kieferschild #1 Posted March 15, 2017 Good morning, We have a couple of users at different companies who are using Malwarebytes with Symantec Endpoint Protection Cloud. It seems that MBAE is causing Symantec extensions in web browsers and Outlook to crash which In turn causes the program to crash. Disabling MBAE seems to have stopped the problem but it's not a fix. Thanks, Share this post Link to post Share on other sites
Rsullinger #2 Posted March 15, 2017 Hey Kieferschild, I am assuming they are not causing an alert when this occurs, correct? If possible, can you collect the logs from this link: https://forums.malwarebytes.com/topic/191468-readme-first-posts-here-need-to-include-mbae-logs/ If you are not comfortable posting the FRST logs in the post, feel free to PM me them. Share this post Link to post Share on other sites
Rsullinger #3 Posted March 17, 2017 (edited) Hey Kieferschild, Thank you for the logs. Just to confirm, can you make sure these are in Symantec, don't want this to be because of our normal files: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae-cli.exe For x64 installations: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-cli.exe Since it is crashing, do you know if these are creating memory dump files? If possible, can you use the instructions here to get one to generate on the on one of the processes that is crashing: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx?f=255&MSPPError=-2147217396 Edited March 17, 2017 by Rsullinger Share this post Link to post Share on other sites
kieferschild #4 Posted March 21, 2017 Hi, I have added the exclusions and enabled MBAE again, i will report back to you in a day or two. thanks, K Share this post Link to post Share on other sites
kieferschild #5 Posted March 21, 2017 Hi, Symantec have also advised that I excluding the following: C:\Program Files\Symantec.cloud\ C:\ProgramData\Norton\ C:\Windows\System32\drivers\NISx64\ C:\Windows\System32\drivers\NISx86\ I've added them under "Ignore List" - Do I need to add them anywhere for MBAE? Share this post Link to post Share on other sites
Rsullinger #6 Posted March 21, 2017 Hey Kieferschild, For mbae's ignore list, we only accept md5's for the exclusion and they only need to be inserted if a block occurs to prevent it from occurring once more. We don't scan the file system directory with mbae like with MBAM so you wouldn't need to add those anywhere. We just monitor what tries to hook or interact with our protected processes. Share this post Link to post Share on other sites