Jump to content

Control Flow Guard


Recommended Posts

  • Staff

Based on what I read about it, CFG sounds a lot like the application hardening and application memory protection components in MBAE.  I'll have to wait for one of the staff who is more intimately familiar with the technology, but to me it seems like Malwarebytes already has most if not all of what CFG does covered in their existing Anti-Exploit technology.

Link to post
Share on other sites

I raised the question because Windows CFG imposes a significant performance hit on older hardware (like a 2007 Toshiba Satellite Pro P200 with T5550 1.83GHz Intel Core Duo processor).

Link to post
Share on other sites
  • Staff

Ah, yeah, those were really decent systems for their time.  Sadly, these days their IPC is pretty low relatively speaking, plus they don't support a few major APIs/extensions that aid in efficiency and performance.  I guess there's not too much point in enabling the feature if the performance cost is too high.  Hopefully I'm right about the parity of MBAE's existing features so that you won't lose anything in keeping CFG disabled.

Link to post
Share on other sites

I have noticed that disabling CFG, Avast anti-exploit and OSArmor anti-exploit seems to cause MBAE activity to increase, according to Task Manager. Don't all these 'anti-exploits' get in each other's way?

Link to post
Share on other sites
  • Staff

Yes, they certainly can if they have a lot of overlap, especially if they're monitoring/injecting into the same processes and system components (very likely since typically certain apps are more likely to be targeted by exploits than others; for example, web browsers and office apps).

Link to post
Share on other sites

Would it be fair to say that MBAE is intended to protect against all known exploits, including memory manipulations and blocking exploit payloads?

Edited by hake
Link to post
Share on other sites
  • Staff
On 11/15/2020 at 3:55 AM, hake said:

Would it be fair to say that MBAE is intended to protect against all known exploits, including memory manipulations and blocking exploit payloads?

Sorry, I didn't see this question.  Yes, it blocks against memory/process injection/manipulation as well as exploit payload download/execution.  It's a very robust and proactive defense against exploits.

Link to post
Share on other sites
  • Root Admin

These are quite old videos but they do go into some detail on how MBAE works. I'm hoping that we update these videos to the current product at some point.

Also, please note that MBAE has been a part of Malwarebytes Premium for a long time now.

MBAE Exploits How they work

Malwarebytes Anti-Exploit in action

 

 

 

Link to post
Share on other sites

I am curious about the negative effects of using more than a single anti-exploit protection and the consequences of those negative effects in reduced effectiveness of individual protections.  Having said that, I do enjoy a charmed life with exploits or rather the infreqency of them.  I can only recall three instances of MBAE blocking an exploit in the nearly seven years that I have been using it.  Of course, one successful exploit is one too many so MBAE has been valuable to me.

I have four simultaneously running anti-exploit facilities on my systems: MBAE, Avast, OSArmor and Windows 10 Control Flow Guard.  It is seemingly impossible to find useful information on the effects of using multiple anti-exploits.

Edited by hake
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.