Jump to content

MB3 Anti-Exploite Testing


Recommended Posts

Back in the stand alone version we had a way to test our anti-exploit protection as mentioned in topic below.  While trying to use the mbae-test tool it yields no results on MB3.

If you click on the Normal button the calculator opens up as it should.

If you click on the Exploit button it closes out the mbae-test tool and the calculator app opens.

So brings me to the question, how do I test the exploit feature to verify its working, and is the mbae-test tool not compatible with MB3?

 

Link to post
Share on other sites

Works for me.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/6/17
Protection Event Time: 9:03 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1673
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: Malwarebytes Anti-Exploit Test
Protection Layer: Malicious Memory Protection
Protection Technique: Exploit code executing from Heap memory blocked
File Name:
URL:

 

(end)

Exploit test.PNG

Edited by Porthos
Link to post
Share on other sites

@Porthos glad to see its working for you....

I have MB3 on a Windows 7 computer and the beta-test works on that one.

However on my Windows 10 computer the beta-test does not yield the correct results, this is the same computer that does not yield the correct results with the IP Protection test site either.

MB3 was cleanly installed on it to (you know the routine, deactivate, uninstall, run mbam-clean tools, reboot, re-install and activate).

Security software running on both computers is configured the same way so really the only difference is the OS one is Win7 64bit the other Win10 64bit.

Link to post
Share on other sites

This is Win 10 1703 x64 Defender enabled. I don't have any Win 7 computers any more.

30 minutes ago, Firefox said:

MB3 was cleanly installed on it to (you know the routine, deactivate, uninstall, run mbam-clean tools, reboot, re-install and activate).

I know better than to suggest that to you. :rolleyes:

Was your 10 a clean OS install lately?

Edited by Porthos
Link to post
Share on other sites

This computer you can pretty much say its a clean install... its basically only 2 months old.  Just for the sake of giving the benifet of doubt, I just performed another clear re-install and will start testing once again. (performing first scan now.... only took 2:27 minutes).

Link to post
Share on other sites

I really don't think its a conflict with Symantec Endpoint Protection... I have all mutual exceptions added (I do that on all computers I touch to be proactive).

That being said, I have performed another clean re-install (4th one done so far in the last week).  At the moment the IP protection and mbae-test file seem to be producing the correct results.  I will continue to test it through out the week and see if it stays working.

One should not have to install so many times to get it working...

Link to post
Share on other sites

12 minutes ago, Firefox said:

I have all mutual exceptions added (I do that on all computers I touch to be proactive).

I do the same with Defender.

 

12 minutes ago, Firefox said:

One should not have to install so many times to get it working...

I agree.

Link to post
Share on other sites

I've reported this directly to our testing team so that they can better validate all protection components' functionality for each version/release.  It's possible that this has been happening on our end as well and that we just weren't aware of it due to the lack of alerts etc. from the product.  I'll do my best to ensure that if that is true, it doesn't slip past us again.

Link to post
Share on other sites

I believe having more control of notifications is a must.  You can add that to the program and let users decide which notifications they want to see.  I for one, like to see notifications like when I open an app or browser that tells me that it is now protected by MBAE...

Speaking of notifications, the ones we do receive are quite large, can't those be made a whole lot smaller?

Link to post
Share on other sites

31 minutes ago, Firefox said:

I believe having more control of notifications is a must.  You can add that to the program and let users decide which notifications they want to see.  I for one, like to see notifications like when I open an app or browser that tells me that it is now protected by MBAE...

Speaking of notifications, the ones we do receive are quite large, can't those be made a whole lot smaller?

I hear you regarding notifications etc., although those decisions are really up to the product team.  Right now my biggest focus as far as what I do (basically trying to be the voice of the users to report the biggest issues/needs to the product team) is to get the most major bugs/problems in front of them to hopefully escalate these issues to the top of the queue and ensure that they have all the info they need to find and fix the bugs.  While there are certainly areas with room for improvement (like notifications etc.), I'm way more concerned with the product reporting that everything is good when in fact protection isn't fully functional and similar issues (like where protection modules won't turn on etc.).  I hope that makes sense.

That said, I'd definitely recommend posting something up in the suggestions area for MB3 regarding your ideas/desires for notifications etc. as they/we do watch that area closely for feedback and new ideas.

Link to post
Share on other sites

Thought I would add my 2 cents. When updating to cu4 exploit was off. Was able to turn on with toggle no problem. All protection has stayed on after reboots and web protection was working correctly. Recently viewed this thread and thought well I'll check that! It did not work. Turned off exploit turned it back on and then it worked. Have not shut down or rebooted yet ( do not like to do same for no good reason) will report back here if it fails again after reboot or shutdown.

Link to post
Share on other sites

1 hour ago, Super Dave said:

Thought I would add my 2 cents. When updating to cu4 exploit was off. Was able to turn on with toggle no problem. All protection has stayed on after reboots and web protection was working correctly. Recently viewed this thread and thought well I'll check that! It did not work. Turned off exploit turned it back on and then it worked. Have not shut down or rebooted yet ( do not like to do same for no good reason) will report back here if it fails again after reboot or shutdown.

Thanks for the confirmation.  I fear that given the nature of this issue it may be far more widespread than we know.  I believe the product team is looking into it now.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.