@Tutman
Only two feature (of the many of MB anti-exploit) overlap with VoodooShield:
1. Spawning of executables by MBAE protected apps
2. Execution of files downloaded by MBAE protected apps
So where the last protections of MBAE end, the protection of VS starts. VS does not try to stop the intrusion (there are so many vectors), only the result (execution of code from disk or memory).
Nowadays Microsoft products have a lot of build-in exploit protection features, e.g. Edge does not allow non-Microsoft DLL's to load in its renderer processes and Microsoft Defender has Attack Surface Reduction rules which prevents browser and mail client to spawn down loaded executable code and Office programs to start other programs. Also Windows 10 has more advanced anti-exploit features than Windows 7 which covers the Windows 7extra EMET-protection features by default..
Windows Defender ASR rules even work when you use another Antivirus, so to be honest, the protection of MBAE is great when you use Windows7 but is marginal when you use Windows 10 with Configure Defender (to enable ASR easily) and VoodooShield (when everything else fails).
Consumer grade intrusions shifted from exploits and lacking memory protections to using Windows build-in execution options (also called sponsors and Living of the land binaries). VS does a good job in restricting Sponsors/LOLbins. So I would not use MBAE anymore in Windows10+VoodoosShield setup.
malwaretips.com
