Emsisoft Anti-Expolit Protection and App Container

[hjlbx]

@Fabian Wosar

Does anyone here at MT know if Emsisoft's newly introduced anti-exploit protection also covers Apps ?

More specifically, does it protect Apps running within the Apps container ?

There is a good reason why I ask such a thing. It appears other anti-exploit solutions do not cover Apps running in the App container.

The case might be that since there are technical differences between Apps and portable executables, it might be unnecessary or technically not possible.

However, the technical side of it I really do not know.

 

[cutting_edgetech]

Which other Anti-Exploits do not cover Apps Container? Are you talking about plugin-container which covers add-ons, and plugins? I'm pretty sure MalwareBytes AE does. Wish I could answer your question about Emsisoft. The last time I tried it they had not rolled out their exploit protection yet.

 

[hjlbx]

Which other Anti-Exploits do not cover Apps Container? Are you talking about plugin-container which covers add-ons, and plugins? I'm pretty sure MalwareBytes AE does. Wish I could answer your question about Emsisoft. The last time I tried it they had not rolled out their exploit protection yet.

I am referring to Windows and Windows Store type Apps.

EMET, HMP.A and MBAE do not cover App container - unless I am missing something.

EMET - add Windows App - no EMET protection
HMP.A - cannot even add Windows App to protections
MBAE - cannot even add Windows App to protections (as far as I remember)

 

[Online_Sword]

MBAE - cannot even add Windows App to protections (as far as I remember)

As mentioned in the following post, you can add WWAHost.exe to protections: https://forums.malwarebytes.org/ind...-are-you-using-with-mbae-premium/#entry841710 .

 

[hjlbx]

As mentioned in the following post, you can add WWAHost.exe to protections: https://forums.malwarebytes.org/ind...-are-you-using-with-mbae-premium/#entry841710 .

Thanks @Online_Sword !! You da man... !!

I never go to Malwarebytes forum. Just not one of my haunts.

But I am also interested in exploit protection of non-WWAHost.exe associated Windows Apps - like Calculator, Video, etc.

 

[Deleted member 178]

HMP.A - cannot even add Windows App to protections

Wrong, you can add windows apps , you have to do it manually

1- open Apps
2- open HMPA mitigation tab > click running Applications
3- select the Apps.

 

[hjlbx]

Wrong, you can add windows apps , you have to do it manually

1- open Apps
2- open HMPA mitigation tab > click running Applications
3- select the Apps.

Huh ?

I try adding Windows Apps - like Calculator, Video, etc.

HMP.A does not list them under Exploit Mitigation > Running Applications.

 

[Azure]

As mentioned in the following post, you can add WWAHost.exe to protections: What custom shields are you using with MBAE Premium - News, Questions and Comments - Malwarebytes Forum .

What profile should one use? I assume it would be either browser or other.

 

[Deleted member 178]

Huh ?

I try adding Windows Apps - like Calculator, Video, etc.

HMP.A does not list them under Exploit Mitigation > Running Applications.

you have to add them manually via "running application" using media mitigation

 

[hjlbx]

you have to add them manually via "running application" using media mitigation

Running Windows Apps do not show in HMP.A list of Running Applications; only portable executables installed outside the Windows App container will show in the list.

I have tried multiple times.

 

[Online_Sword]

What profile should one use?

According to WIndows 8 Store apps - Experimental MBAE Builds - Malwarebytes Forum , I think it is OK to use the browser profile.

 

[hjlbx]

According to WIndows 8 Store apps - Experimental MBAE Builds - Malwarebytes Forum , I think it is OK to use the browser profile.

Technical infos regarding Windows Apps (formerly called Metro Apps) and WWAHost.exe (needed for JavaScript-based apps):

Metro apps | Nexthink Documentation

 

[hjlbx]

There are no straight-forward answers that I can find on this one - and don't feel like spending hour, upon hour, searching various sites.

 

[Deleted member 178]

Running Windows Apps do not show in HMP.A list of Running Applications; only portable executables installed outside the Windows App container will show in the list.

I have tried multiple times.

i think you didn't pay enough attention to my above post, OPEN the app first, THEN HMPA

all my Windows Apps are protected

 

[hjlbx]

I've tried it multiple times. It doesn't work...

 

[Deleted member 178]

something hamper your HMPA and block it to detect the Windows Apps; i guess it is CIS...

CIS is crap

look at mine

 

[Online_Sword]

something hamper your HMPA and block it to detect the Windows Apps; i guess it is CIS...

@hjlbx , have you excluded HMP.A from Comodo's protection against "shell code injection"?

 

[Deleted member 178]

@hjlbx , have you excluded HMP.A from Comodo's protection against "shell code injection"?

i hope he did it, i mentioned to do it my CIS config

 

[hjlbx]

Everyone is missing point...

Calculator.exe is a 32-bit executable that runs outside the Windows App container - it is a portable executable. It's file path is C:\Windows\System32 and C:\Windows\SysWOW64.

Calculator App only runs inside the Windows App container - it is not a portable executable - it is JavaScript-based.

Calculator.exe is NOT the same as Calculator (Windows) App.

One cannot add any apps that run inside the App Container to HMP.A or MBAE. You can add them to EMET, but EMET will not protect them.

 

[Deleted member 178]

this ?

if this one , it is protected

the calc.exe i have in System32 & syswow64 open the window app