ZeroVulnerabilityLabs ExploitShield

Thanks for the logs on the WMP issue!

I see that you have both Webroot SE and Trusteer Rapport installed. Thanks to other Wilders members they are fixing (or have fixed) an FP where they were blocking ExploitShield hooks. Please contact both Webroot and Trusteer to get their latest versions which do not block ExploitShield.

 

I don't think that trusteer rappport have fixed already the issue, they don't give any ETA by mail or any other way, and since there is no changelog the only way to know that suddenly is compatible is like we do now.

BTW I'm not sure if Webroot web shield module it's compatible with trusteer rapport.

 

Same with Webroot; I haven't heard back yet, and don't think there's been a new version. Hopefully it will be done soon, though.

 

Have you considered starting a thread in the Prevx forum about it? It will bring attention to the problem and may facilitate the process.

 

We've updated the ExploitShield installer. It should not give any problems anymore. Nor do you need to have VC++ Redistributable installed prior to installing ExploitShield. If you can, please test and confirm.

EDIT: It is still the same 0.8.1 version, so no need to upgrade. The only thing that has been fixed has been the installer.

 

I can confirm that I didn't get any error during the installation.

 

ExploitShield always seems to launch ok at startup, but the tray icon is often missing on my XP machine.

 

Same on W7 X64
no tray icon but ExploitShield64.exe is still running

 

This should be fixed with the latest version 0.8.1. Does this still happen on your XP box even with the latest version?. If so, can you check both HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and TaskScheduler entries for ExploitShield? Are they present in both or only one startup entry? Which one? Do you have a lot of programs running at startup (a lot of traybar icons)?

 

I am currently running 0.8.1, and I have about twelve apps starting that load icons. And I've noticed that if after everything is up and running I kill ExploitShield with TaskManager and re-start it, it seems to load fine with the icon.

 

@TomAZ & @popcorn please try the following to see if it solves the problem:

1- With autoruns, click on Options and then "Hide Windows and MSFT entries". Then refresh (F5) and under the second tab labeled "Logon" deactivate everything non-essential from running at startup. You can just uncheck them to temporarily disable them (instead of deleting) and then re-enable them again later on.

2- Still under autoruns, go to the tab labeled "Scheduled Tasks" and also un-check everything non-essential except ExploitShield.

3- Reboot and allow the session logon to occur normally without interference (don't launch any programs manually for the first few minutes). Does the ExploitShield traybar icon show up now?

4- If it does show up now, using autoruns re-enable disabled startup programs one at a time, with a reboot in between each re-enable to check if ExploitShield continues showing on the traybar icon, until you re-enable all of them again.

 

Windows also has a tendency to "lose" tray icons when you have enough of them; particularly with early-starting software. Try disabling the UPnP and SSDP discovery services (then reboot) and see if that helps. IIRC you can actually test this quickly by just logging out and back in (if it's the services then you'll get the tray icon back after logging back in).

 

I have the TaskScheduler entry, but not the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run entry.

 

Good, that means you have the correct version. What happens when you try the steps of my previous post with autoruns?

 

Trying to troubleshoot a sound problem in one of my snapshots, and when clicking on 'troubleshoot', I got an alert.

 

Thanks for reporting! That is a known FP with the MSFT Help & Support Center. We are aware of it and working on a fix for next beta release.

 

YW...

 

I recently had to stop running ExploitShield on a rather unusually-configured machine that was running Bullguard IS and WebrootSecureAnywhere concurrently. With ExploitShield installed, the WSA icon would either not appear in the task tray, or (worse) I would get an interrupt-enabled "white screen" during boot. After uninstalling ES on this system, the before-mentioned problems went away.

 

Yes, there seems to be some issues when running ExploitShield with Webroot, Trusteer or Comodo. Working on getting them fixed by these vendors.

 

Thanks for the quick response. It is appreciated....

 

Just as an update, I have confirmation from Trusteer & Comodo labs/dev that they are looking into the issues of their products blocking ExploitShield. These blocks were causing browsing slowdowns, browser crashes and/or issues with the traybar icon. I expect they will have this fixed in the next few days.

Next up, Webroot.

 

Please if you get any update post it here, although Comodo probably could publish it in a changelog, since Trusteer rapport doesn't have probably we won't notice any change.

 

I was getting the issue with the tray icon rather suddenly; sometimes not loading at all during boot. When I suspended protection in Outpost Firewall Pro v8 and rebooted it came back (and it started with the update to v8 final). I had some exceptions for ES in Outpost previously, but set it to 'allow all' and set all the anti-leak/system protections to 'allow' from the application rules, even though I wasn't getting any prompts for ES.

 

Thanks for reporting this. I've just contacted Agnitum to get ES white-listed as well.

 

+1
notification would be awesome