Hello,
Anti-Exploit can only do so much. In fact, an exploit could have been made to exploit both the Anti-Exploit software as well as then target the executable to exploit which the Anti-Exploit feature was meant to be protecting.
I recommend sandboxing your browser to isolate drive-by download attacks, as well as test out any newly downloaded programs in the sandbox before allowing them on your system (for all you know, a trusted website you know of could have been vulnerable and attacked by an attacker, replacing the program download with a link to the infected copy, yes, this does happen in the real world, maybe not as common as you'd believe).
You can use Sandboxie for running programs you are unsure of, you can use Anti-Exploit on your main system alongside sandboxie. This is a good idea because if the software has the servers hacked and the downloads changed and a false update released containing a copy with malicious bytes in the executable (meaning malicious code is attached to the executable which at some point will be executed), if it is an exploit, Anti-Exploit software may be able to protect you from this.
Sorry if my examples might seem like they'll never happen to you, but it's always a possibility.
I recommend using a sandbox as well as software which uses exploit mitigation techniques. If you're using Antivirus/Internet Security software which already has exploit mitigation techniques such as ESET, then another Anti-Exploit is not required, and in the worst case they may just have issues both trying to do their job (regardless of whitelisting). If you are using Antivirus/Internet Security software which does not make use of exploit mitigation techniques, then you may find using Anti-Exploit software useful to help protect you.
As an example:
You have Antivirus software, the virus definition database is up-to-date, however it does not have any anti-exploit capabilities. You are not running anti-exploit software. You find an email, with a Word document attached called "parents-evening-report.doc", and you have a child so you assume it's from your school (if you are not very knowledgable with email). You open it. It's really a document containing an exploit which uses a vulnerability in Microsoft Word to download ransomware loader. The loader is then executed in the background which injects into a legitimate program running on your system via code injection. It then closes itself and runs neatly in the background, and you won't know about this occuring on the legitimate process unless you know a lot about injection and security/malware programming. Awhile later you go back to refer to the document which to you, looked perfectly normal... It's been encrypted, and you find some files which are unencrypted with instructions to paying the ransom, with a link to a webpage you can open (saved shortcut) to pay the ransom (no screen locker involved in this).
However, your Anti-Exploit software MAY have prevented this attack from happening.
The reply
@Huracan gave you is also very good, as an extension: updating your software is helpful because the developers of the product may have known of an exploit and patched it, meaning the exploit won't even work if used by malicious software in the first place.
EDIT:
I forgot to say earlier, just thought to add it now... Remember that sandboxie could always have vulnerabilities found by black hats, and then they may use this to exploit the sandboxing software to escape the sandbox.
Cheers.
