Malwarebytes Anti-Exploit

Anyone using this? Ran this test, and that convinced me. Nothing on the system, including Private Firewall and 360 Total Security blocked the exploit in the test.

It's really light. The free version blocks exploits from major browsers, but I think to add programs, purchasing the Pro version is required. I don't know, but I might be paying for this, but it would be good to hear from anyone who is running the Pro version...

 

Meant to link the test:

https://www.youtube.com/watch?v=s667v_TS-4A

 

Hey AtlBo, I can't answer the about the pay version but I run the free version on every computer in the house. I've never tested it fully but I also trust the Malwarebytes reputation for security. I believe this is a "must have" program for everyone.

 

I have been running the free version on Win7 for a while and just installed it on Win8.1. I've had no problems with it being compatible with my other security programs. If it offers a little more protection why not?

 

Thanks NickT...

There is a Malwarebytes test that you can run that verifies MBAE is running. It opens the calculator using one of the techniques exploit creators use. I ran the test on the setup without MBAE, which is Private Firewall and 360 Total Security, and somehow calc.exe started and wasn't blocked as it should have been. I went into Private Firewall, thinking I must have blanket allowed calc.exe, but it wasn't even there. Then I decided to clean up the individual permissions for programs in PF after seeing a few programs set to allow. Then I ran the test again (and I don't know how), but this time PF blocked the exploit mimicker test all the sudden.

Private Firewall has never prompted about calc.exe. I guess that's because a malware writer can't do anything with calc.exe. I wonder if the Malwarebytes team were taking a jab at firewall writers to set up the test that way, so that it opened calc.exe. Obviously, calc.exe is exempt from firewall monitoring of PF where it resides normally. I will be dogged, though, if I can figure out what I changed in PF program permissions to block the exploit test from opening the calculator. Calc.exe is not even anywhere in the list of processes. It goes down with me as an anomaly for now, because the program permissions that I changed didn't have anything to do with calc.exe.

The test did point to the need for anti-exploit. Curious why I hadn't heard more about this. It's got almost no footprint so anyone should be able to run it.

 

Maybe because Microsoft is set as a Trusted Publisher in Private Firewall?

 

plastidust...

It is set as such. Thanks for the tip.

Still not sure still why calc.exe opened until after I changed some program permissions, though. The reason I say so is that calc.exe opens from the exploit and not normally. This PF should catch every time as the test software. This is what it's doing now.

Since it does catch it now for some reason, so I will go with the 90% probability that I changed some program permission that has something to do with Windows, even though I don't recall doing so. It was just a handfull of programs that I was trusting (behaviorally not internet) as far as I can recall.

I think I have some thinking to do about some things. There are 50+ publishers listed in t.p. I have a bunch of them highlighted to remove, should I just remove them? I don't see the point in even using trusted publishers.

Can't recall if there is a setting to not use the list, and I don't want to close the t.p. list window with all of these highlighted. IDK, should I just get rid of all of them?

EDIT: Nevermind...I nuked them and turned off trusted publishers.

 

Thanks AltBo.

The Free version shields only browsers and browser add-ons, and Java. The Premium version adds shields for PDF readers, media players, Microsoft Office Word, Excel and PowerPoint, and has the ability to add custom shields.

Where's the link for the test? :confused

 

Eldon...

Link:

https://forums.malwarebytes.org/ind...how-to-verify-that-mbae-is-working-correctly/

Shielding browsers and add ons and Java is a pretty good start I feel, considering they account for the vast majority of malware problems. I definitely think malwarebytes got it right to release the free version, although I understand why they limited its coverage of a system. Seems like a good deed to me to give users the ability to be covered for free on the net at least...

 

I agree.
I am grateful for Companies/Publishers that have Free and Paid-for editions of their programs, especially security-related products. Anybody needing extra protection can buy the premium/pro edition.

"Half an egg is better than an empty shell."

Thanks for the link. Will run the test later.

 

Thanks for the link Altbo.

I have to go along with katkat's philosophy: "If it offers a little more protection why not?" As for the "mbae-test.exe" exploit test, Private Firewall won't allow it to run.

 

Just saw this thread. I have MBAM Pro running and I downloaded and ran the exploit test, but it DID NOT block anything. Opened up the calculator normally.

My question is should MBAM Pro version have blocked it or is anti exploit an additional purchase?

 

Never mind, i found the answer.

anyone know whether there is any issues with the free or paid version of anti exploit when running with Windows 8.1?

 

I've been running the free version on 8.1 for a few days now. No issues noted.

 

YW for the link...

Thanks for mentioning this, plastidust. Yes, I went over PF with a fine tooth comb last night, and it definitely does block the exploit. I was going to mention it in this thread but forgot...

 

Good to hear/read.

I didn't know if it would actually block the exploit or not. On this machine it simply won't allow the "mbae-test.exe" file to run at all.

 

plastidust...

I am using the manual Control, which requires action for every single rule. It's something I am enjoying doing, because I feel like am learning alot about the various levels of a computer. Using this setup, I simply allowed the program to run and then run the exploit test. That again produces a prompt, which is the actual exploit block...

 

I like this method to control unwanted activities. It can allow to understand actions that are happened in a computer.

 

Now I'm curious.

I turned off Privatefirewall and ran the MBAE test twice. Both times it performed flawlessly. I then visited some unmentionable websites for about 2 hours and not a single exploit was blocked.

Exactly what type of exploits does MBAE block? :confused

 

Which browser are you using? Do you have Java installed? Are you using the free, trial or premium version of MBAE?

The free version only covers Java and the browser(s) plus browser add-ons.

With Pale Moon v25.0.1, the Anti-Exploit log shows:

"Mozilla Firefox(and add-ons) has been enforced with BottomUp ASLR."
And
"Mozilla Firefox(and add-ons) has been enforced with Anti-HeapSpraying."​

With Pale Moon v25.1.0 it doesn't show anything.

With Internet Explorer the log shows:

"Internet Explorer (and add-ons) is now protected."
"Internet Explorer (and add-ons) has been enforced with DEP."
"Internet Explorer (and add-ons) has been enforced with BottomUp ASLR."
"Internet Explorer (and add-ons) has been enforced with Anti-HeapSpraying."​

Since Java, the Adobe Reader plug-in, VLC Player and Apple Quicktime are not installed on this machine there won't be any references for them in the log.

 

I am using Internet Explorer 9 and don't have Java installed. And MBAE is showing that IE9 is protected. I expected to see a message when an exploit attemp was blocked. Much like Abine's DoNotTrackMe does.

 

Don't know if it displays a message or not. When I had earlier versions installed on the XP machines it never did. Since I've only had it installed on this unit for a couple of days and I can't run the test, I've no idea whether or not it displays any notification when an intrusion attempt is detected.

I was trying to answer your question, "Exactly what type of exploits does MBAE block?"

We'll have to wait for others to chime in.

 

It's been a couple of days. Has anyone had any more experience with MBAE actually blocking an exploit attempt?

In an earlier post I said I visited some unmentionable websites and yet MBAE shows 'Blocked exploit attemps: 0'

 

Concerning Palemoon, I was told this over at Malwarebytes forum by one of the moderators.