Jump to content
Sampei_Nihira

7-zip is not protected by the latest beta.

Recommended Posts

The latest beta is not protecting WinRAR either. It's not injecting into WinRAR.exe. If you try adding WinRAR.exe to the Shields List it says it's already on the list, even though it's not visibly on the list anywhere. I reported the same problem about 2 years ago. I'm using Windows 10 X64.

Share this post


Link to post
Share on other sites
8 hours ago, cutting_edgetech said:

The latest beta is not protecting WinRAR either. It's not injecting into WinRAR.exe. If you try adding WinRAR.exe to the Shields List it says it's already on the list, even though it's not visibly on the list anywhere. I reported the same problem about 2 years ago. I'm using Windows 10 X64.

Same problem.

TH Cutting_Edgetech.

 

Share this post


Link to post
Share on other sites
On 01/07/2017 at 1:29 AM, Sampei_Nihira said:

OS Windos XP SP3:

Hard to imagine that you're overly concerned with security when you're running an OS that is no longer patched.

Share this post


Link to post
Share on other sites

It seems Malwarebytes has been awful silent lately in regards to MBAE development. No responses to bugs by the developer lately. They must be keeping pbust busy working on Malwarebytes 3.0.  I worry lack of development will make MBAE's user-base migrate to a different product like HMPA. Then Malwarebytes may decide there's no justification to support two separate products. I guess time will only tell.

Share this post


Link to post
Share on other sites

Hello Sampei_Nihira,

The reason why you are not seeing it injected there or you are not able to add the shield (also what cutting_edgetech mentioned as well) is because 7zip/winrar/winzip apps are protected internally but they work differently from regular shields. So you won't see the normal behavior as you would with a regular mbae shield. This is something that has always been in the product. So you are still protected using those apps. 

I do apologize for the delay with this. I was getting the information clarified by our team to make sure I was giving you the correct information. 

Share this post


Link to post
Share on other sites

Hi Rsullinger,

I do not think so for 2 reasons:

1) With Process Explorer you would see mbae.dll.

2) Rename the Exploit Test Tool (HPA3) as 7-zip/winrar/..............exe:

https://www.hitmanpro.com/en-us/downloads.aspx

 

The tests have failed.

The conclusion is that there is no protection.

Please check.

TH.

 

 

Edited by Sampei_Nihira

Share this post


Link to post
Share on other sites
On 7/7/2017 at 5:12 PM, Rsullinger said:

Hello Sampei_Nihira,

The reason why you are not seeing it injected there or you are not able to add the shield (also what cutting_edgetech mentioned as well) is because 7zip/winrar/winzip apps are protected internally but they work differently from regular shields. So you won't see the normal behavior as you would with a regular mbae shield. This is something that has always been in the product. So you are still protected using those apps. 

I do apologize for the delay with this. I was getting the information clarified by our team to make sure I was giving you the correct information. 

That is strange because when I reported this issue in the past, pbust looked into the problem, and i'm pretty sure I saw WinRAR being injected into in a later build after I reported it. This was like 1 1/2 years ago, or something like that. Maybe the protection mechanisms have been changed since then.

Share this post


Link to post
Share on other sites
On 7/8/2017 at 9:58 AM, Sampei_Nihira said:

I do not think so for 2 reasons:

1) With Process Explorer you would see mbae.dll.

2) Rename the Exploit Test Tool (HPA3) as 7-zip/winrar/..............exe:

Like Ron said, the internal shields for the compressor family works in a different way than regular shields. It cannot be tested the same way as the regular shields (i.e. looking for dll injection, renaming the tool, etc.).

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.