MBAE in Windows 10 Version 1809

[galileo]

Given that MS has been weaving various ant-exploit protections into Windows 10 as it has been evolving:

1. Does MBAE run properly under recent versions of Win 10?
2. Is there any value to utilizing MBAE under recent versions of Win 10?
3. Are there any problems or issues in utilizing MBAE in recent versions of Win 10?
4. Are there any specific configuration settings that should be made to/in MBAE in Win 10?
5. Are there any specific configuration settings that should be made to/in Windows 10 if using MBAE?
6. Are there any specific apps/programs that should or shouldn't be shielded by MBAE in Win 10?

[exile360]

1. Yes it does !
2. Absolutely !
3. None that I'm aware of
4. Nope, not that I know of (and if they were it would come configured that way out of the box in the latest Malwarebytes release)
5. Nope
6. Nope, none that I know of, though the default list of shielded apps should be sufficient for most use cases

I'll concede to any members of the staff that wish to address this post, but having supported Malwarebytes 3 (including Exploit Protection) for every version of Windows 10 shipped so far, I'm pretty confident in my responses and Exploit Protection's full compatibility and compliance with Windows 10's protections including their integration/implementation of EMET in the more recent builds.

 

 

[galileo]

Thanks for the replies!

Can you shed any light on what MBAE "enhances" versus Win 10's own security features?

[galileo]

...ping...

[exile360]

Sorry for not responding sooner.  Unfortunately since I am a Windows 7 user myself I can't dive too deeply into the differences/enhancements etc., but I do know that at the very least Malwarebytes does shield many non-Microsoft/non-OS programs including third party web browsers, office applications and media players; something I don't believe the functions in Windows 10 do, at least not to nearly the same extent.  Malwarebytes also contains specific OS hardening techniques, at least some of which I'm fairly certain are not included in Windows Defender just based on the fact that there are a LOT of them.

If you haven't done so already, take a look at the various options in the interface of Malwarebytes 3 for its Exploit Protection component assuming you have a license (or if you have it available, the 14 day trial).  I'm not certain what the UI looks like for the standalone Anti-Exploit Beta these days so it may not expose as many of the functions/settings that Malwarebytes 3 does but I believe there is parity between them, at least for the most part at the moment.  You can also take a look at the information in this Malwarebytes documentation as it reveals at least some of the functions included with it (there are 3 more tabs that it doesn't reveal as well as additional shielded applications which are not shown due to them not fitting in a single page so one would need to scroll through that dialog in Malwarebytes 3 to see them all).

I'm certain that there is at least some overlap between the two, however I have seen and know many knowledgeable users running the two of them together quite happily and I recall hearing some of them express that the exploit shielding provided by the two applications was diverse enough to keep both running/active, though of course that was a while ago and Microsoft may have made further additions/changes since then, though I have not heard any claims from anyone that it rendered Malwarebytes' Exploit Protection obsolete/redundant in any way.  I realize that wasn't exactly the level of detail you were hoping for, but I hope that it helps nonetheless.

[exile360]

I dug up some additional information from Malwarebytes official support portal that you should find enlightening:

What is Exploit Protection
Vulnerability exploits Malwarebytes Anti-Exploit protects against
Applications Malwarebytes Anti-Exploit Shields
Malwarebytes Anti-Exploit new user FAQ
Malwarebytes Anti-Exploit vulnerability prevention details

Much of that information is pretty basic, but you should be able to hopefully glean at least some useful/new info from all of it, at least that's my hope.

Also, here are screenshots of all of the Exploit Protection settings tabs in Malwarebytes 3 (note that these are NOT configured to the installation defaults as I have deliberately enabled all of them save for one setting which was actually disabled a while back to correct a known issue with MS Office which prevents it from being enabled, even manually in current Malwarebytes builds):

[galileo]

Thank you for your detailed reply!  I do have Malwarebytes Premium (lifetime) installed on two machines.  I have been using MBA since V1...since the "Threatfire" days.  While I am aware of the additional available options, I have never enabled the number of MBA options that you have per your screenshots.  I have run pretty much plain vanilla mode defaults.  I take it that with the options you indicate as enabled, you aren't seeing any OS or performance or software interaction issues?  I have always seen some small performance degradation with MBA but, have opined that the tradeoff versus security was worth that small performance hit. 

I am experimenting with Windows Insider builds and have been wanting to enhance the native W10 protection w/o installing MBA per se.  Hence, my interest in what additional protection benefits these (MBAE & MBARW) offer versus native W10 security options.  I am wondering if either or both of these result in more/less/same performance versus MBA.

On the Insider builds, I run W10 without MBA, but with some enhanced Windows Defender settings (PUA, Block at first sight, MAPS, and Cloud protection level) - but not Controlled Folder Access, which I have found somewhat problematic due to unexpected interference with other apps...and, the fact that W10 does not notify when a CFA block occurs.  It is from this perspective that I have been inquiring about what additional security/protection MBAE and MBARW provide.

Any further observations would be appreciated.

[exile360]

No, I haven't seen any issues related to those settings being enabled; that said, there probably is a good reason for the out of the box defaults so I'm not necessarily advising anyone to configure their copy this way.  I just wanted you to see all of the functions/options available in the product as I figured that might be useful for comparing with Windows Defender.

Yeah, I've heard others mention various issues with CFA.  It seems to be an interesting feature but perhaps a bit too aggressive at times.

[Amaroq_Starwind]

Wait, Memory Patch Hijack Protection causes problems?

[exile360]

Yes, it's been an issue for many releases now going way back many months if not a year or more to a problem, I believe, with MS Office 2016 where if enabled it causes it to crash so they opted to disable the option at least until the conflict can be resolved, though considering how long it's been it might be best to just remove the checkbox as an option at this point because the behavior in the GUI is kind of funky (you can check the box and hit 'Apply' and it will appear to be enabled, but the next time you restart the system or exit/re-launch Malwarebytes the box will be unchecked as the option is never actually enabled since they rolled out this workaround for that issue so it's not the best UX but at least it prevents the crash).