Author Topic: Anybody using Malwarebytes anti-exploit?  (Read 19175 times)

0 Members and 1 Guest are viewing this topic.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 613
    • View Profile
Anybody using Malwarebytes anti-exploit?
« on: June 30, 2015, 06:19:07 PM »
It's not an anti-virus program as stated on there site, it is a program that helps protect against browser exploits and pretty much covers all of the major browsers. It does at this point even work in the current Win 10 preview, but not built to support Edge, which is still being fined tuned. It runs a small footprint without using much resources. I have been using it for awhile, but haven't come across any blocked exploits.

https://www.malwarebytes.org/antiexploit/

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7436
  • Liverpool FC - YNWA
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #1 on: June 30, 2015, 06:31:50 PM »
I installed it on one of my boxes as a test, it's never 'caught' anything, but I'm not really surprised by that given how locked down the computer is  :D
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 707
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #2 on: June 30, 2015, 07:04:48 PM »
I've been using it for quite a while now.   No, it's not actually "caught" anything for me either, as I too tend to have a highly secured system (and also strive to "surf safely").   But it has the potential to catch the UNknown nasties, such as many zer0-day exploits in Flash that are now going around, and that's what makes it an important program.

For me, the more sensitive issue was/is potential conflicts.   I'm using Microsoft's EMET, which has been around much longer than MBAE, and typically overlaps what MBAE is protecting.   As such, I either have to tweak one (or both) to gain compatibility, or else, more simply, decide to use only one of these two.

So my advice would be --- since you're already running it (presumably without having an overt problem/conflict) --- that you continue to keep it around.   Hopefully, it will never have to intercept/prevent an exploit... but if it ever does so, even once, it may be tool that saved your system.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1294
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #3 on: June 30, 2015, 07:39:43 PM »
I am the same as above. I installed it a few months ago and actually forgot about it until now. That means it has never brought attention to itself either by tagging something, or bogging my system down.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 568
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #4 on: June 30, 2015, 08:27:31 PM »
I tied it in the early days, but had to many conflicts, and uninstalled it. Not bothered with it since
Win 7 Home Premium  IE11 MSE  Mbam Pro

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 613
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #5 on: July 01, 2015, 02:03:49 PM »
I haven't had any conflicts on any computer it is installed on, or any other anti-virus software. Early versions were probably still beta. As many here have said, nothing blocked or noted, because of secure systems and common sense browsing.

I do a free program that I try help a number of senior citizens protect there systems. They can sometimes become easily confused. Some are well into there eighties, brave enough to tackle the world wild web, so anything I can find that can help protect them further.

Examples are:  genealogy research, which requires many hours of searching. If this is an additional layer of protection that may help them, so be it.

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #6 on: July 01, 2015, 03:44:39 PM »
I've had it installed for quite some time now on my Windows laptop at my office. Two or three weeks ago the program suddenly popped up a warning window (sorry for lack of details, as I was busy working and had time to investigate further). Regardless, the pop-up window said something like "Malwarebytes Anti-exploit has blocked an intrusion attempt by Pale Moon" (the browser that I had open at the time).

That gave me food for thought as to whether or not I should be using the PM browser. I looked at the pop-up window a few more seconds, shrugged my shoulders, and went on with my day. I remember thinking to myself at the time "Gee, glad I installed that Malwarebytes program." Still using PM, and no more pop-up windows since then.

So what was that all about? I wonder! Hmmmm, hmmmm ...
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #7 on: July 01, 2015, 03:50:47 PM »
I meant "..I was busy working and had NO time to investigate further.."
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 707
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #8 on: July 01, 2015, 04:00:14 PM »
"an intrusion attempt by Pale Moon", or "an intrusion attempt (by something else injecting itself) in Pale Moon"?   I'm assuming the latter.

There's no reason why you shouldn't be using PaleMoon, if that's your preferred browser.

The more recent versions of MBAE (e.g. 1.07.x) are offering more detailed descriptions of the intercepted exploits, and greater ability to "tune" these detections, for those who may find them problematic.

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #9 on: July 01, 2015, 04:47:11 PM »
"an intrusion attempt by Pale Moon", or "an intrusion attempt (by something else injecting itself) in Pale Moon"?   I'm assuming the latter.
I would also assume the latter.

Pale Moon already has features from EMET baked in, making EMET + Pale Moon overkill and likely to conflict occasionally; I've yet to see any such problems using MBAE + Pale Moon. I've been using MBAE for a year or more with Pale Moon yet I could only manage a few days with any of the last 3+ versions of EMET before hitting problems.

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #10 on: July 01, 2015, 11:42:31 PM »
"an intrusion attempt by Pale Moon", or "an intrusion attempt (by something else injecting itself) in Pale Moon"?   I'm assuming the latter.

There's no reason why you shouldn't be using PaleMoon, if that's your preferred browser.

Sadly, I was too busy at that time to give the pop-up window much notice, other than to recognize that something malicious had been block by the anti-exploit program. However, pretty sure that it said "Blocked an exploit attempt by Pale Moon". Could be wrong. I should have taken a snapshot of the pop-up window.

Typing this message today via the PM browser. I started using PM a long time ago because Corrine mentioned here that she likes it. The anti-exploits pop-up was surprising to me. The first and last warning that I've ever had from that program.
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #11 on: July 02, 2015, 12:38:17 AM »
Helps to sometimes read the "Logs", I suppose. ;)

"Description: An exploit code has been blocked in Pale Moon" ("in" being the key word, it appears)

Interestingly, that is the only data in the "Logs" tab, yet the General tab reads as follows:

Shielded applications:           1
Blocked exploit attempts:      2
Version:                                 1.06.1.1019


I have no idea what "Shielded applications" means, and it states 2 blocked exploit attempts. Yet the log only shows 1. Also, I cannot find any way to update to the newest release via the tabs.
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline JDBush61

  • Hero Member
  • *****
  • Posts: 4654
    • View Profile
Re: MalwareBytes Anti-EXPLOIT (MBAE)
« Reply #12 on: July 02, 2015, 12:43:59 AM »
Just downloaded and installed the new version of MBAE. Much thanks!
"In an age when mass society has rendered obsolete the qualities of individual courage and independent thought, the oceans of the world still remain, vast and uncluttered, beautiful but unforgiving, awaiting those who will not submit. Their voyages are not an escape, but a fulfillment."

~ THE SLOCUM SOCIETY ~

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #13 on: July 02, 2015, 10:54:31 AM »
"Description: An exploit code has been blocked in Pale Moon" = as PM is a "Shielded application", anything potentially malicious loaded/trying to load inside PM will be treated the same; navigate to a web page 'loaded' with an exploit kit (Don't try this!) and you would probably receive multiple exploits being detected/blocked by MBAE yet described as "... blocked in Pale Moon".

The browser/pdf viewer/etc. is the innocent conduit in these attacks, the greater the number of exploitable Plugins etc. (Java, Flash + Adobe Reader etc.) there are loaded within the browser, the greater your chances are of seeing multiple blocked attempts.

By default (as I understand it) MBAE sends in reports of the URLs where these exploits were found, this data should enable MB to further refine MBAE and they should also lead to further active/passive blocks being added to the Pro version of MBAM and the hpHosts file and these detections will also be relayed to other reputable security companies.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7436
  • Liverpool FC - YNWA
    • View Profile
Re: Anybody using Malwarebytes anti-exploit?
« Reply #14 on: July 08, 2015, 07:22:25 PM »
According to this blog, it would have intercepted the Flash Zero-Day exploit that Adobe patched today with 18.0.0.203:

https://blog.malwarebytes.org/exploits-2/2015/07/neutrino-ek-leverages-latest-flash-0day/
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member