ZeroVulnerabilityLabs ExploitShield

[lordraiden]

From trusteer rapport

Quote:

Please be advised that the problem with ExploitShield should have been resolved in the latest version of Rapport.
Please update Rapport, and then install ExploitShield. Please contact us again should you encounter any issues while running the two programs side-by-side.

You can download Rapport's latest version from the following link:
http://www.trusteer.com/support/rapp...allation-links
Make sure to restart your computer once Rapport is installed.

[ZeroVulnLabs]

Quote:

Originally Posted by lordraiden

From trusteer rapport

Thanks for the confirmation!

[lordraiden]

Quote:

Originally Posted by ZeroVulnLabs

Thanks for the confirmation!

I think that the combination of ExploitShield and Trusteer Rapport for browser protection is the best available, and both are free. I just need to confirm the compatibility of EMET with TR to add it to my config.

[vojta]

Yes they have been fully compatible for me since a month now, as I posted back then. I check Firefox and Chrome daily and IE8 from time to time. Both ES and TR inject their DLLs without an issue.

[Trespasser]

Hi,
At present I'm running Win 8 Pro 64 bit with Sandboxie 4.01.04 64 bit, ExploitShield 0.9.1 beta, and Software Restriction Policy. I've also added Dr. Pepper's two Sandboxie tweaks ($:ExploitShield64.exe, and *\BaseNamedObjects*\ZVL_IPC_Channel*) to Firefox's configuration. The problem is that in ExploitShield's log nothing is showing up and Shielded applications: 0 while Firefox is sandboxed. If I run Firefox outside Sandboxie then Firefox shows up in the log and Shielded applications: 1. There must be something else missing from the Firefox-Sandboxie configuration that prevents it from working correctly.

Does anyone have any suggestions?

Thank you.

Later...

Bob

[Skiaz]

Been awfully quiet in here lately....I am not sure if it was deliberate or not but the windows media player issue seems to have vanished with 0.9.1. I have verified this on both of the computers that had issues previously with earlier versions or ExploitShield. Nice work!

[ZeroVulnLabs]

Quote:

Originally Posted by Skiaz

Been awfully quiet in here lately....I am not sure if it was deliberate or not but the windows media player issue seems to have vanished with 0.9.1. I have verified this on both of the computers that had issues previously with earlier versions or ExploitShield. Nice work!

With 0.9.1 we added some new optimized detection logic which as a side benefit fixes some of these bugs. But its good to know that this one in particular is fixed. We will delete it from the "known issues" list. Thanks for confirming!

[kupo]

Hello, will you add an option to manually add shields in application in the free edition or will it only be available in the enterprise edition?

[ZeroVulnLabs]

Quote:

Originally Posted by kupo

Hello, will you add an option to manually add shields in application in the free edition or will it only be available in the enterprise edition?

Yes, that's in the backlog. Right now we are working on exclusions to have an option to manage FPs. Here's a sneak peak of what it will look like:


Screen 1: Ability to exclude from the LOG of blocked payloads.


Screen 2: New Exclusions tab where you can also manually add to the list.

[kupo]

Hello, I installed latest version. I noticed that if after boot and you open Firefox (right after the system boots) it won't be shielded by ExploitShield. I also noticed that there is some kinda "loading time" for ExploitShield when starting up. (If you right click at the tray icon right after boot, it won't do anything, however my other system tray icon works)

[kupo]

Possible false positive report.
1. Using Firefox go to this site (RebootRestoreRx) -http://www.horizondatasys.com/en/products_and_solutions.aspx?ProductId=18

2. Download it, (ExploitShield triggers)

[ZeroVulnLabs]

Quote:

Originally Posted by kupo

Possible false positive report.
1. Using Firefox go to this site (RebootRestoreRx) -http://www.horizondatasys.com/en/products_and_solutions.aspx?ProductId=18

2. Download it, (ExploitShield triggers)

What does it say in the log window?

[Sampei Nihira]

Web Browser Opera.
Download file no problem
0 pop-up ES.

[kupo]

Here is the log window.

[ZeroVulnLabs]

Quote:

Originally Posted by kupo

Here is the log window.
Attachment 237976

I see. This is a known bug we've been fixing lately. We'll release a new version soon fix a fix for this and some other things.

[kupo]

Quote:

Originally Posted by ZeroVulnLabs

I see. This is a known bug we've been fixing lately. We'll release a new version soon fix a fix for this and some other things.

Hello, I would just like to inform you that all downloads in Firefox are being counted as an exploit. . Hope to test the new version soon.

[kupo]

UPDATE: It is not a bug within ExploitShield, upon further testing, it seems to be a conflict when Firefox is guarded with AppGuard (lockdown).
Doesn't happen when in "High" mode though.

[shadek]

Quote:

Originally Posted by kupo

UPDATE: It is not a bug within ExploitShield, upon further testing, it seems to be a conflict when Firefox is guarded with AppGuard (lockdown).
Doesn't happen when in "High" mode though.

Does it help to add ExploitShield to Power Apps? You could keep using 'lockdown'-mode if that works. :-)