MBAE 1.13.1.235 - Java protections unticked in Advanced Settings

[hake]

I have noticed that the first three Java protections in Advanced Settings in MBAE 1.13.1.235 have become unticked.  Is this by design?

This has occurred with all the installations I have of Windows 7, 8.1 and 10.

I have reinstated the ticked status of those first three protections.  I guess that if they were previously enabled that it should continue.  I do not knowingly use Java.

Edited August 27, 2020 by hake

[Francois_Blais]

1.13.1.235?

This build has not been announced here yet.

Maybe they forgot?

[Arthi]

Hi All,

The build announcement has been made. The Java protection default setting change was intentional due to some false detections we found in the field. We have studied the threat landscape over the past few months and were comfortable to uncheck it by default. However, if you do not face any false detections with the Java protection, feel free to turn it ON.

Thank you.

[hake]

Thanks for that information Arthi.  I can sleep easy about the MBAE installations on the Windows devices of friends and relatives.

[exile360]

I don't think it's nearly as important as it once was to guard Java mainly because most systems don't ship with it installed any more and users who do run Java for a specific purpose (such as development or running a game such as Minecraft) are probably more likely to keep it up to date than the past millions of users who had it installed out of the box by the OEMs, often not even realizing what it was or that it was even installed on the system (because they never actually used it for anything).  Hopefully I'm right and dropping these protection defaults until the FP issue is resolved won't have a negative impact on users.  I don't know how the threat landscape is these days with regards to Java based exploits, but I suspect they likely aren't nearly as prominent as they once were, largely because Java doesn't have the massive install base it once did.

[hake]

I have read that .jar files masquerading as .msi files have been infiltrated into systems. Would MBAE Java protection be relevant in such a circumstance?

[exile360]

Yes, I'm sure it would, assuming the .jar file is malicious.  .jar files (as well as .MSI files) are very common exploit payloads.

Malwarebytes also detects when the file extension does not match as a heuristic rule as I recall, though I'm unsure if that rule applies to .jar files.

Edited August 28, 2020 by exile360

[hake]

For a non-user of legitimate Java, false positives are surely a positive bonus if it increases the likelihood of any Java being detected.