ExploitShield Browser Edition 0.9

TH DR_LaRRY_PEpPeR.

 

As Sampei Nihira found, I can confirm that ExploitShield.dll with not load, under any circumstances, with any version of Sandboxie 4.01.xx. So for now, no, it doesn't work with Sandboxie 4.

 

File Rihanna - Stay (2) false mp3 (asf).
Analysis VT on line:

~VT link removed~




ExploitShield 0 pop-up alert !!

_______________________________


Opening the file with WMP (no VLC) you open your browser and you have a window file download (setup.exe):

~VT link removed~

Anubis - Analysis Report

Sorry my bad English.

 

That's not an exploit. It's a simple redirect to download a file from the web (ie social engineering) and its the job of the AV to stop that. You would have to choose to download and open it before it can run on your machine.




An exploit on the other hand would run the file automatically without user prompts and it would be blocked by ExploitShield. Some examples of media player (VLC, Quicktime, WMP) exploits being blocked by ExploitShield can be found at http://www.youtube.com/playlist?list=PL95F2A1B2AA762B5B.

 

@ ZVL

Thanks for your explanation.

 

Links to malware are not allowed in this forum.

 

Removed.
Th.

 

http://www.cert.org/blogs/certcc/2013/05/keep_calm_and_deploy_emet.html

EMET


@ ZVL
ES blocks this exploit ?
TH.

 

ExploitShield *FOUND* this zero-day exploit
http://www.zerovulnerabilitylabs.com/home/ie8-zero-day-us-department-of-labor-attack/

 

Is there any benefit to using this with Sandboxie? Wouldn't Sandboxie stop any exploits from getting onto your system anyway?

 

TH.
ES

 

@ ZVL

Hi ZVL it's possible one cooperation with tzuk (forum SBIE ver. 4 beta ) to obtain one compatibility between SBIE and ES ?
Your sw would have a growth of interest and diffusion !!


I have tried:

http://www.sandboxie.com/phpbb/viewtopic.php?t=15293&sid=8bceb6eb0997255ee835b7c7539c82ab

and DR_LaRRY_PEpPeR try too:

http://www.sandboxie.com/phpbb/viewtopic.php?t=15022&sid=3c2b470e7b778093bed6abb2fd9a5d1b

I think that Tzuk has some problems for injection DLL.
Sorry my bad English.

TH.

 

Sure thing, if there's anything we can do to help to make them compatible we'd love to. But it seems as if its a problem with allowing ES within SBIE, so its probably mostly if not all to be fixed by SBIE?

 

I would ask help for this mediator to DR_LaRRY_PEpPeR who respect of me know certain english.
I send him on Private message.

p.s. Send.

 

Does Exploitshield offer any additional protection inside Sandboxie? Wouldn't any exploits be contained within the sandbox and be removed once it is emptied?

 

Yep, Sandboxie should fully protect you, ultimately. It's just that ES could stop something from being dropped in the first place, and then possibly running inside the sandbox while it's active, before it's deleted, etc.

So it's like how I/we use EMET, to stop exploits at an earlier stage, before it gets to Sandboxie as the last line of (strong) defense.

Agreed, short of ES using a different method to inject the DLL, Sandboxie needs to be fixed to allow it to load as it does in 3.76. It's probably not a major thing, and I'd think it'd get fixed here eventually, just not a high-priority thing now. I guess it's a more "generic problem" that could possibly affect another product's loading of DLLs as well... *shrug*

 

That's what I thought. Thanks for confirming for me doctor!

 

I've got the missing tray icon bug. Ending the application and starting it again somehow restored it for the CURRENT session only. Restarting my laptop will again have a missing tray icon. Very annoying, lol.
EDIT: Reinstalling did not fix the "issue".

 

ES has intervened.
Chrome home page https://encrypted.google.com/



Supposition:
Installation of new version 8.3 of Clic& Clean ?

Problem no more replicable after 3 pop-up.

OS Windows 7 64 bit
SUA

 

I also have Click& Clean 8.3 in Chrome and ES never gave me an alert.

 

It's the same bug as mentioned in the other ExploitShield thread. It's a known issue which will be fixed in the next release. It doesn't happen every time nor to all users and its difficult to replicate reliably.

 

Bump! Any ETA on the next release? The missing tray icon is really annoying.

 

Just got wind of this application and installed it in an XP SP3 with Avast IS version 8 Build 1489 as realtime. I have no protection even when I check/find/target dll in Process Hacker "Exploitshield.dll".

See image below. What am I doing wrong here...? I see also that I can seem to "Start" Exploitshield. After installation, I rebooted and it was still like that. Then I checked if Chrome will be protected and it wasn't. So I uninstalled and installed again (ver 0.9.1 beta) and reboted. I checked it was the same > can't start application so Chrome/Firefox/Opera is unprotected.

 

As you can see from the GUI the red label says that ExploitShield is not running. This is probably due to an incomplete uninstall of a previously installed version and/or conflict with your security software.

Try the following:
1- Right-click the ES traybar icon and choose Exit.
2- Uninstall ES from Control Panel
3- Reboot
4- Download and install again

Is the GUI still showing the red label?

 

@ ZVL

Please get in touch with Tzuk if interested:

http://www.sandboxie.com/phpbb/viewtopic.php?t=15293

TH.

p.s. Sorry my bad English.