Software
Malwarebytes Anti-Exploit.
PROS
Free, very easy to install and use.
Compatible with other security apps (with exceptions).
Very low resources consumption (1-3 MB Ram)
Ability test here: https://support.malwarebytes.org/customer/portal/articles/1833584-how-do-i-know-if-malwarebytes-anti-exploit-is-working-correctly-?b_id=6440
Good known exploit kit detection according to: http://malware.dontneedcoffee.com/2014/06/mbae.html?m=1, but this is a sponsored post.
CONS
Missing the real possibility to test it
against zero day exploit.
Free version limited in my opinion.
BOTTOM LINE
MAE trying to intercept the exploit code before it goes running. It constantly monitors the use of shellcode, that code is the payload that is the fundamental part of a routine for exploiting a software vulnerability.

Software such as MAE, even if valid, cannot provide complete protection alone but must be used with other security software. In addition, although the application provides good protection against most exploit code, in some cases an aggressor may still be able to execute malicious code.
MAE works in retrospect: If the program is activated when certain actions are performed (intercepting certain API calls), it means that you have previously consented to such operations. Is then the ability of MAE to detects suspicious behaviors calls.
MAE is then able to protect software from multiple exploits but that should be used in combination with other security features of the system (for example, DEP and ASLR).
L

LabZero

Hello everyone, this is my review of MAE

Introduction

The exploit is a code that exploits a vulnerability against unsolved software (why not fixed by installing the latest updates or why not yet remedied by application vendor), permits to carry out potentially harmful actions without the user's knowledge, acquire higher privileges or cause DoS attacks.
Exploits that focus on zero-day flaws are more dangerous because they are targeting security holes that are not readily resolvable (generally through installing patches) from users.

Malwarebytes Anti-Exploit (free version) protects against vulnerabilities: Java, Firefox, Chrome, Internet Explorer, Opera and their addons, extensions.

The Premium version of MAE extends its protection to other software including PDF readers such as Adobe Reader, Adobe Acrobat, Foxit Reader, the Office suite,Microsoft Word, Excel and Powerpoint and media players including Windows Media Player, VideoLAN VLC Media Player, QuickTime Player, Winamp Player.
Possibility to add custom protectors.
 
L

LabZero

Sorry but I have not understood what you mean...
I guess you mean mbae will conflict with AV with anti-exploit features, right?
According to the documentation, MAE monitors shellcode by intercepting certain API.
Now I don't know if the AE features of certain antivirus works according to the same principle.
If so there may be conflicts and in this case besides, MAE would not be necessary.
 
Last edited by a moderator:

Solarlynx

Level 14
MBAE is designed to be compatible with EMET. When I used both it was so.

As for compatibility with AV on my PCs MBAE gets along with Avast, Comodo, ZoneAlarm FW, Zemana AL, NovirusThanks ExeRadarPro (though there might be no anti-exploit features I admit). It's better to test it, difficult to predict. MBAE free gives additional layer of protection for browsers and Java - the most insecure threat-gates.
 
Last edited:
L

LabZero

MBAE is designed to be compatible with EMET. When I used both it was so.

As for compatibility with AV on my PCs MBAE gets along with Avast, Comodo, ZoneAlarm FW, Zemana AL, NovirusThanks ExeRadarPro (though there might be no anti-exploit features I admit). It's better to test it, difficult to predict. MBAE free gives additional layer of protection for browsers and Java - the most insecure threat-gates.
EMET is not compatible according to Known Issues & Conflicts - Anti-Exploit Product Support - Malwarebytes Forum
However EMET can be configured to run alongside MBAE Free as per guidance from users.
 
Last edited by a moderator:
D

Deleted member 178

No idea, i never had the chance to have a registered version :p

But people say it is better than MBAE , i just see it has more features, but i dont know in term of effectiveness.
 

jamescv7

Level 61
Verified
Trusted
MBAE works as globally with different techniques for prevention measures against exploit compare to EMET however that reference is way back likely 2 years old and both already enhance to improve contiuously.

Also both can run together as possible.
 

Cch123

Level 7
Verified
Hi, would mbae be compatible with other anti-exploit programs or other antivirus programs with the capability of anti-exploit?
The ROP mitigations of EMET and MBAE would conflict, and it is not advisable to use both at the same time. You will need to disable EMET's rop functionality to prevent conflicts with MBAE's hooks when running both together.

No idea, i never had the chance to have a registered version :p

But people say it is better than MBAE , i just see it has more features, but i dont know in term of effectiveness.
Main advantage of HMP.A over MBAE is that HitmanPro uses last branch tracing for ROP protection, or what it calls "hardware assissted exploit mitigations". This is far more difficult to bypass than the stack based methods used by EMET and MBAE. Hence some would say HMP.A is more secure than MBAE.
 

Solarlynx

Level 14
How about adding Hitman.Alert into your inequalities? :D
I tried only free Hitman.Alert so I have no idea where it stands in the inequalities, sorry.

MBAE works as globally with different techniques for prevention measures against exploit compare to EMET however that reference is way back likely 2 years old and both already enhance to improve contiuously.
I would say MBAE uses additional layers of protection. Techniques (with respect to exploit mitigation) are not so globally different. Though here we might be lost in terms.
 
  • Like
Reactions: Online_Sword