Jump to content
npmaylesby

Google Chrome block with new Trusteer Rapport

Recommended Posts

Having the same problem with Chrome being shutdown and getting the message  "Malwarebyter Anti-Exploit has blocked an exploit attempt"  This has been happening since 4-8. The log in Anti-Exploit Free shows

"An exploit code has been blocked in Google Chrome (and plug-ins)

I turn Anti-Exploit Free off and Chrome will open. I turn AEF back on while chrome is open and it shows that Chrome is protected. As long as I do not shut down Chrome it continues to work, but when I shut Chrome down it will not start up and I get the above message again while AEF is running.

Help!

Share this post


Link to post
Share on other sites

Issue is almost resolved. Will post a build which avoids the Trusteer bug here in the next few days.

In the meantime please follow the official workaround, which is to disable the ROP and return address techniques under advanced settings.

 

Share this post


Link to post
Share on other sites

Here's our experience with this issue:

We have MBAE rolled out on 5 pc's. On just one Windows 7 pro 32 Bit machine we had this issue.

We found that for IE, FireFox, AND Chrome, if we tried to launch them, we got the message and they were blocked. I found three ways to work around this without uninstalling MBAE:

1. Launch the browser as administrator.
2. Turn off MBAE protection
3. Turn off the shield for the specific browser

I hadn't yet seen this thread so this made me believe that possibly the affected machine had registry references or some other issues in the system files leftover from some previous infection that were causing it to trigger. BETTER LOGGING BY MBAE WOULD HAVE BEEN APPRCIATED - as it did not list a file or process that it was blocking.

So I went ahead and ran COMBOFIX on the machine. This is a last resort cleaning tool. I don't know if they still update it, but I don't believe it works on 8.1 or 10. After running it and rebooting, the ISSUE IS GONE. This reinforces my belief that this may actually have been a legit trigger by MBAE just with poor communication from the app logging, and that just working around it by turning off MBAE may not be a wise move. 

 

 

Share this post


Link to post
Share on other sites

Thought this issue had resloved (for a week) when I temp turned off MBAE/entered Chrome settings/exited and re-applied MBAE however

Problem of MBAE blocking google has returned today, but with a different  error code;-

Now showing Malicious mmem protection: Exploit code executing from Heap memory blocked.

I'm not so keen to turn off MBAE or apply Chrome exceptions at this point

 

Share this post


Link to post
Share on other sites
21 minutes ago, pbust said:

We think we've solved this issue. Please download and install the following build on top of your existing version:

https://malwarebytes.box.com/s/croim8lq4hz5fyk6zfqsmxkxwsavbopo

After upgrading, open MBAE -> Settings -> Advanced settings -> Restore defaults -> Reboot

Let us know if it solves the Trusteer bug.

 

Seems to work for me.  No crashes.  I'll try it out for a couple days to test.

Thanks!!

Share this post


Link to post
Share on other sites
46 minutes ago, pbust said:

We think we've solved this issue. Please download and install the following build on top of your existing version:

https://malwarebytes.box.com/s/croim8lq4hz5fyk6zfqsmxkxwsavbopo

After upgrading, open MBAE -> Settings -> Advanced settings -> Restore defaults -> Reboot

Let us know if it solves the Trusteer bug.

 

This seems to have resolved the issue for me.  I installed the new build.  Re-started the Trusteer Rapport service.  Chrome worked fine.  Realised that trusteer wasn't installed within chrome as an extension.  Installed Trusteer as chrome extension.  Chrome still works fine.

Share this post


Link to post
Share on other sites

I've found the same as peterd. The error occurs if I download an executable file and then double click on the Chrome "tab" for it in an attempt to run it.

 

Share this post


Link to post
Share on other sites

If you are still experiencing the same problem can you please post a fresh set of MBAE logs?

Thanks!

 

Share this post


Link to post
Share on other sites

If you are still experiencing the same problem can you please post a fresh set of MBAE logs?

Thanks!

 

Share this post


Link to post
Share on other sites

Tried the update. Still getting the same. An exploit code has been blocked in Google Chrome and (plug-ins). 04-12 18:52:10

Will not let Chrome open while AEF is running.

 

 

 

 

 

 

 

 

 

 

 

 

tried 

Share this post


Link to post
Share on other sites

I tried the update, (v1.08.1.1194) on three separate Win 10 machines and all three are experiencing the exact same issues: two ROP errors, and the memory issue. I checked the box to log protection events, but there were no logs in the MBAE folder. Where might the logs be located? I'm running the free version.

Share this post


Link to post
Share on other sites

The MAEF icon should be on the right hand side of the task bar. right click the icon then left click on 'show MAE'. On the screen that comes up click 'logs'. this will show date, time and action concerning chrome shut downs.

Share this post


Link to post
Share on other sites

I was aware of the "Logs" tab, but to me, that is merely a list of events. On the settings tab, there is a checkbox to log protection events. That list shows up regardless if the checkbox is ticked. I was expecting to find a detailed log after ticking the box. Nowhere was I able to find a detailed log after ticking the "log protection events" box.

Log Protection Events.PNG

Logs 4-12-2016.PNG

Share this post


Link to post
Share on other sites

Hi,

It's been sometime, since last interaction.. System issues, Win 10 issues, Trading time, etc. keeping me tied up.. I do want to post on the last topic, but not able to, due to Trading priorities..

Now, this Google chrome problem still persists, even after 1194 build.. with 32 bit chrome (as I have not gone for the 64 bit after the earlier problem).. In fact, Slimjet 64 bit, Superbird 64 bit all are working fine (all of the chrome engine).. Something strange.. Hope this helps..

EDIT : I still have Trusteer running.. (and maybe Trusteer with Chrome is still a problem, as other browsers Slimjet/Superbird remain un-affected)..

Edited by sman

Share this post


Link to post
Share on other sites

Alas, the update does not work.  I open Chrome, it appears to be ok..... then it just closes.  No information as to why.

MWBAE removed again....:( 

Share this post


Link to post
Share on other sites

Whenever I try to open Google Chrome I get the following message "Protection Against OS Security Bypass" and then it shuts Google Chrome down. What is going on since Anti-Exploit is useless unless I can log on to Chrome.

Share this post


Link to post
Share on other sites

Fix doesn't work for me either so reverted to:

MBAE -> Settings -> Advanced Settings -> OS Bypass Protection -> CALL ROP gadget protection (32/64) -> uncheck for Chrome -> Apply

MBAE -> Settings -> Advanced Settings -> Advanced Memory Protection -> Malicious return address detection -> uncheck for Chrome -> Apply

as that solves the problem for now.

MBAE Logs.zip

Share this post


Link to post
Share on other sites
20 hours ago, pbust said:

We think we've solved this issue. Please download and install the following build on top of your existing version:

https://malwarebytes.box.com/s/croim8lq4hz5fyk6zfqsmxkxwsavbopo

After upgrading, open MBAE -> Settings -> Advanced settings -> Restore defaults -> Reboot

Let us know if it solves the Trusteer bug.

 

Tried this and although Chrome now opens, selecting 'settings' throws up the ROP warning again and closes Chrome.

Share this post


Link to post
Share on other sites

The very first time I got the ROP warning it happened after I hit settings. After that, the warnings shot up whenever Chrome opened.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.