Jump to content
Login new information ×
Login new information

PC Security Labs: Exploit Mitigations Test 2014 August

Ponting

By Ponting
in Security & Privacy Center

Recommended Posts

  • Replies 21
  • Views 2.3k
  • Created
  • Last Reply
AlienForce1

AlienForce1

Posted
Posted

For me it`s very hard to believe that this test is not conducted to get Norton on first place ...

In AV-Comparative`s tests Bitdefender and Kaspersky are on the first place ...

In AV-Test.org the same BD and KIS have maximum protection in their tests ...

Link to comment
Share on other sites
Ponting

Ponting

Posted
  • Author
Posted

For me it`s very hard to believe that this test is not conducted to get Norton on first place ...

In AV-Comparative`s tests Bitdefender and Kaspersky are on the first place ...

In AV-Test.org the same BD and KIS have maximum protection in their tests ...

From the PDF

This test was commissioned by Malwarebytes Corp. to test the exploit blocking capabilities of different products against relevant vulnerabilities (i.e. vulnerable applications which are targeted typically by Exploit Kits and targeted attacks).PCSL made the sole research and methodology decision of which CVEs to test and how to test. No exploit code samples were provided by Malwarebytes.

Link to comment
Share on other sites
darko999

darko999

Posted
Posted

Is that Malwarebytes bytes Anti Exploit a bit like "Emsisoft's mamutu"? It says something like behavior protection in the description.

Link to comment
Share on other sites
Nastrahl

Nastrahl

Posted
Posted

Can somebody inform us - how many services does MBAE create?

Two services : one for itself, one for the scheduler, and one more process for the GUI.

Link to comment
Share on other sites
Nastrahl

Nastrahl

Posted
Posted

For me it`s very hard to believe that this test is not conducted to get Norton on first place ...

In AV-Comparative`s tests Bitdefender and Kaspersky are on the first place ...

In AV-Test.org the same BD and KIS have maximum protection in their tests ...

Because exploits are differents than viruses, malwares and such.

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Can somebody inform us - how many services does MBAE create?

Two services : one for itself, one for the scheduler, and one more process for the GUI.

Yes, exactly like its elder sibling - MBAM (V2+)

Link to comment
Share on other sites
Nastrahl

Nastrahl

Posted
Posted

Can somebody inform us - how many services does MBAE create?

Two services : one for itself, one for the scheduler, and one more process for the GUI.

Yes, exactly like its elder sibling - MBAM (V2+)

Oops my bad, I thought you asked about MBAM and not MBAE :facepalm:

Don't ask how I misunderstood that, I don't know either :o

Sorry :(

Link to comment
Share on other sites
Ponting

Ponting

Posted
  • Author
Posted

Only mbae-svc.exe is listed as Malwarebytes Anti-Exploit Service in services.msc and mbae.exe is for the GUI.

If you need more info on MBAE's process,service,registry keys,etc,etc....install MBAE and check it :tooth:

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Only mbae-svc.exe is listed as Malwarebytes Anti-Exploit Service in services.msc and mbae.exe is for the GUI.

If you need more info on MBAE's process,service,registry keys,etc,etc....install MBAE and check it :tooth:

I don't think most folks would be interested in installing MBAE (or any software - for that matter) which creates 2 services as part of their new plan.

FWIW, I bet most folks who innocently installed MBAE will now have second thoughts.

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted

Only mbae-svc.exe is listed as Malwarebytes Anti-Exploit Service in services.msc and mbae.exe is for the GUI.

If you need more info on MBAE's process,service,registry keys,etc,etc....install MBAE and check it :tooth:

I don't think most folks would be interested in installing MBAE (or any software - for that matter) which creates 2 services as part of their new plan.

FWIW, I bet most folks who innocently installed MBAE will now have second thoughts.

will now have second thoughts i did but now i like it :) its a nice program

Link to comment
Share on other sites
Ponting

Ponting

Posted
  • Author
Posted

According to PCSL's Exploit Mitigations Test report, HitmanPro.Alert 3 CTP2 did not stop many exploits. We tested some of the exploits that we apparently 'failed' and made a video. In this video you will see CVE-2012-0663 QuickTime, CVE-2012-4792 IE8, CVE-2013-3163 IE8 and 2 x CVE-2013-1488 Java7.

PCSL's report does not give details on the used configuration, if it was a virtual environment or what kind of payloads were setup in Metasploit. So in the video you will see that the Metasploit exploit either tries to start the Windows Calculator or, in case of Java, initiate a Meterpreter Shell. The first 3 exploit attempts are blocked on the exploit technique and both Java tests are blocked on 'sandbox escape'.

Enjoy the show:

Source:http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-84#post-2399525

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted

According to PCSL's Exploit Mitigations Test report, HitmanPro.Alert 3 CTP2 did not stop many exploits. We tested some of the exploits that we apparently 'failed' and made a video. In this video you will see CVE-2012-0663 QuickTime, CVE-2012-4792 IE8, CVE-2013-3163 IE8 and 2 x CVE-2013-1488 Java7.

PCSL's report does not give details on the used configuration, if it was a virtual environment or what kind of payloads were setup in Metasploit. So in the video you will see that the Metasploit exploit either tries to start the Windows Calculator or, in case of Java, initiate a Meterpreter Shell. The first 3 exploit attempts are blocked on the exploit technique and both Java tests are blocked on 'sandbox escape'.

Enjoy the show:

Source:http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-84#post-2399525

Comments are disabled for this video. ? as they no it still have problems but its a nice program to i think

Link to comment
Share on other sites
Ponting

Ponting

Posted
  • Author
Posted

Comments are disabled for this video. ? as they no it still have problems but its a nice program to i think

Feel free to post there :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...