Jump to content

Recommended Posts

8 hours ago, cutting_edgetech said:

The latest beta is not protecting WinRAR either. It's not injecting into WinRAR.exe. If you try adding WinRAR.exe to the Shields List it says it's already on the list, even though it's not visibly on the list anywhere. I reported the same problem about 2 years ago. I'm using Windows 10 X64.

Same problem.

TH Cutting_Edgetech.

 

Link to post
Share on other sites

It seems Malwarebytes has been awful silent lately in regards to MBAE development. No responses to bugs by the developer lately. They must be keeping pbust busy working on Malwarebytes 3.0.  I worry lack of development will make MBAE's user-base migrate to a different product like HMPA. Then Malwarebytes may decide there's no justification to support two separate products. I guess time will only tell.

Link to post
Share on other sites

  • Staff

Hello Sampei_Nihira,

The reason why you are not seeing it injected there or you are not able to add the shield (also what cutting_edgetech mentioned as well) is because 7zip/winrar/winzip apps are protected internally but they work differently from regular shields. So you won't see the normal behavior as you would with a regular mbae shield. This is something that has always been in the product. So you are still protected using those apps. 

I do apologize for the delay with this. I was getting the information clarified by our team to make sure I was giving you the correct information. 

Link to post
Share on other sites

Hi Rsullinger,

I do not think so for 2 reasons:

1) With Process Explorer you would see mbae.dll.

2) Rename the Exploit Test Tool (HPA3) as 7-zip/winrar/..............exe:

https://www.hitmanpro.com/en-us/downloads.aspx

 

The tests have failed.

The conclusion is that there is no protection.

Please check.

TH.

 

 

Edited by Sampei_Nihira
Link to post
Share on other sites

On 7/7/2017 at 5:12 PM, Rsullinger said:

Hello Sampei_Nihira,

The reason why you are not seeing it injected there or you are not able to add the shield (also what cutting_edgetech mentioned as well) is because 7zip/winrar/winzip apps are protected internally but they work differently from regular shields. So you won't see the normal behavior as you would with a regular mbae shield. This is something that has always been in the product. So you are still protected using those apps. 

I do apologize for the delay with this. I was getting the information clarified by our team to make sure I was giving you the correct information. 

That is strange because when I reported this issue in the past, pbust looked into the problem, and i'm pretty sure I saw WinRAR being injected into in a later build after I reported it. This was like 1 1/2 years ago, or something like that. Maybe the protection mechanisms have been changed since then.

Link to post
Share on other sites

  • 5 weeks later...
  • Staff
On 7/8/2017 at 9:58 AM, Sampei_Nihira said:

I do not think so for 2 reasons:

1) With Process Explorer you would see mbae.dll.

2) Rename the Exploit Test Tool (HPA3) as 7-zip/winrar/..............exe:

Like Ron said, the internal shields for the compressor family works in a different way than regular shields. It cannot be tested the same way as the regular shields (i.e. looking for dll injection, renaming the tool, etc.).

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.