and to Edge for parity with Chrome etc. So why don't u move to other browsers Chrome, FF, etc (preferably Chrome for its sandboxing, encryption/security features)..

Link to post
Share on other sites

Installed 1031 over top 1030 on both OS's

Was a hiccup on my W8.1 as with the over top upgrade I found the well known message that service wasn't running and MBAE needed to close. Tried a couple of reboots but no change.

Uninstalling and clean reinstalling Fixed the glitch.

Alls good. :)

Link to post
Share on other sites

Could you add protection for email client(thunderbird, etc...), or it's just useless ?

If you're using the Pro version of MBAE, you can just add thunderbird.exe to the list of protected applications. It's always a good idea to shield Internet-facing apps, so it does make sense to to add Thunderbird to your list of protected apps.

 

PS: I installed the latest build (1031) earlier today - no issues so far. Thanks, Pedro.

Link to post
Share on other sites

If you're using the Pro version of MBAE, you can just add thunderbird.exe to the list of protected applications. It's always a good idea to shield Internet-facing apps, so it does make sense to to add Thunderbird to your list of protected apps.

 

PS: I installed the latest build (1031) earlier today - no issues so far. Thanks, Pedro.

Thanks, I was not sure, now I am.

Link to post
Share on other sites

This applies to Windows 10 x64 Professional using IE 11. 

 

Found this MBAE-SVC crash event in EventLog Viewer this a.m.. 

 

Faulting application name: mbae-svc.exe, version: 1.8.1.1031, time stamp: 0x560592bd

Faulting module name: mbae-svc.exe, version: 1.8.1.1031, time stamp: 0x560592bd

Exception code: 0xc0000417

Fault offset: 0x0005e576

Faulting process id: 0x810

Faulting application start time: 0x01d0f9aaed2376ae

Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

Report Id: e4b76ac7-7761-4939-9358-69e23808c6ed

Faulting package full name:

Faulting package-relative application ID:

 

It was followed by a second Error

 

The Malwarebytes Anti-Exploit Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Data is attached.

MBAESVCCrash.zip

Link to post
Share on other sites

Malwarebytes must be investigating the problem..

 

Meanwhile, you could try this...

 

1. try running IE as administartor

2. try to do a clean boot

    - go to Taskmanager -> startup-> disable all startup items except AV & MBAE.

    - type 'msconfig' in search bar and run msconfig -> services-> hide microsoft services-> disable all-> check AV & MBAE services-> Apply -> RESTART

3. See whether error still persists?

 

If this solves it, then you can check enabling one startup item at a time and re-booting and find the culprit?

 

But if the error still persists, wait for Malwarebytes to get back..

 

After the tests, you can then enable all startup items, enable all services in msconfig and do a normal start..

 

Just my suggestion..

Link to post
Share on other sites

Windows 8.1 64-bit Pro with Bitdefender AV Plus 2016, EMET 5.2 and WinPatrol...

 

Updated MBAE 1.07.1.1015 to 1.08.1.1031 with minor issues. The installation has removed MS Outlook protection, re-added after the installation has completed.

 

It did detect EMET 5.2 and disabled some of the protection in MBAE, re-enabled them after the installation. The AEF, SimExecFlow and ASR disabled in EMET for IE11, Firefox 40.0.3 and Foxit Reader 6.06.

 

All in all, everything is in working order so far, did not notice any changes...

 

PS: I had the same issue with Kaspersky 2016 and MBAE. Kaspersky was getting on my nerves anyway, lots of other issues and it pretty much takes over the system. As such, it's been removed from my systems. Bitdefender is not as intrusive and works well with MBAE and other security programs.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.