Malwarebytes Crashing FF58 - Exploit ROP gadget attack blocked

[MarkJoel]

-Log Details-
Protection Event Date: 11/17/17
Protection Event Time: 6:13 PM
Log File: 514a9862-cbf5-11e7-a756-f48e388b9cee.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3286
License: Premium

-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Mozilla Firefox (and add-ons)
Protection Layer: Protection Against OS Security Bypass
Protection Technique: Exploit ROP gadget attack blocked
File Name:
URL:

 

(end)

I have uninstalled with plugins removed, once I installed Roboform it crashed because Malwarebytes blocked it.

mb-check-results.zip

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Farbar Recovery Scan Tool (FRST)
  1. Download FRST and save it to your desktop
     Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
     • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
• MB-Check
  1. Download MB-Check and save to your desktop
  2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
  3. This will produce one log file on your desktop: mb-check-results.zip
     • This file will include the FRST logs generated from the previous set of instructions
     • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[Porthos]

Please see the following screenshot and unclick all boxes in the highlighted area.

[MarkJoel]

I tried to add additional extensions and Malwarebytes crashes FF every time.

[MarkJoel]

34 minutes ago, Porthos said:

Please see the following screenshot and unclick all boxes in the highlighted area.

Thanks for the suggestion but it still crashes

[Porthos]

16 minutes ago, MarkJoel said:

Thanks for the suggestion but it still crashes

I want to confirm your settings in the exploit section match the screenshot and all those checks are UN checked.

Also please restart.

System has been up for:     135.279 Hours

 

[Cain]

I'm having this same problem, suddenly tonight.  If I turn off the check-boxes you suggest, will I be vulnerable to some legit attack or exploit?? 

[Porthos]

1 hour ago, Cain said:

I'm having this same problem, suddenly tonight.  If I turn off the check-boxes you suggest, will I be vulnerable to some legit attack or exploit?? 

no, Those are the current default settings.

[seaquest]

@porthos , disabling that feature may solve the issue but is it right to do so? It seems the issue is false positive. Is there a plan for solving this flase positive while allowing RET ROP Gadget detection?

[Porthos]

1 hour ago, seaquest said:

@porthos , disabling that feature may solve the issue but is it right to do so? It seems the issue is false positive. Is there a plan for solving this flase positive while allowing RET ROP Gadget detection?

The settings n my screen shot are the current defaults. The default settings are are the best balance safety and functionality.

[Arthi]

Hi All,

The default settings that we provide as part of Anti-Exploit is after a careful deliberation by our security experts to provide optimum security while minimizing false positives. It is the recommended solution for users.

However, there are some settings that we offer which provide additional security but might not be compatible with a few 3rd party products. One such is RET ROP Gadget Detection. By default, we do not recommend turning it on. But by no means turning it off will reduce users' security. 

If you are using Firefox 58, Please use default recommended settings as in the below screenshot.

Thank you.