Is this something Comodo need to fix or MalwareBytes please ?
With Malwarebytes Anti Exploit enabled Internet Exporer, Firefox and Ice Dragon will not start and I had to add their Programs folders to the Detect shellcode injection exclusions in HIPS settings to get them to run.
I’ve been waiting for them to fix it and after Comodo fixed CIS and CAV for clashing with Chrome I am wondering who is it needs to fix what please ?
Reading the thread on malwarebytes it sounds like it’s MBAE that detects an exploit and closes the browser, is that correct?
Personally I can not replicate but it sounds like MBAE is falsely (or not(?)) detecting an exploit due to Comodo’s “Detect Shellcode injections”
If it’s MBAE that detects this and hence closes the browser then it’s first and foremost them who need to fix it, unless it’s actually CIS that is doing something wrong or which has a bug or something in which case they need to fix that, for the available information I can’t make out whether MBAE detects the exploit with good cause or if it’s a false-positive?
The issue with Comodo and Chrome doesn’t seem relevant, there it was a change in Chrome which CIS didn’t account for which lead to CIS accidentally crashing the application, here it seems like MBAE is “intentionally” (because perceived exploit) closing the browser to protect you.
Personally I’m running CIS and MBAE with no problems so it seems to perhaps be a system dependent bug(?), the only problem I have is when I try to sandbox the browsers, are you trying to sandbox them?
From your topic at the Malwarebytes Forums:
The fix from our end is on our backlog, but it is to be expected that products that have similar anti-exploit technology, like MBAE and EMET, might conflict like this. This is not to say that Comodo has anything near what MBAE does, as the source of the conflict is not due to conflicting mitigations in this case.
Yes I'll leave the thread open until it is solved.Malwarebytes indicates that the ball is in their court when it comes to fixing.
I don’t know if they are in contact with Comodo about this. If you feel the ball is in Comodo’s court all I can do is urge you to file a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.
thank you