Jump to content

MBAE 1.09.1.1410: WinRAR, WinZip, & 7-Zip not on Shields List

cutting_edgetech

By cutting_edgetech
in Anti-Exploit Beta

 Share

Recommended Posts

cutting_edgetech

cutting_edgetech

Posted
Posted

I tried adding WinRAR to the Shields List, and it said WinRAR is already Shielded. I looked on the Shield list, and it is not listed anywhere. I then noticed WinZip, and 7-Zip are missing from the list also. Shouldn't WinRAR, WinZip, and 7-Zip all be on the Shield List by default? I remember these 3 disappearing from the list once before.

I'm using MBAE 1.09.1.1410 on Windows 10X64 Professional.

Malwarebytes Anti-Exploit.rar

Link to post
Share on other sites
btmp

btmp

Posted
Posted (edited)

There are some pre-prepared/existing shields that are there but don't make it to the GUI. It seems you've encountered one here.

Based off an on older post here is a string which could involve a few others you haven't mentioned yet."C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe" /Start 0 "winrar.exe|winzip.exe|7z.exe|cmd.exe|winhlp32.exe|wscript.exe|quicktimeplayer.exe|winamp.exe|vlc.exe|mplayer2.exe|wmplayer.exe|powerpnt.exe|excel.exe|excelc.exe|winword.exe|winwordc.exe|soffice.bin|foxitreader.exe|foxit reader.exe|Foxit PhantomPDF.exe|FoxitPhantomPDF.exe|acrord32.exe|acrobat.exe|java.exe|javaw.exe|javaws.exe|dragon.exe|waterfox.exe|tor.exe|tbb-firefox.exe|palemoon.exe|cyberfox.exe|icedragon.exe|seamonkey.exe|maxthon.exe|mxapploader.exe|opera.exe|opera_plugin_wrapper.exe|opera_wrapper_32.exe|iexplore.exe|MicrosoftEdge.exe|MicrosoftEdgeCP.exe|chrome.exe|old_chrome.exe|firefox.exe|plugin-container.exe|FlashPlayerPlugin*.exe|helpctr.exe|mbae-test.exe"

I don't personally see why they shouldn't *all* be listed so that we may view and modify them as needed but..erm yeah there are at least already some protections being applied in this case. 

And more amusingly I was unable to *actually* edit this via firefox despite filling in the 'required' reason repeatedly. It never showed my actual text in order to let me try to change it! Yet it works the first time via chrome, go figure /sigh.

Edited by btmp
correction
Link to post
Share on other sites
Lfei3

Lfei3

Posted
Posted

I apologize ahead of time if this isn't totally related.  Using the latest Malwarebytes premium with anti exploit enabled.  I have the same question as cutting_edge about what programs are "protected" but not listed in the anti exploit module.  Malwarebytes premium doesn't have the notification system for its exploit module as anti exploit standalone so it is hard to tell.  Is there a log I can look at to see what it is protecting?  

Link to post
Share on other sites
cutting_edgetech

cutting_edgetech

Posted
  • Author
Posted
On 5/20/2017 at 10:58 PM, btmp said:

There are some pre-prepared/existing shields that are there but don't make it to the GUI. It seems you've encountered one here.

Based off an on older post here is a string which could involve a few others you haven't mentioned yet."C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe" /Start 0 "winrar.exe|winzip.exe|7z.exe|cmd.exe|winhlp32.exe|wscript.exe|quicktimeplayer.exe|winamp.exe|vlc.exe|mplayer2.exe|wmplayer.exe|powerpnt.exe|excel.exe|excelc.exe|winword.exe|winwordc.exe|soffice.bin|foxitreader.exe|foxit reader.exe|Foxit PhantomPDF.exe|FoxitPhantomPDF.exe|acrord32.exe|acrobat.exe|java.exe|javaw.exe|javaws.exe|dragon.exe|waterfox.exe|tor.exe|tbb-firefox.exe|palemoon.exe|cyberfox.exe|icedragon.exe|seamonkey.exe|maxthon.exe|mxapploader.exe|opera.exe|opera_plugin_wrapper.exe|opera_wrapper_32.exe|iexplore.exe|MicrosoftEdge.exe|MicrosoftEdgeCP.exe|chrome.exe|old_chrome.exe|firefox.exe|plugin-container.exe|FlashPlayerPlugin*.exe|helpctr.exe|mbae-test.exe"

I don't personally see why they shouldn't *all* be listed so that we may view and modify them as needed but..erm yeah there are at least already some protections being applied in this case. 

And more amusingly I was unable to *actually* edit this via firefox despite filling in the 'required' reason repeatedly. It never showed my actual text in order to let me try to change it! Yet it works the first time via chrome, go figure /sigh.

I think the applications should show on the list of Shielded Application if they are Shielded. I actually reported the problem with WinRAR, WinZip, and 7-Zip over a year ago, and just forgot about reporting it. I think I remember you responding to that post as well, so you are well aware of the problem. They actually fixed the problem with the archive software not showing on the list then, and now it's back again. I don't know what build the problem returned in, but it's there again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.