Jump to content

Malwarebytes and new Windows Defender anti-exploit features


Recommended Posts

Hi! I noticed that after the last big Windows 10 Update, Windows Defender now includes some anti-exploit modules and I can see that in my computer some of these anti-exploit features are enabled by default. I want to ask if there is any problem in leaving them enabled,  or it will conflict with Malwarebytes' own anti-exploit module?

Thank you!

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

32 minutes ago, axkazex93 said:

I want to ask if there is any problem in leaving them enabled

If you are talking about the feature shown below, I would keep it off as that is the current default setting. 

I had all types of non-Malwarebytes issues with it. Everything else I keep on. ;)

 

controlles folder access.png

Edited by Porthos
Link to post
Share on other sites

11 minutes ago, crisoliv said:

I actually have the same doubt. If MB does a better job and I bet it is the case, should (can) I disable the 6 protection Windows Exploit Protection modules?

I had forgotten about those settings, See below.

I leave those advanced settings as is. I have not had any issues what so ever with 1709. All I ever do to a Windows 10 install is add exclusions for MB in Defender. I leave everything else stock (default).;)

 

exploit protection Windows.png

Link to post
Share on other sites

I don't think that the OP question has been answered, I have the same question. 

Considering Windows 10 OS has it's own anti-exploit functions, and since I prefer to leave them on, since that is the default for the OS, does that mean MWB AE functions within MWB Pro should be disabled to avoid duplication and conflicts, or is the AE module designed to complement Win 10 AE functions?

Put another way, the OS designer has multiple layers of security which should all be switched on as per the default. Anything MWB or any other vendor should, in my view, be additional lavers and not REPLACING or intefering with the OS. Before version 3 it was clear that MWB was in this complimentary category, but now since V3 it's competing with the OS and I've had several lock-ups on default settings of both Win 10 and MWB Pro. By de-activiating Pro or removing MWB completely solves the problem. I'd prefer to leave MWB Pro on, I've excluded it's various recommended files and processes from Win 10 Defender, but still get issues from time to time.

Anyway, my ultimate question is the same as the OP,  is the AE module of MWB working in competion with, or complimentary to Wind 10 AE? Thanks.

Link to post
Share on other sites

  • Staff

Hi All,

Thanks for posting. Malwarebytes' Anti-Exploit protection is compatible with the current default settings of exploit protection in Windows. Even though Microsoft has most of EMET's features built into their exploit protection, most of them are turned off by default. Turning on some of the non-default settings essentially means you are denying access to a 3rd party security product. Leaving those settings AS-IS works fine with Malwarebytes Ani-Exploit. We are closely monitoring their updates to avoid any conflicts in the future. Thanks.

Link to post
Share on other sites

  • Staff
On 2/10/2018 at 8:37 AM, AP2012 said:

Put another way, the OS designer has multiple layers of security which should all be switched on as per the default. Anything MWB or any other vendor should, in my view, be additional lavers and not REPLACING or intefering with the OS. Before version 3 it was clear that MWB was in this complimentary category, but now since V3 it's competing with the OS and I've had several lock-ups on default settings of both Win 10 and MWB Pro. By de-activiating Pro or removing MWB completely solves the problem. I'd prefer to leave MWB Pro on, I've excluded it's various recommended files and processes from Win 10 Defender, but still get issues from time to time.

That's not exactly true.  Those features were only added to Windows 10 recently and weren't integrated into the OS in its original RTM release and Malwarebytes integrated exploit protection into MB3 long before the recent Creators Update where MS added the new features to Windows 10, and even if they had been in the RTM version one could argue that it's no different from Windows Defender (formerly Giant Antispyware before Microsoft purchased the company and integrated a modified version of their "Microsoft Anti-Spyware" application which was based on it into Windows Vista and subsequent Windows releases) in that it is up to the user to decide which application should be protecting their systems, be it for the purpose of malware/virus protection, spyware protection, PUP protection, or in this case, exploit protection.  Just because Microsoft adds a new security feature to their OS does not necessarily mean it provides ideal protection or that third party software vendors should suddenly have to bend to Microsoft's whims whenever they decide to step into a new area of the software field with a new feature/app being bundled with their OS (and one could go even further to say that some of what MS does in integrating so many apps which aren't actually core OS components might be considered anti-competitive which is why they're now forced to sell the 'N' SKUs of their operating systems in Europe which do not include Windows Media Player for this very reason).

In most cases it really does no harm to have additional engines running alongside Malwarebytes as it is deliberately designed to co-exist with other security products, however there are a few exceptions where conflicts become more likely and one of those is the protection provided by the anti-exploit layer due to the way it functions by injecting a DLL into other processes for the purposes of monitoring for and shutting down malicious exploit behavior.  Since this is how virtually all anti-exploit tools work, it means that two or more of them running simultaneously, monitoring the same processes/applications may create circumstances where conflicts may arise including application crashes/failures to launch, system lockups/freezes or even crashes/BSODs.  That said, as Arthi mentions above, the default settings for the exploit protection in Windows 10 have the vast majority of them disabled and those which are enabled do not conflict with the protection in Malwarebytes 3 (something I'm certain their QA team has already tested and verified and so far I haven't seen any threads about conflicts between the two from any users here on the forums either) so it should be just fine to leave it set to defaults with Malwarebytes 3's exploit protection enabled.

Edited by exile360
Link to post
Share on other sites

15 hours ago, Arthi said:

Hi All,

Thanks for posting. Malwarebytes' Anti-Exploit protection is compatible with the current default settings of exploit protection in Windows. Even though Microsoft has most of EMET's features built into their exploit protection, most of them are turned off by default. Turning on some of the non-default settings essentially means you are denying access to a 3rd party security product. Leaving those settings AS-IS works fine with Malwarebytes Ani-Exploit. We are closely monitoring their updates to avoid any conflicts in the future. Thanks.

Thanks for the insight. I'm puzzled though about your comment "most of them are turned off by default".

The default settings of Windows 10 AE are that 4 of the 5 settings are ON not off (screenshot attachd). Are we comparing / talking about the same thing please?

Thanks.

 

Capture AE.PNG

Link to post
Share on other sites

14 hours ago, exile360 said:

...Just because Microsoft adds a new security feature to their OS does not necessarily mean it provides ideal protection or that third party software vendors should suddenly have to bend to Microsoft's whims whenever they decide to step into a new area of the software field with a new feature/app being bundled with their OS ...

In most cases it really does no harm to have additional engines running alongside Malwarebytes as it is deliberately designed to co-exist with other security products...I haven't seen any threads about conflicts between the two from any users here on the forums either) so it should be just fine to leave it set to defaults with Malwarebytes 3's exploit protection enabled.

 

Thanks Exile.

Re your first point, I'd personally say that security is primarily the remit of the OS producer. A market has been created due to MS' failure to do it properly. Now that in the past few years MS have got their act together much better, there is less need for full alternatives, rather complimentary products that add a layer or two. Adding those layers needs to be done extremely carefully and in recognition that the OS should have first call / priority. That's why I've now moved away from internet security suites to Defender but also recognise that MWB is the ideal choice to sit on top of Defender.

That leads on to the scond point....MWB pro was the ideal choice for me until in recent months I've suffered unexplained and frustrating lock ups on default settings of both WD and MWB Pro, with the exception being MWB files and processes being exempted from WD. I've been using MWB Pro since at least 8 years and the past few months have been the most frustrating. Two of my three licenses, on different PCs, have not been used because of this stability / conflict issue, so it's a major problem for me. I'm not prepared to allow MWB to completely take over security from WD. The third license is on and off, I keep hoping for resolution. The past couple of days have been stable, so perhaps an improvement has been implemented, fingers crossed.

 

Link to post
Share on other sites

  • Staff
6 hours ago, AP2012 said:

Thanks for the insight. I'm puzzled though about your comment "most of them are turned off by default".

The default settings of Windows 10 AE are that 4 of the 5 settings are ON not off (screenshot attachd). Are we comparing / talking about the same thing please?

Thanks.

 

Capture AE.PNG

AP2012,

You can add an application under Program Settings and you will see a lot more of them but turned off by default.

Link to post
Share on other sites

53 minutes ago, Arthi said:

AP2012,

You can add an application under Program Settings and you will see a lot more of them but turned off by default.

Ah, OK, thanks for clarifying. I'll leave both WIn 10 AE and MWB AE in default settings and confident that MWB is both filling in the gaps as well as respecting any potential overlaps / conflicts. I've noe gone through another whole day today without any further conflicts - it's looking good and fingers crossed, keep up the great work Arthi and guys. This is exactly what I need, the underlying security of the OS manufacturer with MWB filling the gaps as well as hovering overhead like a hawk waiting to swoop down and attack if anything tries to circumnavigate Windows security.

 

Edited by AP2012
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.