Malwarebytes Anti-Exploit has regressed" to an alpha-candidate because the code "has been completely re-architected and (now) works as a Windows Service; https://forums.malwarebytes.org/index.php?showtopic=141741
An alternative anti-exploit product, which I have been running for a few months now is SurfRight's HitmanPro.Alert., as it has CryptoGuard protection; http://www.surfright.nl/en/alert/cryptoguard
But a new version 3 will be released in beta form in a week's time.
"Safe browsing (Intruder scan), CryptoGuard, Keystroke encryption, Webcam notifier, Hollow Process blocker and Vaccination against vm-aware malware are all in the free version. These are all signature-less features and ensure that you are alerted in case of banking trojans, crypto-ransomware (like Cryptolocker), Remote Access Trojan (RAT) or other malware on your system" . But the exploit protection will require a paid license.
Blackcat, do you know if it's compatible with EMET, or if it's best used without it?
Regarding EMET, a report was released a few days ago saying "we found ways to bypass all of the protections in EMET". A good thing is that EMET 5.0 will be improved because of this. A bad thing that it still might be possible to bypass EMET protection for determined attackers. EMET 5.0 Beta was released 25 Feb
From the Conclusions section in the report PDF:
However, as was seen in our research, deploying EMET does mean attackers have to work a little bit harder; payloads need to be customized, and EMET bypass research needs to be conducted. Thus, EMET is good for the price (free), but it canbe bypassed by determined attackers. Microsoft freely admits that it is not a prefect protection, and comments from Microsoft speakers at conference talks admit that as well. The objective of EMET is not perfection, but to raise the cost of exploitation. So the question really is not can EMET be bypassed. Rather, does EMET sufficiently raise the cost of exploitation? The answer to that is likely dependent upon the value of the data being protected. For organizations with data of significant value, we submit that EMET does not sufficiently stop customized exploits.
yes it fully compatible with EMET
And all recommendations from Bromium's paper are already in Alert 3, including deep-hooks-only (NtProtectVirtualMemory) and full 64-bit ROP detection.
The "currently known" and "most exploits" limitations of EMET are history when using Alert 3.0.
EMET 5.0 here; http://www.youtube.com/watch?v=lP9Vtg1FvEQ
Overall, at this stage Hitman Pro Alert 3 seems a much easier and better bet of the two. Roll on the gold version.
Yes, but in that case why not use both was my thought. EMET also has website certificate protection, for IE that is.
I'll follow the development for Alert on WildersSecurity (which I assume you already do ;-)
A summary of the most interesting facts in my eyes:
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support agents and get answers to your questions