ZeroVulnerabilityLabs ExploitShield

I have just installed the 0.8.1 beta and the first thing that I've checked is the reaction of Trusteer Rapport to the ExploitShield injection. This is what Rapport says that it does when ExploitShield protects Firefox:

·Attempt to alter function CreateProcessW blocked
·Attempt to alter function CreateProcessA blocked
·Attempt to alter function CreateFileW blocked
·Attempt to alter function CreateFileA blocked

ExploitShield shows "Shielded applications: 1" during two or three minutes and then goes back to zero shielded applications. Maybe they could be contacted so that they whitelist ExploitShield. I know that they did this with Avast, for example.

EDIT:

That behaviour corresponds to my limited user account on XP32 SP3. In my admin account ExploitShield shows "Shielded applications: 2" when I open Firefox and remains the same, apparently forever. The Rapport's notifications that I posted are still shown in the admin account.

 

Now, after stopping and starting Rapport a couple of times it's all more clear: When Rapport is running ExploitShield shows zero shielded applications on the limited account. When it's not running it first shows two shielded applications and three minutes later only one shielded application.

On the admin account everything seems to work as expected but I still don't know if the Rapport blocks affect ExploitShield's functionality in some way. I'm not on a virtual machine and so I'm not going to try real exploits.

 

From what you are describing it does sound as if Trusteer Rapport is blocking ExploitShield from running correctly. If you are a customer of theirs please let them know about this.

 

It sounds like Rapport is seeing ExploitShield's injection as an attack.

 

I will send a support ticket today.

 

I installed the new version of ExploitShield, a day or so ago, on my desktop computer and on my laptop computer, both 64 bit machines running Windows 7. I just noticed that Windows Media Player now crashes on both computers. I cannot play anything using Windows Media Player without it immediately crashing on both machines. I have made no other changes to either of these machines lately. So, I uninstalled ExploitShield on my desktop. Then Windows Media Player worked. I checked some diagnotics and something was missing. I apologize for not having more info, but it is late and I should be in bed. Anyway, I did uninstall ExploitShield on my laptop, and now Windows Media Player works there too. I can, later today, re-install ExploitShield on one of the computers and send you the diagnostics that I saw which prompted me to try uninstalling your product in order to fix the problem. Be glad to do this, if this is not already a known problem.

 

No, not a known problem. Very interested in any information you can send me. Also please include a DDS or similar log which shows installed apps, running proccesses, services, drivers, etc.

 

I've been noticing that I can't get WMP to even open up - just get an hourglass cursor for a few seconds then nothing, no process showing in the task manager. I didn't think it might be related to ES.

 

I had no problem getting WMP to play a previously downloaded audio file, even though I don't usually use WMP. I use VLC Media Player, mainly.

 

@tarnak
sorry for the off topic but damn, you have quite some processes running in the system tray!

 

...and still running the original installation since 2007 without a reformat. But, I did have to change the motherboard.

 

Im an average home user and have EMET installed also.If i download this what version should i use?....browser or corporate.
Thanks.

 

Browser Edition.

Corporate Edition is only for companies.

 

Since updating ES is not protecting Waterfox or Comodo Dragon
IE still is protected
Is there a work around ?

 

Ive just tried exploitshield and it doesnt protect comodo dragon although to be honest i dont really see me keeping this as i have sandboxie which runs my browser and i dont see how this will protect what EMET cant.

Also i cannot see anyway of adding programs to be shielded.
Emet protects against everything that this does.
Sorry but i dont think exploitshield is that great or innovative to be honest but good luck with it.

 

EMET doesn't protect against Java exploits.

I agree, if you have SBIE then you don't need AV, AM, Exploit Shield, EMET or just about anything else. People run SBIE solo. However if you are like me and don't run SBIE for various reasons then ExploitShield can be a nice addition to the security.

 

AppGuard Protects Comodo Dragon !!

 

Appguard is sadly not free.

 

EMET apparently does protect java as it is in the list of protected files.Thats irrelevant to me as i uninstalled it.

 

ok after a fresh install waterfox is now been protected
just as a side comment I have ES running on both my daughter and wifes systems and it has blocked a total of 7 exploit attempts in a couple of months don't ask lol

 

It won't protect Java exploits in the browser.

 

well i always run my browser sandboxed so im secure to certain degree right?

 

Straight from their website:

Obviously SBIE protects you from those... But if you got family members like me who will not bother to learn anything about computers then ZeroShiled + Good AV is your best choice.

Personally, I got Web Control (Outpost) so I have no need for SBIE. I use ExploitShield for layered security measures. I find it extremely low on CPU and I prefer that over SBIE which I find a bit more intensive on my laptop.

@Developer. I hope this is not too much off topic.

 

Could you keep us updated about this issue?
Thanks

 

Yes, of course. Trusteer support's reply was very fast. They asked me if I had noticed further signs of Rapport blocking ExploitShield's functionality appart from what was noted in the activity report. I reckon that they don't think that what they block necesarily affects ES's activities. I would like to know ZeroVulnerabilityLabs' opinion about this.

When I had Norton Safe Web Lite installed I reported to Trusteer similar notifications about it and they said that it was a known issue and that I shouldn't worry.

I have noticed some problems with ExploitShield when switching from an admin account to a limited account and back again, but I still need to do more tests and I cannot say that Rapport is related to this.