Jump to content

MBAE 1.09 Build 1235 Blocking IE11 Repeatedly


garioch7
 Share

Recommended Posts

I am running Windows 10 Pro x64.  Since MBAE was updated yesterday to Version 1.09 Build 1235, Internet Explorer is constantly being blocked on sites such Yahoo.ca, Bitdefender Forums, Windows LIve, etc.  I have never had this issue before.  If I go to those sites via Chrome, MBAE is silent and does not block them.  I think the message is Anti-Heap Spray with Hardening or some such message.

If additional logs are required, please let me know and I will be happy to submit them.

Thank you and have a great day.

Regards,
-Phil

mbae.PNG

Link to post
Share on other sites

Hello garioch7:

Thank you for the screen grab.  It would be best if you could supplement your topic with the requested archive from https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/ also for MBAE developer analysis.

Thank you for your patience and understanding.

Edited by 1PW
Link to post
Share on other sites

1PW:

Sorry for the delay in responding.  I noted the identical problem yesterday when I "remoted" into a friend's computer, (Windows 7 x64 Home Premium).  He too as MBAE Premium installed, the newest version.  His computer is running MBAM Premium, like mine.  He has Bitdefender 2017 Total Security (we had issues getting MBAM installed until Bitdefender fixed the bug in a new version release), and I am running Bitdefender 2016 Total Security.

MBAE is reporting anti-heap spray application hardening, or whatever, on completely legitimate and safe websites.  It has rendered IE11 unusable for browsing unless MBAE protection is stopped.  Chrome is unaffected: no false MBAE blocks.  Same thing on my friend's computer.

If you require any additional information, please don't hesitate to contact me.  By the way, IE11 is Version 11.321.14393.0

Thank you for your assistance.  Have a great day.

Regards,
-Phil

garioch7.zip

Link to post
Share on other sites

Hello garioch7:

Thank you for the archive.  Hopefully, this will assist the devs.  Please remember, MBAE does not need to have its protection completely disabled.  You may selectively disable that particular sub-category of protection.  Also, you may wish to leave all in their default selections, but try a different browser such as Mozilla's Firefox or Google's Chrome.

Thank you.

 

Link to post
Share on other sites

  • Staff

Hello Garioch7:

 

Do you mind getting the frst logs as well:

1: Please download FRST from the link below and save it to your desktop:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.

3: Click the Scan button

4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
 

It looks like the protection it is blocking it is at the dynamic ant-heapspraying technique. I want to see what could be causing that to occur. You can disable also IE shield in mbae to continue browsing on IE as well until we can get this situated for you!

Link to post
Share on other sites

Rsullinger:

I have attached the FRST logs requested.  I did state in my emails that Chrome is unaffected by this behaviour on both mine, and my friend's computer.

Thank you for the advice to disable just the MBAE module that is tripping when I use IE11, but I would rather play it safe, so I will browse with Chrome until we find out what is going on.

Thank you and have a great day.

Regards,
-Phil

PS: No Trusteer Rapport installed on this computer, as the Addition.txt file will show.

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Hey Garioch7,

 

This definitely isn't due to trusteer. Trusteer normally causes ROP gadget blocks so this is caused by something else. This may be an issue with bitdefender we are testing. Can you try rebooting the computer and see if that fixes the issue? We deployed something that may help with this. 

 

I am getting these logs to our team as well so they should have more information for me! 

Link to post
Share on other sites

Ron:

Thanks for your response.  I shut down my computer every day until the next day.  The problem recurred this morning, after the computer had been off all night.  It has happened every day now since last Friday, I think.

I wouldn't be surprised if something with Bitdefender was possibly causing an issue.  They issued a version update today and I rebooted my computer and I am still getting MBAE "exploit blocks" on IE11 with the newest BD version (2016). As I told you, my friend is running BDTS2017 and I am running BDTS2016.  We both have the same issue.

The previous versions of MBAE have played very nicely with BDTS2016, or vice versa, but MBAE 1.09.1235 seems to dislike BD and/or IE11; or vice versa.

I am happy to provide any additional requested information.  Thank you for all your efforts investigating this issue.  Good luck and happy hunting! :)

Have a great day.

Regards,
-Phil

Link to post
Share on other sites

  • Staff

Hello garioch7,

We pushed out a change to our Advanced settings config wherein we disable the conflicting setting with Bitdefender automatically, so that users can continue to use IE with Bitdefender. When you reboot your pc, you should see Dynamic Anti-heap spraying setting disabled for Browsers. This is done temporarily until we provide a permanent fix. If you have disabled it manually, it is fine as well.

For all other users using Bitdefender, simply restart your pc for the settings change to take effect, after which you can continue using IE browser without any blocks.

Thanks for your patience.

Link to post
Share on other sites

Arthi:

Thank you for your rapid response.  Yes, I noticed that configuration change..  It appears to be working.  Funny that Bitdefender targeted IE11 and not Chrome?

I am guessing from what you said that a new engine version of Bitdefender, both 2016 and 2017, must have incorporated that type of protection and it conflicted with MBAE, at least as implemented with IE11?

Thank you again, and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.