Jump to content

***URGENT*** MBAE*** Multiple alerts


Recommended Posts

Hi,


 


Throughout yesterday (27/01/2016) and today we have been getting a large number of alerts. They are specifically two types of alerts. It only seemed to affect users using IE.


 


28/01/2016 14:40:51        WKS11        192.168.1.1        Exploit memory HeapSpray attempt blocked        BLOCK


 


28/01/2016 14:23:28        LAP19        192.168.1.2       Exploit attempt to bypass ASLR blocked        BLOCK


 


Looking on your forums coincidentally there are two threads from yesterday with reported the same issue:


 


https://forums.malwarebytes.org/index.php?/topic/177952-getting-exploit-attempt-to-bypass-aslr-blocked-and-exploit-memory-heapspray-attempt/


 


https://forums.malwarebytes.org/index.php?/topic/177931-multiple-exploit-blocks/


 


This had large impact on productivity as users were unable certain parts of website etc.


Link to post
Share on other sites
  • Staff

Please provide MBAE and FRST logs. Instructions in my signature.

 

In the meantime you can deactivate these techniques:

 

Console -> Policy -> Anti-Exploit -> Advanced -> Hardening -> Deactivate Anti-HeapSpraying

Console -> Policy -> Anti-Exploit -> Advanced -> Hardening -> Deactivate BottomUp ASLR

Link to post
Share on other sites

I ended up editing my policy to not watch for those issues.  I ended up unchecking the two boxes for Browser.  This stopped the alerts to the users.  Not sure if this is the recommended way,

but it works.  Go to the Anti-Exploit tab, choose advanced, then uncheck "DEP enforcement" and uncheck "Anti Heapspraying"

 

  MB_Error2png.png

 

MB_Error3png.png

Link to post
Share on other sites
  • Staff

Yes, of course.

 

BitDefender recently released an upgrade to their clients. The upgrade contains a bug in one of its modules that causes the conflict and triggers the detection. The component is the following:

C:\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_336\avcuf32.dll

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.