ExploitShield Browser Edition 0.9

All well My mistake to add a email address in text format on web site, just coincidently collided with the testing, two incidents are not related. Next time I will use hide something to hide my IP. ExploitShield held itself well though

Regards Kees

 

OS XP Home service pack 3

[Use Opera list EMET 3.5 T.P. mitigations ROP not abilited (Caller + SimExeFlow).
VLC all mitigations abilited]
SBIE not list EMET
ES ver 0.9.1 not list EMET.

Download with SBIE + the modification of DR_LaRRY_PEpPeR of movies MPG (AVI ?).
The reproduction with VLC obtains a malfuctioning.
Please check.

 

Woulds it be overkill to use ESBE together with AppGuard even though I set all potentially vulnerable applications as 'Guarded' in AppGuard?

 

I discovered a glitch.

I start Chrome: 1 protected application is shown as running in ExploitShield
I then start VLC: 0 protected applications is shown as running in ExploitShield
After that I close Chrome and -1 applications are protected.






I redo the steps above and I can make the counter go keep increasing the negative value shown on protected applications.







I am not left unprotected from attacks, right? Even with a negative value? System OS in signature.

 

It's a known bug with the GUI. Nothing to worry about, has nothing to do with the protection offered.

 

Thanks for the info!

 

Double click the IE 10 icon on my desktop and popup stating an exploit has been prevented. Not good.
Beta 0.9.1. Win 7 32 bit.

 

Not good indeed. I'll send you a PM with steps to get us needed details.

EDIT: You have PMs blocked. Would it be possible to remote into your machine to test it ourselves? Of course you would be in front monitoring the session. Alternatively can you send us a HijackThis, DDS, Autoruns or the output of some similar tool showing installed software and IE plugins? support@zerovulnerabilitylabs.com.

 

Autoruns output sent to email address.

 

hi zerovulnlabs,

Since Exploitshield found an exploit attempt on a page, I can't even open my Firefox browser without it detected on pages which are using jscript and or flash player, nothing to do with the previous detection.

I think those are false positive exploit attemps.

Moreover, Exploitshield close before launching Internet Explorer. I don't know the reason. I've not been opened IE since one month.

Could you tell me more please ??

 

PM sent to coordinate troubleshooting.

 

Grey box pop-up at startup with a button which displays less than half a sec (without asking user confirmation) is normal?

 

Yesterday night,

I had the same as Shadek:
Shield application: -2

but

block exploit attempts : 7

This morning, Z didn't appear anymore on the system tray.

 

The grey popup disappearing at boot is the ExploitShield GUI starting and minimizing itself to the traybar as an icon.

The negative shielded apps and the traybar icon disappearing (but the ExploitShield process still running) are both known issues and nothing to worry about. If you want the traybar icon, simply kill the ExploitShield process and run the program again.

 

Yes, my first pop-up
- Opened an e-mail from LinkedIn
- Pressed Accept button of connect request
- BrowserExploitShield alert popped-up

Analysed behaviour
1. Downloading an ID-tracker (to establish origin of linkedin request message)
2. Starting Chrome from within Outlook with this ID-tracker

Cool Not a false positive, but potentially dangereous behaviour. Pitty you don't put a "what happened/what triggered" explanation in the text box

 

There's many fake linkedin emails that point to Exploit Kits. Was this a valid ExploitShield detection (ie fake linkedin email) or an ExploitShield FP (ie valid linkedin email)?

It if was an FP and you can replicate it please let me know and I'll PM you some troubleshooting instructions.

 

Valid LinkedIn e-mail, PM and I will check it

 

PM sent!

Thanks!

 

Do you have a debug version of ExploitShield I can run instead of sending you Autoruns output?
Thanks.

 

Yes, but you've blocked PM's so I can't send it to you.

 

Try now. Thanks.

 

Sent!

 

Does this software work with Sandboxie? I tried it on my other computer and it didn't list my browser as running inside the ExploitShield Browser module. How long will you be in beta mode or are you trying to imitate Google with their beta products.

 

No (SBIE ver 4.01.06):



ES.dll not work browser + SBIE.

http://www.sandboxie.com/phpbb/viewtopic.php?t=15293&sid=8bceb6eb0997255ee835b7c7539c82ab

 

Sampei Nihira, I saw your post there the other day and then forgot about it (sorry). I will try to check ES again soon to see if something has changed -- oh, oops, I see you said it does work with SBIE 3.76, so this must be another bug with DLL loading in 4.01.??...

I haven't used ES since the fall, so I want to check anyway to see if settings stuff for Sandboxie (when it works) is still the same for the ES GUI.