I use "hmpalert64-test.exe" test VS, did not see the interception.
How should I test is correct?
I can't find a Malwarebytes test tool.Honestly it's quite hard to test anti exploit for every programme, thats why the vendor normally provides a safe test to see if the protection is working, as you know HMP has one, and I know that malwarebytes has a programme to test their anti exploit too. Maybe you can try that?
Thank you for your reply.Here you can find the MalwareBytes AntiExploit test file, but I'm not sure it gets detected by VS because, as for "hmpalert64-test.exe" these tests seem "made to measure".
It sounds like the previous ANI virus.VoodooShield antiexploit feature does not stop exploits in memory. It only blocks the exploit from dropping any binary payload by not allowing applications on the "Web Apps List" to spawn child processes. If I remember correctly this feature also prevents executables in the user-space from dropping payloads into Program Files Folders. The feature is only a policy based restriction mitigation being used with whitelisting. Blocking exploits in memory can lead to incompatibility with other products, and it takes a lot of development hours to maintain this type of feature.
I have a .jar file that drops a hidden payload into Program Files, and then executes. The payload is harmless, but it can drop any payload into Program Files Folders. It can drop crypto-malware, trojans, etc. It may be able to drop payloads into System space also, but i'm not sure. If the user clicks on the .jar file it does the rest on it's own. .Jar files are archives, and portable java applications. The .jar file I have bypassed most AE solutions at the time because they did not monitor the command lines of javaw.exe. It bypasses AppGuard with default settings. If you Guard javaw.exe then AG will block the payload from writing to Program Files Folders because Guarded applications are not permitted to write to Program Files Folders, or System Space. Voodoo Shield anti-exploit feature is suppose to block threats like these. There is a lot more that could be done with this feature.
Edited 11/23 @ 9:14
oh i see.HMPA, and MBAE will not detect an exploit unless the application is vulnerable to being exploited. If the application on your machine has been patched then the exploit will not be able to run, and therefore there is nothing for HMPA, or MBAE to detect. What application on your machine does the exploit target? I can't read hànzì, or kanji. Are you sure the application has not been patched with an update?