Jump to content

Recommended Posts

Hi kurt2121 :)

Quote

Also, what version of malwarebytes started using HIPS? Thanks guys

As far as I know, there are no HIPS functionnality in Malwarebytes (Anti-Malware or 3.0).

Quote

Does Malwarebytes detect different variations of meterpreter or other metasploit infections?

I don't have an answer for that, but I guess Malwarebytes would detect the payload that is being dropped on the system, and/or block the connections being made from your system if the outbound host is malicious.

Link to post
Share on other sites

  • 7 months later...
3 hours ago, Aura said:

These are network-based exploits, and MBAE doesn't protect against these.

Correct, however we do target browser exploits and script/file based exploits including those attached to emails or downloaded as documents, images, audio/video files and many other attack vectors and formats and we also shield a large list of software known to be frequently targeted by exploits specifically with additional protection measures to detect and stop exploit attempts.  Most of the time it is one of these methods that is used for the initial attack, and in fact if I recall correctly, it was a script attached to an email that was used to get the EternalBlue/WannaCrypt0r threats into networks from the start and it simply spread through the networks from the first infected endpoint via the SMB exploit (since it requires local network access to work I believe, and can't be directly exploited remotely, though I could be mistaken on that point).

That said, we're always working on additional features and layers to extend our proactive protection capabilities.

Edited by exile360
Link to post
Share on other sites

2 hours ago, Z3R0_OS said:

I'd advised the addition of A network exploit detection Shield considering how many people are hit with eternablue and other network based RCE
therefore currently Meterpreter can sneak pass and uninstall Malwarebytes via a Network RCE (Remote code execution) exploit 

Thanks, yes I agree.  In fact, right after the EternalBlue/WannaCrypt0r outbreak one of my first suggestions to the Product team was to develop an anti-exploit module for network based exploit attacks.  I do not know if they plan to implement one, but if not, I'm certain they'll come up with some other creative solution to these types of attacks and threats.

Link to post
Share on other sites

If it is in memory as an exploit, meaning injected into another process and/or attempting some form of known exploit attack such as a buffer overrun or other illegal procedure which is often used by exploits then yes, it should be possible for Malwarebytes to detect and stop the exploit shell.  I assume that's how the exploit works, but I'm not certain as I'm not an expert in that area.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.