Jump to content

Recommended Posts

I have purchased and installed Malware Bytes and am happy with it. I decided I would like to know more about Anti-Exploit - is it additional to Malware bytes or does it include Malware bytes? What does it actually do (I am not a technonerd so I don't understand the very brief description given)? What am I exposing myself to if I don't have it?  I wrote to MB and received no reply. So I waited a few weeks and than installed the trial version. I now get one message telling me that my trial period has expired and can be directed to the minimalist description of what AE is whilst another message is telling me that my IE is still protected by AE. What is going on, I ask myself? I thought about the issue again and went to the webpage and saw that I could buy MB and AE for a reduced price. I wrote to MB again and reasoned that this was a tad unfair, giving a reduction if you bought both but not if you had already bought one. I received no reply again. It is, actually, very difficult to find an address to contact MB on with questions of this nature but having finally found an address, getting no reply is, I think, making MB look rather unprofessional and, dare I say it, uncaring about its customers. So can anyone direct me to an address where MB might possibly be contactable enough to give me an answer to my questions? Thanks.

Link to post
Share on other sites

@Blasterchef I am sorry to hear about your experience. We do care and want to ensure our customers are happy and protected from malware. I am going to work on getting you in touch with our support team.

In the meantime, I have moved your thread to our Anti-Exploit Questions section of the forums.

Link to post
Share on other sites

@Blasterchef, just to confirm you filled out our support contact form here correct? https://support.malwarebytes.com/customer/portal/emails/new?b_id=6400

If so, can you share your reference number with me? This can be found in your automated email after filling out the above web form (be sure to check your spam folder) or by going here: https://support.malwarebytes.com/customer/login?b_id=6400&return_to=%2F%3Fb_id%3D6400 (and clicking "Creating an account" with the email you used to submit your support ticket if you don't already have a log in).

Edited by celee
added reference number details for customer
Link to post
Share on other sites

Blasterchef:

Malwarebytes' Anti-Malware ( MBAM ) - Works at the file and Internet address levels.  It detects malicious files and blocks them or removes them as well as blocking access to Internet addresses and/or sites listed in its database.   MBAM will also correct/fix modifications made to the Operating System that malware may make.
 
Malwarebytes' Anti-Exploit ( MBAE ) - is an action level application.  It blocks the malicious action of exploiting software vulnerabilities or blocks exploits of a software performed in an unusual or unintended fashion.
 
Heuristic detection - If it walks like a duck and squawks like a duck then it must be a duck.  This is a characteristic detection instead of a signature based detection.  Because heuristics makes an assumption, it can have a higher False Positive result level.  At the same time it can catch malware based on a characteristic even though there is no signature for it and it hasn't been seen before.

When one talks about an "exploit" there are two basic kinds.
 
*  Exploiting a software vulnerability to gain elevated privileges to effect a compromise
 
*  Taking advantage of a capability to use in their benefit in an unexpected or unanticipated way.
 
As an example of the first case I'll use the Lovsan/Blaster worm.  It exploited a software vulnerability in the Operating System RPCSS/DCOM which uses TCP port 135.  The Lovsan/Blaster worm would send a specific set or string of characters to TCP port 135 to create a "buffer overflow with an elevation of privileges" condition where if successful, the worm would create a BLASTER.EXE file on the target system and then execute it.  Once the PC was infected it would seek new hosts and the Lovsan/Blaster worm would spread exponentially.
 
As an example of the second  case I'll use the Wimad trojan.  The Wimad trojan takes advantage of the Digital Rights Management (DRM) incorporated in media files such as MP3, WMV and other music and video files.  By taking advantage of the DRM, it would be used in combination of Social Engineering and one's desire for "free music" or a "free movie" to cause the person to download and run some malicious program.
 
Therefore you use an anti exploitation application to thwart the malicious activity of deliberately exploiting a vulnerability to effect a system compromise.
 
One may use a specially crafted...

  • PDF file to exploit a vulnerability in a PDF viewer like Adobe Reader or FoxIt.
  • MOV file to exploit a vulnerability in a Apple's QuickTime renderer.
  • GIF file to exploit a vulnerability in Microsoft's Graphics Device Interface (GDI).
  • DOC, XLS or other MS Office document file to exploit a vulnerability in Microsoft Office or to use a macro to download and execute a file or extract an embedded file and execute it.
  • RMP file to exploit a vulnerability in RealPlayer.


It is for situations as enumerated above where an anti exploit application will be used to monitor and shield a given application, which exhibits vulnerabilities, from attempts using the vulnerability/exploitation attack vector.  It is not for untrusted applications.
 
The intention is to monitor and shield a given application which has a propensity of being exploited.

 

 

Edited by David H. Lipman
Link to post
Share on other sites

  • Root Admin

@Blasterchef

Please continue  to work with Alex, I'm simply adding the following information about the product. Alex can do follow-up for your other questions and concerns about the email.

 

MBAE Exploits How they work

Malwarebytes Anti-Exploit in action

Product information for Malwarebytes Anti-Exploit


Thank you again

Ron

 

Link to post
Share on other sites

In reply to Alex's question about how I submitted my complaint, I honestly cannot say where I found the address and how I submitted my frustrations. Having said that, the explanations given by David, although rather technical for me, do convey the information I  was looking for so we can assume one of my questions has been answered. However, the outstanding point is why are reductions being offered to those buying two products but not to those of us who have one already (and have had for some time)? Why also do I keep on getting these conflicting messages about whether the trial version has expired or is still protecting me? I will finish up, I am sure, by buying Anti-Exploit but I would like to know what is going on. Thanks to you all for your quick and thorough replies - that is what I would have expected from you :-).

Link to post
Share on other sites

1 hour ago, Blasterchef said:

In reply to Alex's question about how I submitted my complaint, I honestly cannot say where I found the address and how I submitted my frustrations. 

If you end up finding more information on this or can forward me the details/emails, that would be great. I want to make sure we learn from any mistakes that occurred on our side of things.

 

1 hour ago, Blasterchef said:

Having said that, the explanations given by David, although rather technical for me, do convey the information I  was looking for so we can assume one of my questions has been answered.

Awesome to hear that!!

 

1 hour ago, Blasterchef said:

However, the outstanding point is why are reductions being offered to those buying two products but not to those of us who have one already (and have had for some time)? Why also do I keep on getting these conflicting messages about whether the trial version has expired or is still protecting me? I will finish up, I am sure, by buying Anti-Exploit but I would like to know what is going on. Thanks to you all for your quick and thorough replies - that is what I would have expected from you :-).

Can you share the details on the reductions you mention? The current pricing of MBAM Premium and MBAE Premium are the same and I don't see a discount being applied when purchasing it online. I could be missing some sort of special promotion, so any details you can share on this will help so I can see what can be done for you.

As far as the trial messaging goes, I think I know what that might be. What you are likely seeing is the notification when the web-browser launches that MBAE detected it for protection. Can you by chance take a screenshot of the message so I can confirm what's up?

As far as the quick responses goes, no problem. I and everyone else here are always glad to help.

Link to post
Share on other sites

Hi again - sorry for the delay in replying but have been at work. I cannot find the discount offer I was referring to. It offered MB Premium and AE both at £15.95 each instead of £19.95 each. But, as I can't find it now, I have to let that issue drop.

I have attached a screenshot of one of the messages I receive - the other looks the same and comes when I first log on but I can't get a shot of it. I tells me that my trial period of AE has now expired. Any guidance you can give will be welcome.

This enquiry of mine has been a bit messy and largely unsubstantiated so I apologise for that but I do assure you that everything I have raised was true and not designed to waste your time.

Thanks again.

Malware Anti-Exploit screenshot.docx

Edited by Blasterchef
Link to post
Share on other sites

1 hour ago, Blasterchef said:

Hi again - sorry for the delay in replying but have been at work. I cannot find the discount offer I was referring to. It offered MB Premium and AE both at £15.95 each instead of £19.95 each. But, as I can't find it now, I have to let that issue drop.

I'll see what I can do about that. Can you PM me an email address you would like me to contact you at? If it's the same as the one you used to register on the forums, just let me know that.

1 hour ago, Blasterchef said:

I have attached a screenshot of one of the messages I receive - the other looks the same and comes when I first log on but I can't get a shot of it. I tells me that my trial period of AE has now expired. Any guidance you can give will be welcome.

Thank you for the screenshot as that clarified what's going on here. So what you are seeing in your screenshot is called a Notification Toast in Windows 10 telling you that MBAE is protecting the Internet Explorer web browser. That actual notification is created by MBAE and is sent to the OS so you can see that Notification Toast. In previous versions of Windows, you would see this sort of thing via a bubble pop-up in the notification tray above the icon of the app that sent the notification.

Anyways, the confusion you are encountering is being caused by seeing this Notification vs. MBAE Premium claiming it's expired since the trial period has ended. Both messages are correct, so let me explain it a bit. When MBAE Premium expires, it reverts to a limited Free Mode. When in Free Mode, not all exploitable applications are protected. Web browsers like the one that the Notification Toast is calling out and Java are still protected. However PDF readers, Office apps, media players, and custom shields are no longer protected as those are features only available with MBAE Premium. You can see the differences of what is or is not protected here: https://www.malwarebytes.com/antiexploit/
 

1 hour ago, Blasterchef said:

This enquiry of mine has been a bit messy and largely unsubstantiated so I apologise for that but I do assure you that everything I have raised was true and not designed to waste your time.

Thanks again.

No apology is needed. We are here to help and it was not a waste of my time or anyone else's time. I am always happy to provide assistance.

With that being said, I think all of the above should answer all of your questions. If not, let me know and we can go from there. Also, make sure to let me know the best email address to reach you at via a private message.

Edited by AlexSmith
Link to post
Share on other sites

Hi, I was asked above for my private email address which I provided. I see it has been removed and I fully understand why. However, Alex Smith wanted to contact me via private email but I have heard nothing. I wonder if the mail address was deleted without being first passed to Alex. Can you clarify, please? Thanks.

Link to post
Share on other sites

1 hour ago, Blasterchef said:

Hi, I was asked above for my private email address which I provided. I see it has been removed and I fully understand why. However, Alex Smith wanted to contact me via private email but I have heard nothing. I wonder if the mail address was deleted without being first passed to Alex. Can you clarify, please? Thanks.

I got it. Looks like your email was sitting in my Drafts by accident. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.