Jump to content
alhazred

Microsoft Edge MBAM anti-exploit

Recommended Posts

Hi folks,

So I was just randomly navigating my MBAM Premium interface and noticed that Edge isn't listed in the Manage Protected Applications window.  I'm a long time user of MBAM going back to when they started, and before Anti-Exploit was integrated into MBAM I used MBAE and I could have sworn there was an entry with "Edge (with add-ons)"  Does MBAM no longer protect Edge with its Anti-Exploit technology?

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Hello,

Similar to Google and their Chrome browser, Microsoft prevents third-party DLL injections into Edge. As a result, we removed Edge from the list of shielded/protected applications. However, Microsoft Edge is still protected by the Exploit Protection component in Malwarebytes, just via other means of protection that do not involve DLL injection. Due to the differences in protection, Microsoft Edge is not listed as a shielded application, but does still benefit from Exploit Protection in some areas.

Share this post


Link to post
Share on other sites

Is it possible to override this by adding Edge to the list of shielded applications manually as you can for chrome.exe?

Share this post


Link to post
Share on other sites
19 hours ago, exile360 said:

Is it possible to override this by adding Edge to the list of shielded applications manually as you can for chrome.exe?

Adding Edge to the list of protected applications will cause Exploit Protection to inject its DLL into the parent process of Edge (which is allowed by Microsoft). However, Exploit Protection is still prevented from injecting into child processes. Injecting only into the parent process and not child processes does not offer any protection.

Edited by LiquidTension

Share this post


Link to post
Share on other sites

Understood, thanks.  Is it the same for Chrome, or does the override work in that case?  I ask because I was told early on that adding chrome.exe manually would re-enable Exploit Protection via DLL injection for Chromium based browsers and that it was removed from the default list for compatibility (basically so that Chrome would quit claiming Malwarebytes was incompatible).  I'm using SRWare Iron, a Chromium based browser but not Chrome itself if that makes any difference, though it does use the same executable name as Chrome (i.e. chrome.exe).

Share this post


Link to post
Share on other sites

Google has yet to fully block third-party DLL injection into Chrome, so adding Chrome to the custom list of protected applications will indeed result in DLL injection-based protection from Malwarebytes.

Reports suggest that Google Chrome version 72 will fully prevent third-party DLL injection. I don't have any information on other Chromium-based browsers.

Share this post


Link to post
Share on other sites

OK, thanks for the info.  Yeah, hopefully others like Iron will determine a different path when Google implements this change.  I much prefer the more robust protection provided by allowing DLL injection, especially since the vast majority of attacks/infections Google intends to stop with this change are actually the result of exploit attacks themselves which Malwarebytes would stop if allowed to properly shield the browser's process.

If they'd do something more like UAC or handle it the same way that extensions are handled where the user is allowed to determine which DLL injections to allow based on a white list that would be preferable to the road they're taking of blocking all out of hand.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.