MBAE:  Description of the program, and Frequently Asked Questions

https://forums.malwarebytes.org/index.php?showtopic=136424

Having MBAM Pro, should I consider installing this when it is out of beta, and is it part of MBAM Pro?

Dale,

At present, mbaE (anti Exploit) is completely separate from mbaM (anti Malware).   I don't know if they've made a final decision about whether or not to merge mabE into mbaM... but I don't think so:   by keeping the products separate, they can offer/sell separate licenses for each PRO version.

While this product is still in beta, it has been very stable for the past few months.  If you're interested in testing/using it, I don't think it would hurt to try... worst case, you can always uninstall it if anything doesn't seem right.   You'll notice its icon (an orange shield, with white interior, and some grey symbol) in your system tray... but other than that, it should be completely quiet unless/until it intercepts an exploit.   I am using it along with ALL the programs noted in my signature.  

In terms of duplication of coverage, the only overlapping program would be EMET.   mbaE claims to offer more protection than EMET.   And in some ways/features, it does.   But EMET, via customization (opt-INS) still offers protection of programs that mbaE currently does NOT cover.   So I intend to continue using both, unless/until one of them clearly "wins out" --- or until I encounter a conflict between them.

We are pleased to announce the availability of Malwarebytes Anti-Exploit BETA 0.10.0.1000. 

This new beta build has been in the making for quite some time. We've re-architected the underlying application so it now runs as a standard Windows Service instead of as a stand-alone EXE which used to be launched from the TaskScheduler. This new architecture means that MBAE now works in multi-user environments (multiple logged-on users and server environments) and it also limits the operations that non-admin users can perform. Therefore only admins can stop the protection, clear the logs or add/delete exclusions. There are many benefits to this new architecture, but one of the most visible ones is that it fixes the old disappearing traybar icon bug as well as some application crashes.

For more information (including the download link), see https://forums.malwarebytes.org/index.php?showtopic=143429

Cautionary Remark:  After downloading [and extracting] the new program, be sure to close all browsers and other protected apps (Word, Acrobat, etc.).   [You don't have to disable the existing program... in fact, it may actually be better to leave it running! ]   Uninstall any prior/existing Malwarebytes Anti-Exploit via Control Panel.   Reboot.  And then install the new version by running "mbae-setup-0.10.5.1000.exe".

=============================================================================

Malwarebytes Anti-Exploit 0.10.0.1000 Chang-log:

New Features:
• New architecture runs MBAE as a Windows Service.
• New architecture runs MBAE in multi-user environments.
• New architecture prevents non-admin users from stopping protection.
• New architecture prevents non-admin users from managing exclusions.
• New architecture prevents non-admin users from clearing logs.
• New location for logs and auxiliary files under %AllUsersProfile%.
• New installer handles hot-upgrades to new MBAE versions.
• New installer completely uninstalls MBAE program files.
• Improved Start/Stop buttons have been unified into a single toggle button.
• Improved uninjection technique prevents crashes under certain conditions.
• Improved and less intrusive beta expiration messages.
• Improved GUI details.
• Fixed problem with traybar icon sometimes disappearing.
• Fixed problem when double-clicking on Desktop shortcut icon.
• Fixed an injection hook issue.
• Fixed an issue displaying Flash content under Opera12 x64.

We are pleased to announce the availability of Malwarebytes Anti-Exploit BETA 0.10.3.0100.

This new beta version of the 0.10 architecture comes with many bug fixes and improvements. There's a couple of new applications added to the predetermined list of shields and some new features to get MBAE closer to a commercial release for companies and home users.

New Features:
• Added protection for Office 2010 Starter Edition (cloud version).
• Added protection for Foxit Reader PRO.
• Added support to send alert and service events to syslog.
• Added support for license ID and KEY.
• Added support to manage custom shields via MBAE-CLI.EXE.
• Added reporting of payload URL in mbae-alert.log.
• Updated telemetry library.
• Fixed bug with Windows Updates via IE under Windows XP.
• Fixed bug with Windows 8.1 Update 1.
• Fixed bug with application behavior protection.
• Fixed bug with certain Java exclusions.
• Fixed bug with certain Win7 hooks.
• Fixed bug when upgrading to new version.
• Fixed bug with log timestamps.
• Fixed FP with Excel under certain conditions.
• Fixed FP with Ginger Grammar Checker browser plugin.
• Fixed FP with MacType IE11 plugin.
• Fixed crash condition of Quicktime Player.
• Fixed crash condition of MS Office under rare conditions.

Installation instructions:

If you are installing on top of version 0.10.0.1000 there are no special upgrade instructions. Simply download the new version and install on top of the previous one.

https://forums.malwarebytes.org/index.php?showtopic=148115

=======================================================================

EDIT/Remark:   I had to tweak EMET 4, turning off the SimExecFlow mitigation for IE, in order to allow IE to open.   (MBAE is aware of various conflicts running it along with EMET.)

It was also necessary to turn of SimExecFlow in order to PRINT from Adobe Reader.

"Mixed-bag" of news to report here:

The good:  MBAE is now out of beta, they have a "finalized"/official release 1.03.1.1220

The bad:  The free version only shields the most popular browsers (IE, FF, Chrome, Opera) and their essential add-ons (Java, plug-in container).   

[The BETA version used to shield Office components, .pdf Readers, and Media Players.   But protection for these programs is now limited to the paid/PREMIUM version --- which also allows users to add/customize shields to any other applications they wish to protect.]

Malwarebytes Anti-Exploit 1.03.1.1220

New Features:

• Added new protection techniques for "Operating System Security Bypass Protection" Layer

• Added new protection techniques for "Application Behavior Protection" Layer

• Added ability to enable or disable pre-determined shields

• Added ability to manage (add/delete) custom shields

• Added visual distinction in traybar icon between started and stopped

• Added visual distinction between pre-determined, custom and CLI shields

• Added automatic upgrades to newer versions

• Added distintion between Free and Premium based on license key

• Free version protects browsers, browser add-ons and Java

• Premium version includes all shields and custom shields management

• Improved application termination when an exploit is blocked

• Improved optimizations results in reduced size of MBAE.EXE by 3.5 times

• Changed MBAE logs directory to %AllUsersProfile%\Malwarebytes Anti-Exploit

• Updated end user license agreement

• Fixed bug with GUI flashing for a second before minimizing to traybar

• Fixed bug with certain API hooks

• Fixed bug with unshielding right after installation

• Fixed false positive when playing DVDs in Windows Media Player

The download location has now changed, so please make sure to visit
the main Malwarebytes Anti-Exploit page https://www.malwarebytes.org/antiexploit/
or the Malwarebytes Anti-Exploit Premium page https://www.malwarebytes.org/antiexploit/premium/ .

Malwarebytes: With Anti-Exploit, we'll stop the worst attacks on PCs

Launching its new Anti-Exploit software, Malwarebytes sets out to seal up the most-feared security gaps in browsers, PDF readers, Java, and Microsoft Office.

http://www.cnet.com/news/malwarebytes-finally-unveils-freeware-exploit-killer/

As a reminder:

Full description of the program and FAQ:
https://forums.malwarebytes.org/index.php?showtopic=136424

Known conflicts and issues:
https://forums.malwarebytes.org/index.php?showtopic=135127

"A recent test by China-based PC Security Labs showed that some products are much more effective than others at [blocking exploit attacks:]   Malwarebytes [Anti-EXPLOIT] beat all the rest with a success rate of 93.10 percent."

http://securitywatch.pcmag.com/security-software/326278-can-your-security-software-block-exploit-attacks 

Remark:   Most of the other products tested (aside from HitmanPro.Alert and EMET) were security "suites".   Emphasize that MalwareBytes Anti-EXPLOIT can be run side-by-side with (i.e., complementing) these security suites! :emotion-2:

Disclaimer:   Be advised that Malwarebytes commissioned this test.

Joe,

Thanks for the link to the actual test report.

I see that in my case, the 4 exploits that were NOT blocked by MBAE were in fact successfully blocked by Avast.   Meaning that combination was 100% effective :emotion-2:

===============================================

As a reminder:   The free version of MBAE shields the most popular browsers (IE, FF, Chrome, Opera) and their essential add-ons (Java, plug-in container). 

Interesting to note these tests were performed on XP/sp3 using IE 8, "without any other additional patches". Now that's a pretty unprotected system.

Presumably this was chosen to minimise blocking of exploits by a more protected XP,  later Windows versions, or by IE 11, and to maximise the exploit samples that could be tested against the various anti-exploit products. A total of 58 exploit samples, most from the past 2 years were used.

Secondly, there is no final release of HitmanPro.Alert 3, which is still in beta. PCSL said it downloaded all products from the developers' official websites, but there is no HMP.A 3 available for download from Surfright. It should not have been included in this testing.

Thirdly, only MBAE Premium (not the free version) was tested.

Test details here:
http://pcsl.r.worldssl.net/report/exploit/rce_mitigations_201408_en_malwarebytes.pdf

The following was copied/pasted from https://forums.malwarebytes.org/index.php?/topic/156507-malwarebytes-anti-exploit-10411012/

We are happy to announce the availability of Malwarebytes Anti-Exploit, version 1.04.1.1012!

This version includes a whole new set of exploit detection and blocking techniques, specifically for Layer1 to prevent exploit shellcode and for Layer2 advanced Java and other type of exploit payloads. In addition it improves usability with Desktop-based Java applications and some other usability improvements. The changelog is as follows:

• Added various new layer 1 and layer 2 detection techniques
• Improved various aspects of installation and automatic upgrades
• Improved UI to make it easier to activate Premium
• Improved threat information telemetry
• Improved Java shield to prevent slowdowns and FPs in desktop-based applications
• Fixed FP with Excel addon
• Fixed bug executing Desktop shortcut after install
• Updated hooking framework

In order to download MBAE 1.04 please visit the main Malwarebytes Anti-Exploit page.

Existing users of MBAE 1.03 will receive the automatic upgrade prompt. Initially we will roll this out slowly over the next two or three weeks to make sure the automatic upgrades is working as expected.

-----------------------------------------------------

Remark:   I manually installed it on my (secondary) XP system, to test it out [before it had a chance to automatically update on my (primary) Win7 machine].   So far, so good.