Jump to content
hake

Using MBAE with Malwarebytes Free

Recommended Posts

I have read that MBAE wil now operate with Malwarebytes Free also installed. Is this correct?

Share this post


Link to post
Share on other sites
Posted (edited)

MBAE will work with MB Free... (It will also work with MB PREMIUM, if you disable MB's anti-exploit protection, should you have a reason to do so).   HOWEVER:

Every time you install or update MB's program, it will automatically remove any MBAE installations.   Meaning, after updating MB (FREE or PAID), you will have to reinstall MBAE.

Hake, while you're here... what's the latest version of MBAE that you consider XP-compatible?

Edited by ky331

Share this post


Link to post
Share on other sites
Posted (edited)

I happily use MBAE 1.12.1.109 on Windows XP SP3 running on a pre SSE2 AMD Athlon XP 3000+ processor which lacks hardware DEP.  I run MBAE alongside EMET 4.1u1 but the two anti-exploit systems do not protect the same applications.  EMET protects svchost.exe as well as a number of applications not protected by MBAE

I also run Comodo Firewall Firewall 2.0.4.20 which detects the following types of attack:

  • Detection of Buffer Overflows which occur in the STACK memory,

  • Detection of Buffer Overflows which occur in the HEAP memory,

  • Detection of ret2libc attacks,

  • Detection of corrupted/bad SEH Chains

In addition, I use Avast Free 10.4.2233, OSArmor 1.4.3 and Agnitum Outpost Firewall Pro 9.3.  I am confident that I am doing my due diligence to prevent my XP system from being a general security liability for others.  This incarnation of  Windows XP has been in use since May 2006 and has yet to experience any intrusion or malware activity.

Comodo Memory Firewall can still be downloaded and is easy to install and manage.  It is also useful on XP systems with hardware DEP.  It was initially called Comodo Memory Guardian but some chump at Comodo had the bright idea to change the name and so confused many people.  It has no firewall functionality.

Edited by hake

Share this post


Link to post
Share on other sites

Just to clarify, Malwarebytes Anti-Exploit and the Exploit Protection component in Malwarebytes Premium likely do actually protect svchost.exe as well as many/most other system processes and components as it doesn't only shield the applications listed in the default Protected Applications list.  This is because it also has multiple 'generic' exploit protection components and shields as well as several system hardening techniques that it uses to protect against common exploit tactics and behaviors.  I do not know the full technical details of its inner workings, but I do know that it actually does provide extensive protection beyond that listed in the Protected Applications list (this is the reason many of the settings under its Advanced Settings menu do not apply to the specific applications and categories protected under the Protected Applications list).

Share this post


Link to post
Share on other sites
Posted (edited)

Thanks exile360.  All those extra protections are signs that Malwarebytes is keeping its light under a bushel.  I guess that it must have been doing this for quite a while.  It would seem reasonable for MBAE to protect svchost.exe and the like as such system features are constant known quantities which are profoundly impotant for the overall security of the various versions of Windows.

Are such extra protections likely to be included in MBAE 1.12.1.109 or even MBAE 1.12.1.90?

Edited by hake

Share this post


Link to post
Share on other sites
On 8/20/2019 at 1:55 PM, ky331 said:

Every time you install or update MB's program, it will automatically remove any MBAE installations.   Meaning, after updating MB (FREE or PAID), you will have to reinstall MBAE.

I have a 3 PC paid license valid for both MBAE and MBAM.  I would like to run MBAE as base protection and MBAM as a demand scanner, however, the above default install setting makes this a bit awkward, to say the least.  I'm missing an option at install to allow me to do so.  Anyone at Malwarebytes listening?

Share this post


Link to post
Share on other sites

I'm not so certain they'll add that only because there are extremely few users who run MBAE alongside Malwarebytes just because MBAE has been integrated into Malwarebytes Premium for so long now and MBAE is only a beta tool at this point, plus the entire reason they implemented the removal in the first place is due to known issues/conflicts when 2 copies of the Exploit Protection driver try to load at the same time, and I'm certain they want to make sure they avoid that; something that is particularly critical for many business customers who are often still using the standalone build of MBAE as they migrate to the fully integrated client.

Don't get me wrong, I understand where you're coming from, however I'm pretty sure they wouldn't want to add what would likely be a confusing and likely misunderstood option to the installer to correct a very niche corner case, especially since Malwarebytes 3 always enables all protection immediately once installed if it is either licensed/Premium or when the free trial is available which would case the conflict to occur right there on the spot if MBAE is active.

With all of that said, they *might* be able to do something like add a special command line switch to the installer to have it skip the uninstall routine for MBAE and any other incompatible Malwarebytes products/tools it would normally remove, but I don't know if that would even be possible or not and it still wouldn't address installers that are launched through the internal updater meaning you'd have to refrain from allowing it to install any application updates and run the installer with this hypothetical command line switch any time a new version is released.  That seems like the option they'd be least likely to shoot down, but I'll provide your feedback to the Product team either way so let me know which option(s) would suit you and I will advise them.

Share this post


Link to post
Share on other sites
6 minutes ago, exile360 said:

With all of that said, they *might* be able to do something like add a special command line switch to the installer to have it skip the uninstall routine for MBAE and any other incompatible Malwarebytes products/tools it would normally remove ... I'll provide your feedback to the Product team either way ...

I have no preference other than an option/switch or whatever which would make life easier for my type setup.  Maybe there is a 3rd way, like install MBAM normally and then via options disable the inline scanning and MBAE (not sure what it looks like as I have never installed this beast) turning MBAM into a demand scanner.  Here, add an option about not changing the configuration during application updates.  That way I only have to reinstall MBAE once after setting up MBAM.  That said, perhaps your simple (?) command switch idea is better.

Share this post


Link to post
Share on other sites
Posted (edited)

I've asked about this previously and it's built in to the updater/installer to uninstall any existing MB products which might conflict with the new install.

As exile360 notes it would require a lot of work to change the installer just for a small subset of users still running MBAE beta.

Your '3rd way' is about how I currently do it:

I simply install the MB update, turn off (any free trial of) real time protection so it's just an on demand scanner, and then reinstall MBAE from the latest installer that I have saved on my HD.
Yes it's a bit more work, but it's not that onerous, only takes minutes, and is not something you have to do often.

Edited by nukecad

Share this post


Link to post
Share on other sites
11 minutes ago, nukecad said:

I simply install the MB update, turn off (any free trial of) real time protection, so it's just an on demand scanner, and then reinstall MBAE from the latest installer that I have saved on my HD. Yes it's a bit more work, but it's not that onerous, only takes minutes, and is not something you have to do often.

Thanks.  Not ideal, but, it should work.

Alternatively, as I don't like "upgrade-nudging", if I install a licensed version of MBAM, how do I set the program options if I want demand scanning only (which allows reinstall of MBAE)?  Or is this not a feasible/good idea?

Share this post


Link to post
Share on other sites

Yeah, definitely not ideal, but it is made at least somewhat more bearable by the fact that, for the most part at least, Malwarebytes applications don't usually require a reboot to remove/reinstall them any more (there are occasional exceptions of course, but usually they don't need a reboot).

Share this post


Link to post
Share on other sites
37 minutes ago, nukecad said:

I've asked about this previously and it's built in to the updater/installer to uninstall any existing MB products which might conflict with the new install.  As exile360 notes it would require a lot of work to change the installer just for a small subset of users still running MBAE beta.

Thinking of it, I'm not sure it's such a small subset.  Lots and lots of people use MBAM as a demand scanner in parallel with another virus scanner like Norton-Symantec (which I have used since the days of Peter Norton and PCDOS).  That said, I use other on demand scanners like MBAR Rootkit, HitmanPro, SuperAntispyware, etc., so I'm okay (famous last word...) regardless.

Share this post


Link to post
Share on other sites
6 minutes ago, CeeBee said:

Lots and lots of people use MBAM as a demand scanner in parallel with another virus scanner like Norton-Symantec (which I have used since the days of Peter Norton and PCDOS).

While this is very true, it's also true that most such users aren't using (and likely aren't even aware of) the standalone build of Malwarebytes Anti-Exploit, otherwise we would definitely hear about this issue a lot more often than we do (I've only seen it discussed on the forums here maybe 2 or 3 times in all the years since they started doing this with the Malwarebytes installer).

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, CeeBee said:

Alternatively, as I don't like "upgrade-nudging", if I install a licensed version of MBAM, how do I set the program options if I want demand scanning only (which allows reinstall of MBAE)?  Or is this not a feasible/good idea?

Anti exploit( stable and not a beta) is part of MB. Just turn off the  auto scan schedule, Turn off all other modules and only leave anti exploit on. Turn off the warnings about protections  being turned off and there you have it, manual scanning.

Waste of a paid license but if that is what you want so be it.

Edited by Porthos

Share this post


Link to post
Share on other sites
29 minutes ago, Porthos said:

Just turn off the  auto scan schedule, Turn off all other modules and only leave anti exploit on. Turn off the warnings about protections  being turned off and there you have it, manual scanning. Waste of a paid license but if that is what you want so be it.

Thanks.  I suppose I have to install v.3 and play with the options to see if that's what I want.  We'll see.

Not a waist of a paid license, imo.  I'm paying (and have for years) to use (Beta) MBAE.  My choice.  Somehow the MB guys need money too .. and if most people run only free we may not get the support we need.  😉

Share this post


Link to post
Share on other sites
Posted (edited)

It's always your choice.

I have a MB pro licence but at the moment I choose not to to register it so that I can see what others without a registered licence can see.

Sometimes  just turning off the pro/registered options doesn't tell  the full story of what non registered users may be seeing.

Edited by nukecad

Share this post


Link to post
Share on other sites
10 hours ago, nukecad said:

It's always your choice. I have a MB pro licence but at the moment I choose not to to register it so that I can see what others without a registered licence can see. Sometimes  just turning off the pro/registered options doesn't tell  the full story of what non registered users may be seeing.

Good point!  I can always try the free and register later.  Or, maybe just reinstall v.1.75.0.1300 (this is a joke...)!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.