Jump to content

New digital certificate on Test versions


Recommended Posts

Hi:

Until a staff member comes along....

If I understand your question correctly, the latest BETA build (1.09.1.1142) is posted HERE, with a special download link in that post.
(If you use NoScript, you'll need to (temporarily) allow box.com and boxcdn.net.)

The latest RELEASE build (1.08.1.2572), as always, is available from the product page download link HERE.

Cheers,

MM

Link to post
Share on other sites
  • 2 weeks later...

I think what he meant was that the experimental builds of MBAE aren't working after the Win10 Anni update, - just as the latest stable release wasn't up until the countersigned fix build was provided by pbust here: https://forums.malwarebytes.org/topic/186525-mbae-windows-10-au/#comment-1054724 

And I would just like to confirm that I'm experiencing those same issues with the experimental builds - same as I did with the latest stable one before the hotfix. This included versions 1.09.1.1156, 1442 and 1440. It just basically doesn`t load and after waiting for a couple of minutes a MBAE pop-up appears stating that it's taking too long to start and that you shoot reboot your PC.  The event viewer error associated with this occurrence is the Event ID error 7000: indicating that the MBAE service couldn't start due to Windows being unable to verify the signature.

Kind regards

 

 

 

Link to post
Share on other sites

Test version 1.9.1.1156 re-downloaded on 25-Aug-2016.  It still fails with the Event ID 7000 error "The Malwarebytes Anti-Exploit service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."

Link to post
Share on other sites

I've found something that may be of some use(maybe)... So basically if I install the latest experimental MBAE build while having digital signature verification disabled via startup settings and secure boot disabled via UEFI then MBAE installs and launches without any issues. However, if I try and launch MBAE with secure boot ON and digital signature verification OFF then I get the following pop-up(attached image) which I do not get if I have both the aforementioned settings on.

PCAmbae64sys.jpg

Link to post
Share on other sites

By this point it looks like I'm basically just spamming the thread, but there's just one more thing that I believe bears mentioning and that is that both of the experimental build mbae.sys and mbae64.sys files only have one digital signature - Malwarebytes Corporation. While the current stable release build sys files both have two digital signatures - one from Malwarebytes and the other one having "Microsoft Windows Hardware Compatibility Publisher" as the name signer. Also, all of the .exe and .dll files have those two aforementioned signatures - both in the experimental builds and the current stable release. Now, unless I'm missing something(and I very well might be) - it looks like the reason these experimental builds don't work for me is simply because the .sys files are missing the digital signatures from Microsoft.

Link to post
Share on other sites

I also have a theory about why this is happening. MBAE drivers are signed with sha1 considered insecure and as of July when build 14393 was compiled it's no longer allowed in kernel for binaries compiled after that date. If drivers with sha1 signature are present on upgrade with keep everything they are allowed for compatibility reasons. Latest version of MBAM still works because it was compiled during spring. But I am almost certain a new beta or stable release would suffer from same issue under same signing environment. Most vendors willing to keep XP support opted for a dual signature sha1+sha256. This should no longer require the "Microsoft Windows Hardware Compatibility Publisher"  signature which I am concerned Microsoft may not want to provide for beta software and judging by its name it looks like an interim fallback for corporations late on sha2 adoption. I wouldn't count on this to work for long.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.