Anti exploit advanced settings, drawbacks of too agressive settings

[Living_Computer]

Note for mods: I made a support ticket, but the support staff recommended this forum to get in touch with the developers. This question is mainly aimed at the stable version included in MBAM Premium btw, if this is the wrong forum for it, then please move this thread to the correct one.

Is there any drawbacks security-wise to into exploit prevention > advanced settings and just checking every checkbox for all programs? I know it can cause performance problems, but this is my home computer, I'm a power user, i know what I'm doing. Also, is there any way to add more categories than just the existing ones and "other" ? That would be good, there is lots of categories that programs don't fit into, but the programs may need different security settings.

I know any mods or admins here is gonna recommend default settings, but i wanna try stronger settings and see if it gives me any noticeable performance problems/other problems.

For example, where would i put apps like Teamspeak, Discord and Skype? I know Skype is electron based and i think Discord is too, so they should be under "browsers" right? Or Chromium-based browsers? Teamspeak is not web browser based at all, it is a VOIP application used by gamers, but also by companies and governments.

What about Thunderbird? Steam?

 

By the way, if i add Steam, does that automatically include all Steam games (you start them through Steam) too?

Speaking about that, is there any gamers here using MBAE (beta or regular) with Steam/your games? ATTENTION GAMERS. You don't need to read this, read the TL;DR down below instead! Have you added games like CS:S, CS:GO and TF2 into MBAE? I know Source based games have had known exploits before (patched now of course). I understand there is not really a point trying to protect a single player game from exploits, but i think multiplayer games is another question.

I know MBAE injects dlls, anyone here using it with CS:GO or other VAC-protected games and gotten banned? If so, how long? VAC bans are delayed and don't happen instantly, from what i know, it can theoretically take up to 6 months.

And also, another follow up question, which settings have you enabled for the VAC games in question with/without having any problems?

 

TL;DR for gamers, have you used MBAE (stable or beta) with CS:GO or other VAC protected games? Gotten a ban or not? For how long, what settings more specifically?

 

 

[exile360]

Greetings,

I'm not a Developer, but I do believe that I can address at least some of your questions.  First, I too check all of the boxes under Advanced Settings for (hypothetically) better protection, however I do not know if it really does anything to actually enhance protection or not, so the Devs would have to answer that one to know for certain.

With regards to adding custom shields for other applications, I will generally put them into the Browsers category if the application in question connects to and displays any kind of web based content as a browser might do (for example, the embedded HTML/images/links etc. found in email clients and some instant messenger apps like Skype), however for games I believe it is a different matter.  For Steam specifically, since it does display live web content and in fact has a browser built into it (which I believe is based on Chromium though I am not positive on that) you should be able to add it as a browser but I do not know if games launched through Steam would be shielded in any way or not.  Theoretically I would think so since they should be child processes of it I believe, but again I don't know for sure that this is how it works so a Dev may need to answer this.  That said, I am not confident that Exploit Protection as it exists now in Malwarebytes would do much if anything to shield games against malicious exploits due to how different their code and functionality are compared to browsers and other applications normally protected by Exploit Protection in Malwarebytes so I would not rely on this as a valid means of protecting your games from threats/exploits.  If you have added Steam as a protected process you should be able to use Process Explorer to determine whether or not Exploit Protection is loaded into the game's executable by looking for mbae64.dll in its threads.  I have not heard of anyone getting banned due to Exploit Protection in Malwarebytes, however that does not mean that it has not or could not happen; some of these modern DRM schemes are pretty draconian so it wouldn't surprise me in the least to discover that a player did get banned after adding their game as a custom shielded application to Exploit Protection, but hopefully they'd see the data from the DLL and realize what it is and what it is for and promptly correct the ban, but you never know.  I've heard of some pretty bad and unfair situations involving such DRM schemes recently so I wouldn't hold my breath for any of these game companies that use these more severe DRM schemes/tools to back off and do the right thing.

I hope this helps and if there's anything else we might help you with please let us know.

Thanks

[Living_Computer]

Yeah, i have an almost 10 year old Steam account with loads of game and in very good standing, so i don't wanna risk it. Just a little note though, VAC is not really a DRM, it's an anti cheat tool. And I'm not against it at all, I'm against intrusive DRM, but if you play multiplayer, you can't expect to be allowed to cheat, they have to have control. At least on official servers that is, on community servers can disable VAC if they want (but no one does, no one likes cheaters)

Valve is actually a pretty chill company when it comes to mods, DRM and that kind of stuff. They even publish SDKs and encourage modding.

I believe it could offer some kind of protection for games though, the techniques seem to work against exploits in general, games aren't usually subject to RCE exploits though, more like bugs people use to gain advantages in the game. Source games have had some RCE exploits earlier though, but it's not a big threat in the gaming world now that i know of. But better safe than sorry.

I know someone on the Steam User Forums (they are shut down now, replaced by a more "modern" and worse variant) had been banned for using EMET, but that was like 2012-2014 or something i think.

I don't think i need help with anything else right now, the most important question is really, does checking all the boxes in Exploit Protection > advanced provide any drawbacks, security wise? I know performance and stability wise, but that will be a problem i have to deal with later.

By the way, can you protect things like Virtualbox with this? Should i add its drivers too in that case?

[exile360]

Oh, I see, it's the anti-cheat component.  Yes, I agree, that is very important for online multiplayer games.  Cheaters ruin the experience for others and should be banned.  Yeah, I wouldn't risk it.  While I have seen the occasional exploit, hijack or malware that would infect users through a game, it is generally pretty rare, and I believe most of the documented incidents weren't really exploits in the traditional sense as much as they were exploits of the game's server/internet components and in-game content (not the same as say a browser exploit trying to infect a system through a malicious website).

As far as I know checking all of the boxes doesn't do anything to compromise security (I suspect they wouldn't be there to begin with if they did), however the default configuration is likely the safest with regards to application compatibility and system performance, so while I do believe that checking all the boxes should increase overall security, I suspect there are risks with regards to stability and/or performance and this is likely why some of the boxes are unchecked (though it is also likely that many of them are unchecked simply because those particular types of exploits/attack vectors don't really apply to those types of applications and so there isn't much, if anything, for the additional settings to protect those applications from).

No, I don't believe that adding VMs to Exploit Protection would do anything to help with the security of your VMs and might potentially cause problems (though in all likelihood it probably just wouldn't do anything of benefit or harm).