Jump to content
Shamshi-Adad

Exploit blocked by Dynamic Anti-HeapSpray Enforcement

Recommended Posts

If you have IBM Trusteer Rapport  installed you need to disable either Trusteer or MBAE until the issue is sorted out

Share this post


Link to post
Share on other sites

I have also stated having this issue which started immediately after the latest update to Malwarebytes Anti Exploit.  This is happening on two different machines both of which also run the latest version of BitDefender as well as AdBlock Plus.  It only seems to affect Internet Explorer, not Edge or Chrome.  The issue is occurring on quite a few websites (e.g. www.fotor.com).

Share this post


Link to post
Share on other sites

I'm having the exact same issue, and I do not have Trusteer installed.

Amusingly, one of the pages to trigger Dynamic Anti-HeapSpray Enforcement is the MalwareBytes support page.

 

Share this post


Link to post
Share on other sites

I have also been seeing this on quite a few machines.  Also only occurring in IE.  All machines have BitDefender and AdBlock Plus Add-in for IE installed as well.  Issue does not present itself in Chrome or Firefox.  I also tried disabling Anti-Heap Spray protection for all browsers in settings and rebooting the machine, yet the issues persist, which makes me think that it is not actually IE triggering the warning.  Logs seem to be useless, but I will happily post some if anyone wants to try to get to the bottom of the issue.  First time I saw this was EOD Friday, now I have 6 machines all experiencing the same thing.  I do not have Trusteer installed on any of them, nor do I believe this is the same problem as the known conflict with Silverlight. 

 

One page I have found that triggers the issue on all machines for me is http://www.Pandora.com

 

Any help would be outstanding, as right now my only recourse for the people using the machines that are affected has been to disable MBAE until I have a better solution so that they are able to proceed with their normal activities. 

Share this post


Link to post
Share on other sites
43 minutes ago, SongCloud said:

I have also been seeing this on quite a few machines.  Also only occurring in IE.  All machines have BitDefender and AdBlock Plus Add-in for IE installed as well.  Issue does not present itself in Chrome or Firefox.  I also tried disabling Anti-Heap Spray protection for all browsers in settings and rebooting the machine, yet the issues persist, which makes me think that it is not actually IE triggering the warning.  Logs seem to be useless, but I will happily post some if anyone wants to try to get to the bottom of the issue.  First time I saw this was EOD Friday, now I have 6 machines all experiencing the same thing.  I do not have Trusteer installed on any of them, nor do I believe this is the same problem as the known conflict with Silverlight. 

 

One page I have found that triggers the issue on all machines for me is http://www.Pandora.com

 

Any help would be outstanding, as right now my only recourse for the people using the machines that are affected has been to disable MBAE until I have a better solution so that they are able to proceed with their normal activities. 

@SongCloud, for the sake of troubleshooting can you see if the issue continues after removing Bitdefender? If not, try removing AdBlock Plus too. Let us know what happens in both scenarios if you can.

Share this post


Link to post
Share on other sites

Hello Everyone,

 

Can you please collect the logs found in this post here:

 

https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/

Make sure you do step 5. to collect the FRST logs as well we will want to see that to know what is installed. 

@Shamshi-Adad It seems like in your case it is due to the dynamic anti-heapspraying technique. Disabling that will fix the issue or disabling the IE/edge shield will allow you to continue browsing. However, we would want to figure out why this is happening with these. 

 

Share this post


Link to post
Share on other sites

Hello SongCloud,

You do not need to disable MBAE anymore. We pushed out a change to our Advanced settings config wherein we disable the conflicting setting with Bitdefender automatically, so that users can continue to use IE with Bitdefender. When you reboot your pc, you should see Dynamic Anti-heap spraying setting disabled for Browsers. This is done temporarily until we provide a permanent fix. If you have disabled it manually, it is fine as well.

For all users using Bitdefender, simply restart your pc for the settings change to take effect, after which you can continue using IE browser without any blocks.

Thanks for your patience.

Share this post


Link to post
Share on other sites

Hi ridevries,

Can you please check the version of your MBAE. The latest release version is 1.09.1.1403. If you do not have this version installed, please check the setting to automatically auto-upgrade to new versions as in the below screenshot.

Once you have the latest version, please let me know if your issue with IE persists.

Thanks.

screenshot1.png

screenshot2.png

Edited by Arthi

Share this post


Link to post
Share on other sites

Hi Arthi,

Thank you for reacting, I have no problem with IE, because I'm not using it, as I mentioned in my previous post. The problem is that the dynamic anti-heapspraying enforcement setting still is automatically disabled after every reboot, and I want it to be enabled for maximum protection. Anti-Exploit version is 1.09.1.1410, which is the newest beta. OS is Windows 8.1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.