ExploitShield Browser Edition 0.9

I checked with your fresh compatibility list on your website and it says it's not compatible, but was fixed with latest beta of WSA. Perhaps you should update the live list of compatible softwares?

 

Yes, you're right, but w need to confirm that it's completely compatible before adding it to the compatible list.

 

Ok! In the name of science, I will conduct a test this weekend!

 

I also run WSA. I've not had any compatibility problems at all. The dll has been injected on FF a IE as well.

 

Cool!

 

I feel you here, because I have the same reservations. But it's a degree of trust. Do you trust ES enough to allow it that access? You trusted it enough to run it on your computer in the first place. And it's not like allowing that 1 thing is opening some floodgate. It's allowing only ES access to that specific/necessary component, and blocking anything else it may otherwise try to do... isolated within that virtual space. If it were to try to take some liberties you'd get popups saying SBIE stopped it from start/run and/or internet access. You close your session and *poof*. Then remove the rule and don't trust it again. You pretty much can't get burnt with a properly configured sandbox.

Hopefully when the product goes final Tzuk will all compatibility for it and make everyone's job easier. Right now Comodo is the only thing I have allowed software compatibility for. Also EMET on my 2'nd machine. Keyscrambler... not globally.

Now that I have a 2'nd machine I may just give ES a test run to see if maybe I'll add it to my new box instead of waiting around on this new EMET and adding .NET FW. Especially after hearing of these dialing out attempts from the notifier. Anything free from M$ comes with a price, and that price is usually privacy. I'm sure Windows Blue will be no different.

Or if Larry could bang out his project... my god, I'd bow to the guy, err... "God" I mean. A lighter, more stable EMET with no .NET FW dependance and no shady notifier, being continually worked on by some who's really in the game/field, and not just a suit. Everything I wished NEMET would be but wasn't. If either that came to fruition, or there were some "Pro" version of ES so us normal users wouldn't end up with some stripped down version... it would be the best thing since Sandboxie to hit the market.

 

We just released ExploitShield Browser Edition 0.9.1 publicly.

Info and changelog at:
http://www.zerovulnerabilitylabs.com/home/exploitshield-browser-edition-0-9/

 

It doesn't protect Cyberfox, which is a 64 bit clone of Mozilla Firefox, on Windows 8.

 

I just installed over the top, and now I am seeing this. Does not seem right.

 

Same here but I uninstalled the .8 ver. before installing .9. Config is WIN 7 SP 1 x64.

 

Replicated. Yes that's a bad design on our part. The shortcut should always be named the same thing. We will fix this for next release. Thanks for reporting!

 

I am running 0.9 with WSA and AppGuard. Everything's fine with one freeze of Chrome so far. Not sure if it was related to ESBE!

 

On W7pro x64 weird issue.
ES driver loads fine, unsandboxed firefox works fine.
SBIE firefox shows as started fine but won't show on monitor(i.e won't display), yes applied the IPC exceptions.
Possible conflict with this http://www.displayfusion.com/

On Vista hp x64, Asus G50vt X6 laptop, has loads of proprietary drivers.
Notification area icon is hit and miss if it loads at boot, driver loads fine.

 

I am not sure ver. .9 is the culprit here but strongly suspect it.

Yesterday evening, I downloaded and installed the latest ver. of Emsisoft Antimalware. I installed it as the free ver. which means no realtime processing. It installed fine and I ran a scan. All was fine. Note that I have had this software previously installed on my WIN 7 X64 SP1 installation with no issues. This was prior to installing Exploitshield.

I shut down the PC for a while. Turned on PC again and all hell broke loose. PC immediately went into WIN 7 startup recovery mode. Luckily when I rebooted afterwards all was fine except recovery mode must have performed a system restore since my installation was back to what it was a week or so ago.

ZeroVulnLabs might want to check this out.

 

ESBE 0.9 conflicts with Webroot SecureAnywhere version 8.02.127. Occasional freezes with open tabs in Chrome.

I will notify the devs behind WSA.

 

@ParaNodes, that's a known issue with the traybar icon sometimes disappearing, but in your case it could also be due to the DisplayFusion product.

@itman, ExploitShield is a lot less intrusive than your typical antivirus/antimalware product as it only intercepts the behaviour of specific higher level applications (browsers, java, etc.) and not the entire OS activity. So it is much more likely that an OS crash is due to either the AV/AM or some other more intrusive software than ES. Check your OS & Emsisoft logs to see if something was changed/disinfected prior to the crash.

 

No problems here with WSA 8.02.127 and ES 0.9.1 Beta or ES 0.9.0 Alpha. I am using Firefox.

 

Try stopping ES for a while to see if the freezes continue.

 

Update,
The W7 issue with SBIE is caused by WSA (reproducible), completely stop WSA and all's well, I'll have to play with individual modules to see if one is the problem.

Edit: To add I can't find a particular shield that causes the issue, so it's either WSA or ES for now.

 

Thanks for the update. I'm sure the Webroot folks would appreciate it if you can post the details over at the Prevx forum (https://www.wilderssecurity.com/forumdisplay.php?f=104)

 

WIN 7 reliability says mountmgr.sys was corrupt. First time I had something like this since I have been running WIN 7.

 

Sounds like a problem with your drive(s), win7 boot, power, etc. Google around as there seems to be others with similar problems. I seriously doubt this has anything to do with ES.

 

Tested some fresh samples from my friend's honeypot. Exploitshield stopped them Must have gotten some attention from somebody somehow.

Since testing this morning got ddos type of attack on my website from 8.35 until 10.21 this morning.

Took my website offline, checked everything, ran various tests. Noticed that I had one text email address on a page (normally I do place pictures with my email address, to counter spam bots). Could not find anything else.

Put my HTML only version in the air again (basic info only, emergency fall back version). I get only 60 to 80 visitor's a month (it is a free 'how to' guide on marketing & sales, no e-commerce, no forum or any data of people on it).

Got two e-mails from kidala.info to acquire/buy abuse free server/software Will ask friend (he is a security expert working for a bank) to analyse the website and logs.


Regards Kees

 

When testing is nice to use some anonymizer service such as VPN or proxy (hidemyass, ipredator, etc.) for various reasons. Some exploit kits track infection IPs and blacklist IPs which are from testers & researchers.

 

That website, and some other(s) within it, are known to spread spam, and they're part of spam lists such as Spamhaus.