Several other people are also reporting that Anti-Exploit is blocking IE10 from opening (Win7x64), so again, I reiterate that one should preferably wait before downloading/installing this program. If you still wish to go ahead and try things, proceed at your own risk!
Build 0.9.2.1200 [BETA] has been released, and I can confirm IE10 now opens on Win7x64 systems :emotion-1:. A critical step in the right direction!
Changelog:
Fix crash when pressing "Clear" button in the LOG tab.
Fix error when opening DOCX/XLSX under certain configurations of MS Office under Windows 7 64bits.
Fix false positive when opening IE10 under certain configurations of Windows 7 64bits.
Fix "Shielded applications" counter in GENERAL tab sometimes does not showing correct count.
================================
I don't believe the BETA version is "ready for prime time" usage... but those who are interested in carefully TESTING it are now in a much better position to do so.
The main problem I've just encountered is that if I stop/start AntiExploit while IE is open/running, it can crash IE. (I'm not sure if this was merely a IE+AntiExploit conflict, or if EMET (*) might have been a contributing factor here, as EMET (*) simultaneously generated a DEP error alongside the AntiExploit+IE crash.) [But it appears that if I start/stop AntiExploit with IE closed, there's no issue.] Again, anyone contemplating testing this, proceed with caution!
================================
Update: After a day or two of testing, I believe this build is test-worthy (for those who are curious and willing to "play"). I believe all my conflicts/issues with it have been 1) EMET (*) related (which means most of you, who don't use EMET, wont experience this), and 2) Lotus iNotes attachment related (so likewise, most people won't encounter this). I have reported my experience/findings to the developer.
Basically, the program simply resides in the background, and shouldn't alert you unless/until it intercepts (what it believes to be) an exploit. If it can stop java exploits (while allowing legitimate applets to run), that alone might be reason to consider this program. [Since I don't have java on my systems, I'm not in a position to test this. And I don't see (even temporarily) installing java for the sake of testing.]
================================
(*) Revised Update: After further testing, I'm inclined to believe EMET is NOT a factor/conflict in crashing IE (by STOPping MBAE while IE is open)... I believe the fault lies wholly in MBAE.
List of known issues for Malwarebytes Anti-Exploit[as of 21 June]
Under Windows 7 64bits under certain configurations Chrome browser may fail to open.
Sometimes the icon disappears from the traybar after reboot even if mbae.exe is running. As a workaround, run TaskManager or ProcessExplorer as administrator and "kill" the process mbae.exe/mbae64.exe and then run Malwarebytes Anti-Exploit from Start, Programs, Malwarebytes Anti-Exploit.
When Stopping/Starting or Exiting MBAE while a shielded application is open and injected by MBAE (browsers, Adobe, etc.) it may take some time for MBAE to uninject its DLL and cause an application "hang". As a workaround, make sure to close all shielded applications before stopping/starting/exiting MBAE.
System error "sending command" when opening docx/xlsx files under certain MS Office & Windows configurations.
Webroot may prevent MBAE from injecting its DLL into protected processes.
Trusteer Rapport may prevent MBAE from injecting its DLL into protected processes.
DefenseWall may prevent MBAE from injecting its DLL into protected processes.
Sandboxie may prevent MBAE from injecting its DLL into protected processes.
Incompatibility with Comodo may cause unexpected browser behaviour.
Incompatibility with some EMET mitigations may crash certain protected processes.
As described above in this thread, I've definitely experienced #3, "crashing" IE. Granted, closing all shielded applications before stopping MBAE may avoid the crash. But if I'm in the middle of surfing, and I detect a problem I believe is MBAE-related, I would like to be able to (temporarily) stop MBAE to continue my work [and test my theory], rather than having to exit IE, stop MBAE, and then first begin my surfing session from scratch.
I believe I've also experienced #2, and perhaps #4 as well. I wonder about #10, but I believe (especially after seeing #3 documented) that my particular issue was independent of EMET.
[I have not tested MBAE+Sandboxie, nor MBAE+Chrome... and currently have no plans to do so.]
Despite all these known issues, I am amazed how "quietly" MBAE is running in the background. So I will continue to "use" (i.e., TEST) it --- carefully --- focusing on its potential rather than its (current) flaws.
While I'm very encouraged with what I see in MBAE under Win7, I can't say the same for my XP experience:
On my XP system with only 1 GB RAM, after installing MBAE, it seemed to induce a "memory leak" in my browsers, both IE and FF, so that they were continually increasing in size, "eating" all the RAM, and ultimately expanding into the SWAP file... to the point that browsing became so slow as to be useless :emotion-7: .
Upon UNinstalling MBAE, that system became viable again.
So I have to wonder: Is there a real connection/problem here [which needs to be fixed], or was my experience a fluke? I have relayed my findings to the founders.
Update: They've replied that they've never encountered this issue... so unless/until someone else has a similar experience, I may have to dismiss this as being a fluke of my aging XP system. (They're willing to help more... but there's only so much I want to try on that system.)
I enjoy testing programs of this nature... and hopefully increasing my system's security in the process.
Of course, when you look at everything I'm using (per my updated signature), one has to wonder whether I've reached the point of overkill :emotion-15:. I'm sure there's some overlap... perhaps a lot. But the bottom line is: 1) first and foremost, no [significant] malfunctions nor conflicts ; and 2) no [noticeable] slowdowns in my system's functioning. As long as that's the case, I see no reason to rid myself of anything.
I can't recall having any infections. Which begs the point: what, if anything, has my security setup actually prevented? Or has it been more a matter of disciplined safe-surfing? [Yes, on rare occasions, avast's web shield (or even more rarely, MBAM's web blocking) might pop up saying they've prevented something they believe to be malicious...]
----
For MBAE itself: I no longer believe it was the culprit in the memory leak on my XP system, which was the only "serious" issue I was worried about. The fact that it can crash IE if I stop MBAE while IE is open, is annoying... but knowing that, I no longer attempt it. ( And there really shouldn't be an actual need to do so.)
I like how it just sits there silently... presumably protecting me... but without being obvious at all.
As for Sandboxie, I've read lots of complaints about it vs. MBAE. I don't use Sandboxie regularly... maybe I'm being naïve, but with all the other security programs I'm running, with my focus on safe-surfing, and the fact that I haven't incurred malware issues in so proceeding, makes me hope that I can run without regular sandboxing. In fact, the main time that I'll invoke sandboxie is if there's some link I'm unsure about, but which I feel there's a need to pursue: in such a case, I'll do so sandboxed. In my minimal use of Sandboxie, I haven't "seen" a conflict with MBAE. But I really haven't paid attention to the details of what people are reporting there... and presumably if I did, I would be able to recreate the issue. But for people like you, who regularly use (and advocate) Sandboxie, I can certainly see bypassing MBAE unless/until the conflict is resolved.
New Features: • Fixed false positive when downloading a binary file under Chrome. • Fixed crash when opening Chrome under certain configurations. • Fixed false positive when opening MS Word with certain add-ins. • Fixed error opening Word/Excel files under certain configurations. • Improved upgrade mechanism when installing on top of older versions. • Added full version number to the main interface. • Minor interface improvements.
==============
CAVEAT: In my preliminary testing, I have found this newest version to have incompatibilities with Internet Explorer (10 on Win7x64 Pro; and 8 on WinXP Pro)... which might be related to my having/using the Yahoo toolbar. On that basis, I was forced to UNinstall build 1400, and revert back to build 1200 [which has been working reasonably well for me].
DISCLAIMER: A new version of MBAE (still in BETA) has been released. These most recent versions are trying to add "more advanced memory protection to block exploits at" earlier stages of potential infection. I HAVE NOT YET TESTED IT. But I want to remind everyone that I have encountered several issues with prior builds... which, for example, forced me to revert from 09.2.1400 to 09.2.1200 (as noted in the preceding post). If you wish to try/TEST this, do so with CAUTION.
Sometimes the icon disappears from the traybar after reboot even if mbae.exe is running. As a workaround, run TaskManager or ProcessExplorer as administrator and "kill" the process mbae.exe/mbae64.exe and then run Malwarebytes Anti-Exploit from Start, Programs, Malwarebytes Anti-Exploit.
When Stopping/Starting or Exiting MBAE while a shielded application is open and injected by MBAE (browsers, Adobe, etc.) it may take some time for MBAE to uninject its DLL and cause an application "hang". As a workaround, make sure to close all shielded applications before stopping/starting/exiting MBAE.
When opening Word and Excel, MBAE will not show it as protected in the LOG tab.
Webroot may prevent MBAE from injecting its DLL into protected processes.
Sandboxie may prevent MBAE from injecting its DLL into protected processes.
Incompatibility with Comodo may cause unexpected browser behaviour.
Incompatibility with some EMET mitigations may crash certain protected processes.
MBAE might not install correctly under Windows 8.1 Preview.
My initial impression is good: First, the conflict I reported above, about Yahoo Toolbar crashing IE10, indeed appears to have been fixed :emotion-1: IE opens without hanging/crashing. Second, the LOGS tab now is properly showing/reporting an (alleged) exploit detected... AND allowing me to exclude it (e.g. if I believe it's a false positive) from future monitoring. So for the first time, I can successfully exclude the Lotus iNotes .dll detection that had been ongoing since the earliest versions of "Exploit Shield".
As I continue to use/test this product, I'll report back if I notice anything more. Hopefully, I won't see/have any more issues with it [Fingers crossed].
Second impression: A bug? Despite successfully adding the Lotus iNotes .dll file to the EXCLUSIONS list, MBAE still objected to this file when I tried to access it again after rebooting :emotion-7:
Not that I have an aversion to beta testing, but these days I'm restricting it to my old XP system first. Rather than risk Win 7. And XP has enough glitches already, possibly related to all the tests I've run over the years.
Thanks for the continued updates. It's an interesting program.
Joe, I'm just glad to see that someone's still following this tread... it's been a long while since Hernan & RedDawn posted above... and I was beginning to wonder if I was "talking to myself" :emotion-5:
---------------------------------------
"these days I'm restricting [beta-testing] to my old XP system first."
In theory, I agree with you there... it's the prudent move. However, my wife is away on vacation, and she took the power-pack that fits my XP system (as well as hers)... leaving me with just my Win7 system here. So I'm kinda forced to experiment [what I consider to be within reason] on my Win7 system.
--------------------------------------
"It's an interesting program."
Indeed, it definitely is. What I like about MBAE (as with EMET) is that it is (/they are) "behavior based", not needing continual definition updates... and more importantly, both attempt to address and stop UNKNOWN [yet-to-be discovered] 0-day exploits that can bypass "traditional" protection [such as one's anti-virus]. I also am keen on the fact that it's now being developed by people working with/for MalwareBytes, for which I have the greatest respect/admiration. If it were anyone else, I wouldn't be so eager to beta test for them.
=======================
Finally, the "flaws" that I'm still encountering --- e.g., issues with Lotus iNotes e-mail attachments --- seem relatively minor... I can live with this. When there was a MAJOR issue (in build 1400) that prevented me from opening IE (with Yahoo toolbar), I quickly reverted back to a prior build (1200)... which worked well (and which, fortunately, I had the foresight to save). I have not recently noted any conflicts with EMET (if I ever really did)... and I am now keenly aware not to try to disable MBAE while applications (like IE) are open.
Joe, I'm just glad to see that someone's still following this tread... it's been a long while since Hernan & RedDawn posted above... and I was beginning to wonder if I was "talking to myself" :emotion-5:
Hi David.
I am also following the thread here and in the Avast! forums; However I am not testing the program. I am going through some situations down here (personal):emotion-39: that do not give me too much free time so I am giving what I can in the Spanish Forum at Avast! where I am needed more.
FWIW, I've reverted back [again] to build 9.2.1200:
My IE10 has crashed 3 times in the two days since I updated MBAE to 9.3. I'm not saying that MBAE was necessarily the cause... it may be completely coincidental. Event Viewer asserts the faulting modules as being ntdll.dll, comctl32.dll, and mshtml.dll in these 3 instances.
Since the EXCLUSIONS list in 9.3 was NOT functioning properly [and since the Yahoo toolbar fix in 9.3 was over a bug introduced in build 9.2.1400], I saw no reason to keep using 9.3 if there was even a small possibility that it was causing the recent instability in IE.
We are pleased to announce the release of Malwarebytes Anti-Exploit 0.09.4.1000.
This new beta release incorporates the first batch of important stage 1 anti-exploit techniques in order to detect and block exploits at an earlier stage. These techniques, combined with the existing layer of stage 2 anti-exploit techniques, make Malwarebytes Anti-Exploit the most complete anti-exploit solution in the market.
In addition we have improved the memory protection techniques quite a bit which has resulted in improved performance, stability and compatibility with shielded applications.
Included in this release is a new “Exploit-Test” program which allows users to verify that Malwarebytes Anti-Exploit is working correctly. The program can be found under C:\Program Files\Malwarebytes Anti-Exploit\mbae-test.exe. The program incorporates two buttons. The first launches the Windows Calculator (calc.exe) in a normal way and the second one uses a common exploit technique to launch calc.exe. If Malwarebytes Anti-Exploit is installed and running correctly only the first one should be allowed to execute and the second one should be blocked. Please keep in mind that Exploit-Test is not malicious in nature and it will not harm your computer.
This “Exploit-Test” utility has the added benefit that you can use it to test third-party antivirus or security software to see to what extend they really protect proactively and generically against exploit techniques. We have made a video against the top security vendors and as you can see they do not fare well in this respect. Click here to see the video of the Exploit-Test in action.
Finally Malwarebytes Anti-Exploit 0.09.4.1000 incorporates bug fixes for issues with IE10, Google Chrome and Silverlight and Netflix thanks to the improved memory protection techniques.
Upgrade instructions
Close all shielded applications (browsers, Word, Adobe, etc.)
Close MBAE by right-clicking on the traybar icon and choosing Exit.
From Control Panel, uninstall the previous version.
Sometimes the icon disappears from the traybar after reboot even if mbae.exe is running. As a workaround, run TaskManager or ProcessExplorer as administrator and "kill" the process mbae.exe/mbae64.exe and then run Malwarebytes Anti-Exploit from Start, Programs, Malwarebytes Anti-Exploit.
When Stopping/Starting or Exiting MBAE while a shielded application is open and injected by MBAE (browsers, Adobe, etc.) it may take some time for MBAE to uninject its DLL and cause an application "hang". As a workaround, make sure to close all shielded applications before stopping/starting/exiting MBAE.
When opening Word and Excel, MBAE will not show it as protected in the LOG tab even though they are correctly protected.
Sandboxie may prevent MBAE from injecting its DLL into protected processes.
Incompatibility with Comodo may cause unexpected browser behaviour.
Incompatibility with some EMET mitigations may crash certain protected processes.
MBAE does not install correctly under Windows 8.1 Preview.
Remark: I've just installed the latest MBAE on a Win7x64 SP1 system, and no obvious problems (yet?). The previous version wasn't happy with some Excel spreadsheets I was using on this machine... fortunately, it appears this issue has been corrected :emotion-1: . I'm now interested in testing it on my other computer, where it had been inducing crashes in IE. I'll report back should I encounter any issues.
Update: Having used this latest version of MBAE for several days now, I have to say it's working quite nicely so far. The only significant issue I've encountered --- which has been long-known --- is that shielded applications (e.g. IE) can crash if you start/stop/exit MBAE while they're running... and so I know not to do that now. I have not recently encountered any conflicts with EMET nor KeyScrambler. Likewise, I have not experienced any obvious problem in my limited use of Sandboxie... but since that seems to be commonly reported, I don't want to offer an "all's clear" here. Just one "insignificant" problem: The mbae-default.log file is missing line separators (CR/LF), so its contents appear as one super-long line of text.
We are pleased to announce the availability of Malwarebytes Anti-Exploit 0.09.4.2000 [BETA].
The main objective of this version is compatibility with Windows 8.1. In addition this new version includes small bug fixes with the logging facilities, mainly the persistence of the Log entries in the UI after reboots and the inclusion of line breaks in the mbae-default.log logfile.
Upgrade instructions
Close all shielded applications (browsers, Word, Adobe, etc.)
Close MBAE by right-clicking on the traybar icon and choosing Exit.
From Control Panel, uninstall the previous version.
MBAE 0.9.4 (beta) has EXPIRED --- if you have and continue to use it, it may completely block your browsers from opening!!!
It has been replaced by another beta version, 0.09.5.0250:
The changelog is the following:
• Added new techniques for protection from stage1 exploits. • Added new techniques for protection from stage2 exploits. • Added new technique for stage1 and stage2 memory protections. • Added new hooking of certain Windows 8.x specific functions. • Added more verbose logging. • Fixed bug with Acrobat Reader shield. • Fixed bug installing MBAE in x64 systems where WinDir is in non-C drive. • Fixed bug "missing MSVCP100D.DLL" when uninstalling MBAE. • Fixed bug with excluding HitmanPro.Alert upgrades. • Fixed bug with negative shielded applications counter. • Fixed issue with Chrome extensions crash when stopping/starting MBAE.
iroc9555
2 Intern
•
1K Posts
0
June 20th, 2013 21:00
Trials and tests can be followed here: http://forums.malwarebytes.org/index.php?showforum=126
ky331
3 Apprentice
•
15.6K Posts
0
June 21st, 2013 09:00
Several other people are also reporting that Anti-Exploit is blocking IE10 from opening (Win7x64), so again, I reiterate that one should preferably wait before downloading/installing this program. If you still wish to go ahead and try things, proceed at your own risk!
ky331
3 Apprentice
•
15.6K Posts
0
June 22nd, 2013 06:00
Build 0.9.2.1200 [BETA] has been released, and I can confirm IE10 now opens on Win7x64 systems :emotion-1:. A critical step in the right direction!
Changelog:
================================
I don't believe the BETA version is "ready for prime time" usage... but those who are interested in carefully TESTING it are now in a much better position to do so.
The main problem I've just encountered is that if I stop/start AntiExploit while IE is open/running, it can crash IE. (I'm not sure if this was merely a IE+AntiExploit conflict, or if EMET (*) might have been a contributing factor here, as EMET (*) simultaneously generated a DEP error alongside the AntiExploit+IE crash.) [But it appears that if I start/stop AntiExploit with IE closed, there's no issue.] Again, anyone contemplating testing this, proceed with caution!
================================
Update: After a day or two of testing, I believe this build is test-worthy (for those who are curious and willing to "play"). I believe all my conflicts/issues with it have been 1) EMET (*) related (which means most of you, who don't use EMET, wont experience this), and 2) Lotus iNotes attachment related (so likewise, most people won't encounter this). I have reported my experience/findings to the developer.
Basically, the program simply resides in the background, and shouldn't alert you unless/until it intercepts (what it believes to be) an exploit. If it can stop java exploits (while allowing legitimate applets to run), that alone might be reason to consider this program. [Since I don't have java on my systems, I'm not in a position to test this. And I don't see (even temporarily) installing java for the sake of testing.]
================================
(*) Revised Update: After further testing, I'm inclined to believe EMET is NOT a factor/conflict in crashing IE (by STOPping MBAE while IE is open)... I believe the fault lies wholly in MBAE.
ky331
3 Apprentice
•
15.6K Posts
0
June 25th, 2013 06:00
The following was copied/pasted from http://forums.malwarebytes.org/index.php?showtopic=128122 :
List of known issues for Malwarebytes Anti-Exploit [as of 21 June]
============================================================================
Comments:
As described above in this thread, I've definitely experienced #3, "crashing" IE. Granted, closing all shielded applications before stopping MBAE may avoid the crash. But if I'm in the middle of surfing, and I detect a problem I believe is MBAE-related, I would like to be able to (temporarily) stop MBAE to continue my work [and test my theory], rather than having to exit IE, stop MBAE, and then first begin my surfing session from scratch.
I believe I've also experienced #2, and perhaps #4 as well. I wonder about #10, but I believe (especially after seeing #3 documented) that my particular issue was independent of EMET.
[I have not tested MBAE+Sandboxie, nor MBAE+Chrome... and currently have no plans to do so.]
Despite all these known issues, I am amazed how "quietly" MBAE is running in the background. So I will continue to "use" (i.e., TEST) it --- carefully --- focusing on its potential rather than its (current) flaws.
ky331
3 Apprentice
•
15.6K Posts
0
June 25th, 2013 17:00
While I'm very encouraged with what I see in MBAE under Win7, I can't say the same for my XP experience:
On my XP system with only 1 GB RAM, after installing MBAE, it seemed to induce a "memory leak" in my browsers, both IE and FF, so that they were continually increasing in size, "eating" all the RAM, and ultimately expanding into the SWAP file... to the point that browsing became so slow as to be useless :emotion-7: .
Upon UNinstalling MBAE, that system became viable again.
So I have to wonder: Is there a real connection/problem here [which needs to be fixed], or was my experience a fluke? I have relayed my findings to the founders.
Update: They've replied that they've never encountered this issue... so unless/until someone else has a similar experience, I may have to dismiss this as being a fluke of my aging XP system. (They're willing to help more... but there's only so much I want to try on that system.)
ky331
3 Apprentice
•
15.6K Posts
0
July 4th, 2013 04:00
Hey RD,
I enjoy testing programs of this nature... and hopefully increasing my system's security in the process.
Of course, when you look at everything I'm using (per my updated signature), one has to wonder whether I've reached the point of overkill :emotion-15:. I'm sure there's some overlap... perhaps a lot. But the bottom line is: 1) first and foremost, no [significant] malfunctions nor conflicts ; and 2) no [noticeable] slowdowns in my system's functioning. As long as that's the case, I see no reason to rid myself of anything.
I can't recall having any infections. Which begs the point: what, if anything, has my security setup actually prevented? Or has it been more a matter of disciplined safe-surfing? [Yes, on rare occasions, avast's web shield (or even more rarely, MBAM's web blocking) might pop up saying they've prevented something they believe to be malicious...]
----
For MBAE itself: I no longer believe it was the culprit in the memory leak on my XP system, which was the only "serious" issue I was worried about. The fact that it can crash IE if I stop MBAE while IE is open, is annoying... but knowing that, I no longer attempt it. ( And there really shouldn't be an actual need to do so.)
I like how it just sits there silently... presumably protecting me... but without being obvious at all.
As for Sandboxie, I've read lots of complaints about it vs. MBAE. I don't use Sandboxie regularly... maybe I'm being naïve, but with all the other security programs I'm running, with my focus on safe-surfing, and the fact that I haven't incurred malware issues in so proceeding, makes me hope that I can run without regular sandboxing. In fact, the main time that I'll invoke sandboxie is if there's some link I'm unsure about, but which I feel there's a need to pursue: in such a case, I'll do so sandboxed. In my minimal use of Sandboxie, I haven't "seen" a conflict with MBAE. But I really haven't paid attention to the details of what people are reporting there... and presumably if I did, I would be able to recreate the issue. But for people like you, who regularly use (and advocate) Sandboxie, I can certainly see bypassing MBAE unless/until the conflict is resolved.
ky331
3 Apprentice
•
15.6K Posts
0
July 12th, 2013 17:00
Malwarebytes Anti-Exploit 0.9.2.1400 (BETA)
New Features:
• Fixed false positive when downloading a binary file under Chrome.
• Fixed crash when opening Chrome under certain configurations.
• Fixed false positive when opening MS Word with certain add-ins.
• Fixed error opening Word/Excel files under certain configurations.
• Improved upgrade mechanism when installing on top of older versions.
• Added full version number to the main interface.
• Minor interface improvements.
==============
CAVEAT: In my preliminary testing, I have found this newest version to have incompatibilities with Internet Explorer (10 on Win7x64 Pro; and 8 on WinXP Pro)... which might be related to my having/using the Yahoo toolbar. On that basis, I was forced to UNinstall build 1400, and revert back to build 1200 [which has been working reasonably well for me].
ky331
3 Apprentice
•
15.6K Posts
0
August 9th, 2013 04:00
DISCLAIMER: A new version of MBAE (still in BETA) has been released. These most recent versions are trying to add "more advanced memory protection to block exploits at" earlier stages of potential infection. I HAVE NOT YET TESTED IT. But I want to remind everyone that I have encountered several issues with prior builds... which, for example, forced me to revert from 09.2.1400 to 09.2.1200 (as noted in the preceding post). If you wish to try/TEST this, do so with CAUTION.
The following was copied/pasted from http://forums.malwarebytes.org/index.php?showtopic=130688 :
Malwarebytes Anti-Exploit 0.09.3.1000 is available for download
Changelog
Upgrade instructions
Known Issues
===========================================================
My initial impression is good: First, the conflict I reported above, about Yahoo Toolbar crashing IE10, indeed appears to have been fixed :emotion-1: IE opens without hanging/crashing. Second, the LOGS tab now is properly showing/reporting an (alleged) exploit detected... AND allowing me to exclude it (e.g. if I believe it's a false positive) from future monitoring. So for the first time, I can successfully exclude the Lotus iNotes .dll detection that had been ongoing since the earliest versions of "Exploit Shield".
As I continue to use/test this product, I'll report back if I notice anything more. Hopefully, I won't see/have any more issues with it [Fingers crossed].
===========================================================
Second impression: A bug? Despite successfully adding the Lotus iNotes .dll file to the EXCLUSIONS list, MBAE still objected to this file when I tried to access it again after rebooting :emotion-7:
joe53
2 Intern
•
5.8K Posts
0
August 9th, 2013 10:00
You are a braver man than I am, ky!
Not that I have an aversion to beta testing, but these days I'm restricting it to my old XP system first. Rather than risk Win 7. And XP has enough glitches already, possibly related to all the tests I've run over the years.
Thanks for the continued updates. It's an interesting program.
ky331
3 Apprentice
•
15.6K Posts
0
August 9th, 2013 12:00
Joe wrote: "Thanks for the continued updates."
Joe, I'm just glad to see that someone's still following this tread... it's been a long while since Hernan & RedDawn posted above... and I was beginning to wonder if I was "talking to myself" :emotion-5:
---------------------------------------
"these days I'm restricting [beta-testing] to my old XP system first."
In theory, I agree with you there... it's the prudent move. However, my wife is away on vacation, and she took the power-pack that fits my XP system (as well as hers)... leaving me with just my Win7 system here. So I'm kinda forced to experiment [what I consider to be within reason] on my Win7 system.
--------------------------------------
"It's an interesting program."
Indeed, it definitely is. What I like about MBAE (as with EMET) is that it is (/they are) "behavior based", not needing continual definition updates... and more importantly, both attempt to address and stop UNKNOWN [yet-to-be discovered] 0-day exploits that can bypass "traditional" protection [such as one's anti-virus]. I also am keen on the fact that it's now being developed by people working with/for MalwareBytes, for which I have the greatest respect/admiration. If it were anyone else, I wouldn't be so eager to beta test for them.
=======================
Finally, the "flaws" that I'm still encountering --- e.g., issues with Lotus iNotes e-mail attachments --- seem relatively minor... I can live with this. When there was a MAJOR issue (in build 1400) that prevented me from opening IE (with Yahoo toolbar), I quickly reverted back to a prior build (1200)... which worked well (and which, fortunately, I had the foresight to save). I have not recently noted any conflicts with EMET (if I ever really did)... and I am now keenly aware not to try to disable MBAE while applications (like IE) are open.
iroc9555
2 Intern
•
1K Posts
0
August 11th, 2013 09:00
Hi David.
I am also following the thread here and in the Avast! forums; However I am not testing the program. I am going through some situations down here (personal):emotion-39: that do not give me too much free time so I am giving what I can in the Spanish Forum at Avast! where I am needed more.
Regards and keep the wood work:emotion-11:
ky331
3 Apprentice
•
15.6K Posts
0
August 12th, 2013 05:00
FWIW, I've reverted back [again] to build 9.2.1200:
My IE10 has crashed 3 times in the two days since I updated MBAE to 9.3. I'm not saying that MBAE was necessarily the cause... it may be completely coincidental. Event Viewer asserts the faulting modules as being ntdll.dll, comctl32.dll, and mshtml.dll in these 3 instances.
Since the EXCLUSIONS list in 9.3 was NOT functioning properly [and since the Yahoo toolbar fix in 9.3 was over a bug introduced in build 9.2.1400], I saw no reason to keep using 9.3 if there was even a small possibility that it was causing the recent instability in IE.
ky331
3 Apprentice
•
15.6K Posts
0
October 16th, 2013 05:00
DISCLAIMER: A new version of MBAE (still in BETA) has been released. I HAVE NOT YET TESTED IT. If you wish to try/TEST this, do so with CAUTION.
The following was copied/pasted from https://forums.malwarebytes.org/index.php?showtopic=134888 :
We are pleased to announce the release of Malwarebytes Anti-Exploit 0.09.4.1000.
This new beta release incorporates the first batch of important stage 1 anti-exploit techniques in order to detect and block exploits at an earlier stage. These techniques, combined with the existing layer of stage 2 anti-exploit techniques, make Malwarebytes Anti-Exploit the most complete anti-exploit solution in the market.
In addition we have improved the memory protection techniques quite a bit which has resulted in improved performance, stability and compatibility with shielded applications.
Included in this release is a new “Exploit-Test” program which allows users to verify that Malwarebytes Anti-Exploit is working correctly. The program can be found under C:\Program Files\Malwarebytes Anti-Exploit\mbae-test.exe. The program incorporates two buttons. The first launches the Windows Calculator (calc.exe) in a normal way and the second one uses a common exploit technique to launch calc.exe. If Malwarebytes Anti-Exploit is installed and running correctly only the first one should be allowed to execute and the second one should be blocked. Please keep in mind that Exploit-Test is not malicious in nature and it will not harm your computer.
This “Exploit-Test” utility has the added benefit that you can use it to test third-party antivirus or security software to see to what extend they really protect proactively and generically against exploit techniques. We have made a video against the top security vendors and as you can see they do not fare well in this respect. Click here to see the video of the Exploit-Test in action.
Finally Malwarebytes Anti-Exploit 0.09.4.1000 incorporates bug fixes for issues with IE10, Google Chrome and Silverlight and Netflix thanks to the improved memory protection techniques.
Upgrade instructions
Known Issues
============================================================
Changelog - Malwarebytes Anti-Exploit 0.09.4.1000
New Features:
Fixed:
==============================================================
For those interested, an ongoing discussion about this tool can be followed here: http://www.wilderssecurity.com/showthread.php?t=354641
==============================================================
Remark: I've just installed the latest MBAE on a Win7x64 SP1 system, and no obvious problems (yet?). The previous version wasn't happy with some Excel spreadsheets I was using on this machine... fortunately, it appears this issue has been corrected :emotion-1: . I'm now interested in testing it on my other computer, where it had been inducing crashes in IE. I'll report back should I encounter any issues.
Update: Having used this latest version of MBAE for several days now, I have to say it's working quite nicely so far. The only significant issue I've encountered --- which has been long-known --- is that shielded applications (e.g. IE) can crash if you start/stop/exit MBAE while they're running... and so I know not to do that now. I have not recently encountered any conflicts with EMET nor KeyScrambler. Likewise, I have not experienced any obvious problem in my limited use of Sandboxie... but since that seems to be commonly reported, I don't want to offer an "all's clear" here. Just one "insignificant" problem: The mbae-default.log file is missing line separators (CR/LF), so its contents appear as one super-long line of text.
ky331
3 Apprentice
•
15.6K Posts
0
October 31st, 2013 05:00
We are pleased to announce the availability of Malwarebytes Anti-Exploit 0.09.4.2000 [BETA].
The main objective of this version is compatibility with Windows 8.1. In addition this new version includes small bug fixes with the logging facilities, mainly the persistence of the Log entries in the UI after reboots and the inclusion of line breaks in the mbae-default.log logfile.
Upgrade instructions
Changelog :
For a "live" (continually updated) list of known issues, see here.
ky331
3 Apprentice
•
15.6K Posts
0
December 31st, 2013 05:00
MBAE 0.9.4 (beta) has EXPIRED --- if you have and continue to use it, it may completely block your browsers from opening!!!
It has been replaced by another beta version, 0.09.5.0250:
The changelog is the following:
• Added new techniques for protection from stage1 exploits.
• Added new techniques for protection from stage2 exploits.
• Added new technique for stage1 and stage2 memory protections.
• Added new hooking of certain Windows 8.x specific functions.
• Added more verbose logging.
• Fixed bug with Acrobat Reader shield.
• Fixed bug installing MBAE in x64 systems where WinDir is in non-C drive.
• Fixed bug "missing MSVCP100D.DLL" when uninstalling MBAE.
• Fixed bug with excluding HitmanPro.Alert upgrades.
• Fixed bug with negative shielded applications counter.
• Fixed issue with Chrome extensions crash when stopping/starting MBAE.
To install, please follow these instructions:
0- Go to https://forums.malwarebytes.org/index.php?showtopic=139353
1- Save the "mbae-setup-0.09.5.0250.zip" attached there to your Desktop, and extract it.
2- Close all browsers and other protected apps (Word, Acrobat, etc.).
3- Uninstall MBAE from Control Panel.
4- Install the new version by running "mbae-setup-0.09.5.0250.exe" from your Desktop.