Using MBAE with Malwarebytes Free

[hake]

I have read that MBAE wil now operate with Malwarebytes Free also installed. Is this correct?

[ky331]

MBAE will work with MB Free... (It will also work with MB PREMIUM, if you disable MB's anti-exploit protection, should you have a reason to do so).   HOWEVER:

Every time you install or update MB's program, it will automatically remove any MBAE installations.   Meaning, after updating MB (FREE or PAID), you will have to reinstall MBAE.

Hake, while you're here... what's the latest version of MBAE that you consider XP-compatible?

Edited August 20, 2019 by ky331

[hake]

I happily use MBAE 1.12.1.109 on Windows XP SP3 running on a pre SSE2 AMD Athlon XP 3000+ processor which lacks hardware DEP.  I run MBAE alongside EMET 4.1u1 but the two anti-exploit systems do not protect the same applications.  EMET protects svchost.exe as well as a number of applications not protected by MBAE

I also run Comodo Firewall Firewall 2.0.4.20 which detects the following types of attack:

• Detection of Buffer Overflows which occur in the STACK memory,

• Detection of Buffer Overflows which occur in the HEAP memory,

• Detection of ret2libc attacks,

• Detection of corrupted/bad SEH Chains

In addition, I use Avast Free 10.4.2233, OSArmor 1.4.3 and Agnitum Outpost Firewall Pro 9.3.  I am confident that I am doing my due diligence to prevent my XP system from being a general security liability for others.  This incarnation of  Windows XP has been in use since May 2006 and has yet to experience any intrusion or malware activity.

Comodo Memory Firewall can still be downloaded and is easy to install and manage.  It is also useful on XP systems with hardware DEP.  It was initially called Comodo Memory Guardian but some chump at Comodo had the bright idea to change the name and so confused many people.  It has no firewall functionality.

Edited August 20, 2019 by hake

[exile360]

Just to clarify, Malwarebytes Anti-Exploit and the Exploit Protection component in Malwarebytes Premium likely do actually protect svchost.exe as well as many/most other system processes and components as it doesn't only shield the applications listed in the default Protected Applications list.  This is because it also has multiple 'generic' exploit protection components and shields as well as several system hardening techniques that it uses to protect against common exploit tactics and behaviors.  I do not know the full technical details of its inner workings, but I do know that it actually does provide extensive protection beyond that listed in the Protected Applications list (this is the reason many of the settings under its Advanced Settings menu do not apply to the specific applications and categories protected under the Protected Applications list).

[hake]

Thanks exile360.  All those extra protections are signs that Malwarebytes is keeping its light under a bushel.  I guess that it must have been doing this for quite a while.  It would seem reasonable for MBAE to protect svchost.exe and the like as such system features are constant known quantities which are profoundly impotant for the overall security of the various versions of Windows.

Are such extra protections likely to be included in MBAE 1.12.1.109 or even MBAE 1.12.1.90?

Edited August 22, 2019 by hake

[CeeBee]

On 8/20/2019 at 1:55 PM, ky331 said:

Every time you install or update MB's program, it will automatically remove any MBAE installations.   Meaning, after updating MB (FREE or PAID), you will have to reinstall MBAE.

I have a 3 PC paid license valid for both MBAE and MBAM.  I would like to run MBAE as base protection and MBAM as a demand scanner, however, the above default install setting makes this a bit awkward, to say the least.  I'm missing an option at install to allow me to do so.  Anyone at Malwarebytes listening?

[exile360]

I'm not so certain they'll add that only because there are extremely few users who run MBAE alongside Malwarebytes just because MBAE has been integrated into Malwarebytes Premium for so long now and MBAE is only a beta tool at this point, plus the entire reason they implemented the removal in the first place is due to known issues/conflicts when 2 copies of the Exploit Protection driver try to load at the same time, and I'm certain they want to make sure they avoid that; something that is particularly critical for many business customers who are often still using the standalone build of MBAE as they migrate to the fully integrated client.

Don't get me wrong, I understand where you're coming from, however I'm pretty sure they wouldn't want to add what would likely be a confusing and likely misunderstood option to the installer to correct a very niche corner case, especially since Malwarebytes 3 always enables all protection immediately once installed if it is either licensed/Premium or when the free trial is available which would case the conflict to occur right there on the spot if MBAE is active.

With all of that said, they *might* be able to do something like add a special command line switch to the installer to have it skip the uninstall routine for MBAE and any other incompatible Malwarebytes products/tools it would normally remove, but I don't know if that would even be possible or not and it still wouldn't address installers that are launched through the internal updater meaning you'd have to refrain from allowing it to install any application updates and run the installer with this hypothetical command line switch any time a new version is released.  That seems like the option they'd be least likely to shoot down, but I'll provide your feedback to the Product team either way so let me know which option(s) would suit you and I will advise them.

[CeeBee]

6 minutes ago, exile360 said:

With all of that said, they *might* be able to do something like add a special command line switch to the installer to have it skip the uninstall routine for MBAE and any other incompatible Malwarebytes products/tools it would normally remove ... I'll provide your feedback to the Product team either way ...

I have no preference other than an option/switch or whatever which would make life easier for my type setup.  Maybe there is a 3rd way, like install MBAM normally and then via options disable the inline scanning and MBAE (not sure what it looks like as I have never installed this beast) turning MBAM into a demand scanner.  Here, add an option about not changing the configuration during application updates.  That way I only have to reinstall MBAE once after setting up MBAM.  That said, perhaps your simple (?) command switch idea is better.

[nukecad]

I've asked about this previously and it's built in to the updater/installer to uninstall any existing MB products which might conflict with the new install.

As exile360 notes it would require a lot of work to change the installer just for a small subset of users still running MBAE beta.

Your '3rd way' is about how I currently do it:

I simply install the MB update, turn off (any free trial of) real time protection so it's just an on demand scanner, and then reinstall MBAE from the latest installer that I have saved on my HD.
Yes it's a bit more work, but it's not that onerous, only takes minutes, and is not something you have to do often.

Edited August 22, 2019 by nukecad

[CeeBee]

11 minutes ago, nukecad said:

I simply install the MB update, turn off (any free trial of) real time protection, so it's just an on demand scanner, and then reinstall MBAE from the latest installer that I have saved on my HD. Yes it's a bit more work, but it's not that onerous, only takes minutes, and is not something you have to do often.

Thanks.  Not ideal, but, it should work.

Alternatively, as I don't like "upgrade-nudging", if I install a licensed version of MBAM, how do I set the program options if I want demand scanning only (which allows reinstall of MBAE)?  Or is this not a feasible/good idea?

[exile360]

Yeah, definitely not ideal, but it is made at least somewhat more bearable by the fact that, for the most part at least, Malwarebytes applications don't usually require a reboot to remove/reinstall them any more (there are occasional exceptions of course, but usually they don't need a reboot).

[CeeBee]

37 minutes ago, nukecad said:

I've asked about this previously and it's built in to the updater/installer to uninstall any existing MB products which might conflict with the new install.  As exile360 notes it would require a lot of work to change the installer just for a small subset of users still running MBAE beta.

Thinking of it, I'm not sure it's such a small subset.  Lots and lots of people use MBAM as a demand scanner in parallel with another virus scanner like Norton-Symantec (which I have used since the days of Peter Norton and PCDOS).  That said, I use other on demand scanners like MBAR Rootkit, HitmanPro, SuperAntispyware, etc., so I'm okay (famous last word...) regardless.

[exile360]

6 minutes ago, CeeBee said:

Lots and lots of people use MBAM as a demand scanner in parallel with another virus scanner like Norton-Symantec (which I have used since the days of Peter Norton and PCDOS).

While this is very true, it's also true that most such users aren't using (and likely aren't even aware of) the standalone build of Malwarebytes Anti-Exploit, otherwise we would definitely hear about this issue a lot more often than we do (I've only seen it discussed on the forums here maybe 2 or 3 times in all the years since they started doing this with the Malwarebytes installer).

[Porthos]

1 hour ago, CeeBee said:

Alternatively, as I don't like "upgrade-nudging", if I install a licensed version of MBAM, how do I set the program options if I want demand scanning only (which allows reinstall of MBAE)?  Or is this not a feasible/good idea?

Anti exploit( stable and not a beta) is part of MB. Just turn off the  auto scan schedule, Turn off all other modules and only leave anti exploit on. Turn off the warnings about protections  being turned off and there you have it, manual scanning.

Waste of a paid license but if that is what you want so be it.

Edited August 22, 2019 by Porthos

[CeeBee]

29 minutes ago, Porthos said:

Just turn off the  auto scan schedule, Turn off all other modules and only leave anti exploit on. Turn off the warnings about protections  being turned off and there you have it, manual scanning. Waste of a paid license but if that is what you want so be it.

Thanks.  I suppose I have to install v.3 and play with the options to see if that's what I want.  We'll see.

Not a waist of a paid license, imo.  I'm paying (and have for years) to use (Beta) MBAE.  My choice.  Somehow the MB guys need money too .. and if most people run only free we may not get the support we need.  😉

[nukecad]

It's always your choice.

I have a MB pro licence but at the moment I choose not to to register it so that I can see what others without a registered licence can see.

Sometimes  just turning off the pro/registered options doesn't tell  the full story of what non registered users may be seeing.

Edited August 22, 2019 by nukecad

[CeeBee]

10 hours ago, nukecad said:

It's always your choice. I have a MB pro licence but at the moment I choose not to to register it so that I can see what others without a registered licence can see. Sometimes  just turning off the pro/registered options doesn't tell  the full story of what non registered users may be seeing.

Good point!  I can always try the free and register later.  Or, maybe just reinstall v.1.75.0.1300 (this is a joke...)!