MBAE 1.09 Build 1235 Blocking IE11 Repeatedly

[garioch7]

I am running Windows 10 Pro x64.  Since MBAE was updated yesterday to Version 1.09 Build 1235, Internet Explorer is constantly being blocked on sites such Yahoo.ca, Bitdefender Forums, Windows LIve, etc.  I have never had this issue before.  If I go to those sites via Chrome, MBAE is silent and does not block them.  I think the message is Anti-Heap Spray with Hardening or some such message.

If additional logs are required, please let me know and I will be happy to submit them.

Thank you and have a great day.

Regards,
-Phil

[1PW]

Hello garioch7:

Thank you for the screen grab.  It would be best if you could supplement your topic with the requested archive from https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/ also for MBAE developer analysis.

Thank you for your patience and understanding.

Edited October 30, 2016 by 1PW

[garioch7]

1PW:

Sorry for the delay in responding.  I noted the identical problem yesterday when I "remoted" into a friend's computer, (Windows 7 x64 Home Premium).  He too as MBAE Premium installed, the newest version.  His computer is running MBAM Premium, like mine.  He has Bitdefender 2017 Total Security (we had issues getting MBAM installed until Bitdefender fixed the bug in a new version release), and I am running Bitdefender 2016 Total Security.

MBAE is reporting anti-heap spray application hardening, or whatever, on completely legitimate and safe websites.  It has rendered IE11 unusable for browsing unless MBAE protection is stopped.  Chrome is unaffected: no false MBAE blocks.  Same thing on my friend's computer.

If you require any additional information, please don't hesitate to contact me.  By the way, IE11 is Version 11.321.14393.0

Thank you for your assistance.  Have a great day.

Regards,
-Phil

garioch7.zip

[1PW]

Hello garioch7:

Thank you for the archive.  Hopefully, this will assist the devs.  Please remember, MBAE does not need to have its protection completely disabled.  You may selectively disable that particular sub-category of protection.  Also, you may wish to leave all in their default selections, but try a different browser such as Mozilla's Firefox or Google's Chrome.

Thank you.

 

[Rsullinger]

Hello Garioch7:

 

Do you mind getting the frst logs as well:

1: Please download FRST from the link below and save it to your desktop:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

2: Double-click the purple FRST icon to run the program. Click Yes when the disclaimer appears.

3: Click the Scan button

4: When the scan has finished, it will make 2 log files in the same directory the tool is run, FRST.txt and Addition.txt. Please attach both files in your reply.
 

It looks like the protection it is blocking it is at the dynamic ant-heapspraying technique. I want to see what could be causing that to occur. You can disable also IE shield in mbae to continue browsing on IE as well until we can get this situated for you!

[OrangeSour]

I've collected this data. How do I submit it?

[Rsullinger]

Please put the information here once you have collected it. 

[garioch7]

Rsullinger:

I have attached the FRST logs requested.  I did state in my emails that Chrome is unaffected by this behaviour on both mine, and my friend's computer.

Thank you for the advice to disable just the MBAE module that is tripping when I use IE11, but I would rather play it safe, so I will browse with Chrome until we find out what is going on.

Thank you and have a great day.

Regards,
-Phil

PS: No Trusteer Rapport installed on this computer, as the Addition.txt file will show.

 

 

FRST.txt

Addition.txt

[Rsullinger]

Hey Garioch7,

 

This definitely isn't due to trusteer. Trusteer normally causes ROP gadget blocks so this is caused by something else. This may be an issue with bitdefender we are testing. Can you try rebooting the computer and see if that fixes the issue? We deployed something that may help with this. 

 

I am getting these logs to our team as well so they should have more information for me! 

[garioch7]

Ron:

Thanks for your response.  I shut down my computer every day until the next day.  The problem recurred this morning, after the computer had been off all night.  It has happened every day now since last Friday, I think.

I wouldn't be surprised if something with Bitdefender was possibly causing an issue.  They issued a version update today and I rebooted my computer and I am still getting MBAE "exploit blocks" on IE11 with the newest BD version (2016). As I told you, my friend is running BDTS2017 and I am running BDTS2016.  We both have the same issue.

The previous versions of MBAE have played very nicely with BDTS2016, or vice versa, but MBAE 1.09.1235 seems to dislike BD and/or IE11; or vice versa.

I am happy to provide any additional requested information.  Thank you for all your efforts investigating this issue.  Good luck and happy hunting!

Have a great day.

Regards,
-Phil

[Arthi]

Hello garioch7,

We pushed out a change to our Advanced settings config wherein we disable the conflicting setting with Bitdefender automatically, so that users can continue to use IE with Bitdefender. When you reboot your pc, you should see Dynamic Anti-heap spraying setting disabled for Browsers. This is done temporarily until we provide a permanent fix. If you have disabled it manually, it is fine as well.

For all other users using Bitdefender, simply restart your pc for the settings change to take effect, after which you can continue using IE browser without any blocks.

Thanks for your patience.

[garioch7]

Arthi:

Thank you for your rapid response.  Yes, I noticed that configuration change..  It appears to be working.  Funny that Bitdefender targeted IE11 and not Chrome?

I am guessing from what you said that a new engine version of Bitdefender, both 2016 and 2017, must have incorporated that type of protection and it conflicted with MBAE, at least as implemented with IE11?

Thank you again, and have a great day.

Regards,
-Phil