Author Topic: Anybody using Malwarebytes anti-exploit?  (Read 19173 times)

0 Members and 1 Guest are viewing this topic.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 707
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #15 on: July 08, 2015, 08:41:59 PM »
That's the beauty/value of programs like MBAE & EMET: they can often block UNKNOWN 0-day exploits (without needing any specific updating to "look" for them).  We see what MBAE is doing in this instance; and EMET has been documented to have blocked several Reader exploits over the years.

EMET has the longer history... and the backing of being a Microsoft product.
MBAE is newer (in comparison to EMET), and is backed by MalwareBytes.   While it may be possible to "tweak" them to co-exist, via a great deal of perseverance and  experimentation, it's probably best to use only one of them.   And at this point, I'm of the opinion that MBAE has sufficiently matured so as to be the better choice (particularly for those who go for the Premium version).

Note:  EMET requires DotNet, which is a lot to add-on unless you already have DotNet installed for some other purpose.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20873
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Anybody using Malwarebytes anti-exploit?
« Reply #16 on: July 08, 2015, 09:50:54 PM »
EMET is targeted more toward the Enterprise environment.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 428
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #17 on: July 09, 2015, 03:56:42 AM »
Thanks for this post. I am deciding whether to ditch EMET 5.1 and run MBAE instead. One question - how good is MBAE Free as my budget is limited.  :)
IF IT AIN'T BROKE -  DON'T FIX IT

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1458
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Anybody using Malwarebytes anti-exploit?
« Reply #18 on: July 09, 2015, 04:26:53 AM »
I don't see why EMET would only be enterprise-focused. It's easily deployable to make it easier for enterprise customers to implement, but nothing wrong with running it at home.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 707
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #19 on: July 09, 2015, 09:28:11 AM »
The limitation in the free version of MBAE is the list of programs is protects:   it covers most major browsers (such as IE, FF, Opera, Chrome, & Palemoon), including their add-ons (e.g., Flash); and it also covers Java (even outside browsers).   But that's it.

The paid version extends default coverage to .pdf readers (Adobe & Foxit), Office (Word, Excel, Powerpoint), and MediaPlayers (Windows MP, Quicktime, Winamp & VLC).   But more importantly, the paid version allows you to add protection for ANY programs you wish it to cover (for example, OpenOffice).

Since you're already running EMET, you know that it comes with a long list of programs it covers by default, as well as the ability to add any others programs that you wish to add.   All free.


Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1294
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #20 on: July 09, 2015, 12:39:03 PM »
Quote from: Aaron Hulett
I don't see why EMET would only be enterprise-focused.
I note Corrine said, "EMET is targeted more toward the enterprise environment.", not "only for".

I agree that there is nothing wrong with running it on a home system, but I note even you mention "deploying" the program - and that is not a term typically used when "installing" a program at home. And if you look at the Support KB it puts the most emphasis on "deploying across the enterprise" too.

But the kicker is when you look at the EMET homepage (http://www.microsoft.com/emet) linked in that Support KB, the big banner states, "Protect Your Enterprise".

So I agree with Corrine and enterprise environments is EMET's primary focus.



Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1458
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Anybody using Malwarebytes anti-exploit?
« Reply #21 on: July 09, 2015, 07:21:50 PM »
Thanks, seems we're on the same page.

Offline Metallica

  • Malware Experts
  • Full Member
  • *****
  • Posts: 104
    • View Profile
    • Metallica's blog
Re: Anybody using Malwarebytes anti-exploit?
« Reply #22 on: July 09, 2015, 07:33:11 PM »
MBAE is pretty much set and forget, while it is my understanding that EMET needs a more experienced type of user.
I have set MBAE to show notification tooltips when protection kicks in or I would actually forget it's there.
And in some cases it proetcts you without actually having to do something itself. :)

As you would expect I will highly recommend it. ;)

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7436
  • Liverpool FC - YNWA
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #23 on: July 09, 2015, 08:11:09 PM »
And in some cases it proetcts you without actually having to do something itself. :)

That's way cool  :thumbsup:
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 707
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #24 on: July 09, 2015, 08:37:22 PM »
"MBAE is pretty much set and forget..."

I would concur with the above assertion for MBAE 1.05.x and earlier.   Basically, you downloaded/installed the program, and there was nothing more to do... it just sat there, running quietly, unless/until it intercepted an exploit.

However, versions 1.06.x (and the current 1.07.x)
     •Added configuration for general settings; and further
     •Added advanced configuration of mitigations per family.
The advanced settings, in particular, offer complexity comparable to that of tweaking EMET, by enabling/disabling specific types of exploit monitoring (e.g., Anti-HeapSpraying Enforcement), which can be configured separately for various categories of programs (e.g., you can enable the former in non-Chrome browsers, while disabling it in Office products).  Granted, one can (and indeed, most likely does) simply accept the default configuration... and the same (accepting defaults) can likewise be done with EMET.   But once you get involved with changing any of the defaults, I believe it's just as complicated as it would be tinkering with EMET.

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 428
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #25 on: July 09, 2015, 11:40:20 PM »
Thanks for everyone's comments. I will stick with EMET for now. I would prefer MBAE and will have to see how deep my money bag is. I don't want all bills to come at once. I will have a look at the cost and if it is a yearly payment. I already run MBAM but it is a lifetime licence. :)
IF IT AIN'T BROKE -  DON'T FIX IT

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #26 on: July 10, 2015, 12:06:51 AM »
Thanks for this post. I am deciding whether to ditch EMET 5.1 and run MBAE instead. One question - how good is MBAE Free as my budget is limited.  :)

Hi Pierre75, I've been using MBAE "Free" (alongside Norton 360) on my Windows 7 64-bit laptop for quite some time now, and as others have noted, it simply runs quietly in the background (I just use the default settings). It blocked two exploits attempting to infiltrate via my Pale Moon browser. I've experienced no problems or conflicts with the software. Seems to work great, and quietly. I mostly forget that it is even running.
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 428
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #27 on: July 10, 2015, 12:32:43 AM »
HI JD, I will give it a shot with MBAE. I will have to remove EMET as there is a conflict between the two. Thanks for that hint.  :thumbsup:
IF IT AIN'T BROKE -  DON'T FIX IT

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #28 on: July 10, 2015, 01:33:22 AM »
Most welcome! I hope that MBAE works well with your setup.

Best regards!
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 428
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #29 on: July 10, 2015, 05:11:01 AM »
That did not work too well. I don't know if it does not like Microsoft Security Essentials Beta or LastPass but the latter fell over and I had to recover all my passwords from a csv file. Even the master password was gone but I have recovered from the mess. Now back to where I was this morning but may just have a look at MBAM forums to see if there is a mention of this. Never mind - lesson learnt. :) :thumbsup:
IF IT AIN'T BROKE -  DON'T FIX IT