ZeroVulnerabilityLabs ExploitShield

Just got confirmation that Agnitum has added ES to their whitelist. Can you please test Outpost and ES again to verify the problem is solved?

 

Sorry for the delay. I removed the exceptions and rebooted, and the tray icon appeared normally. So, so far so good!

 

After updates of Chrome, new Chrome does not seem to be protected.

 

Hmm. At the moment I'm using Chromium build 26.0.1374.0 and it's protected by ExploitShield.dll


Also, I'm still getting the problem with the missing tray icon on system reboots. What I've done is went into task scheduler and delayed the startup to the minimum 30 seconds and the problem hasn't returned since.

 

I found a false positive: if you download the Office trial from MS then it uses a Java download manager. After the download completes, you can't launch the download from the download manager (which it also tries to do automatically).

 

Can you post the MS URL?

 

Yup; here you go:
http://technet.microsoft.com/en-US/evalcenter/ee390818

I'm sure it's probably the same with any of their downloads that uses the Java download manager.

I got an ES popup right after it finished downloading, so I'm guessing that the download manager tried to run the download. After that I tried clicking 'launch' to run the file and got the same.

 

Thanks, we'll take a look at it.

 

After system restore ES does not start up either, checked installed again, made restore point after ES installation, restored to this post installation point, no ES in tray or process list

 

I'm sure everybody has heard about the IE 0day used in targeted attacks against the Council on Foreign Relations. We've made a video about how ExploitShield 0.8.1, with a compilation date of a month before the MSFT announcement, blocks the attack.
http://www.zerovulnerabilitylabs.co...ks-used-against-council-on-foreign-relations/

 

1. I was thinking about adding a third line of defense (Real-Time), do you think ExploitShield will benefit the setup I already have (In Signature)?

2. How much memory does this use while running?

 

Your Free AV is very good but sigs almost exclusively and unless your Comodo FW includes D+ then you have no HIPS. Even with D+ the HIPS is mostly for unknown binaries, not enough against exploits themselves. I don't know what Black Viper is or what you mean simply by "DEP" (are you enforcing DEP on everything? How? What about ASLR?), but ExploitShield would definitely add a good layer of defense against general exploits. Add EMET and some free URL filter such as Panda's to top it off and you're almost bulletproof.

Shouldn't be more than 3 to 4MB.

 

Pretty light;

 

I have HIPS enabled on my firewall, Black Viper is a service configurations guide for my operating system, can be found here http://www.blackviper.com/, as for DEP, I have the default option that is enabled in my operating system. I might just take out DEP from my sig, since it is automatically enabled by default.

I'll definitely keep your suggestions in mind, thank you very much.

As for the memory consumption, that is excellent.

 

Thank you for the screenshot, I appreciate it

 

Exploitshield is working quite well with Internet Explorer, but if I launch Firefox, I get a message saying that the browser has stopped working. If I stop ExploitShield protection, Firefox starts to work again. Anyone else experiencing this issue?

I'm using Windows 8 Pro x64, in case this helps

 

It's a known issue with Comodo. They are investigating why they are blocking the ExploitShield injections. Simply add ExploitShield to the Comodo trusted apps manually and that should do it.

 

I went ahead and did so, as per your instructions and it still doesn't work. It's ok though, I can use Internet Explorer 10 until they fix it...no big deal for me.
I appreciate your quick reply.

By the way, I'm already loving your program...excellent job on this

 

what do I need to do to protect Comodo dragon ?

 

Comodo Dragon is unsupported(Comodo Ice Dragon also). If you still wanna use Dragon as your browser try renaming 'dragon.exe' to 'chrome.exe'.

 

Hello,

I think there needs to be some sort of mechanism in place such that when ES tries to load its protection and for some reason it is blocked or disabled, that some sort of message lets the user know the protection failed. For instance when you run IE10 on Win 8 x64 and you are using WRSA also. When you start IE, the parent process is 64 bit and the ES protections loads properly. With all of the child processes, they run 32 bit and ES protection does not load into any of them as it seems it is blocked by WRSA somehow (incompatible at the moment). If you look at the ES logs, IE is shown as being protected, which is very misleading as only the parent 64 bit IE is being protected, and all of the 32 bit child processes are not being protected. I do not know if some kind of message/warning can be generated when protection fails to load, and the logs do not give you an accurate picture either. The only way now to really verify what is actually being protected is to manually check each process that should be protected for the presence of the injected protection dll by ES. I know I have for one thought I have been protected but in actuality I have not been. Just MHO on something that would improve ES.....

 

Thanks Dundertaker
Tried this, I changed the .exe names... still ES doesn't recognise CD

 

ExploitShield is running excellent, other than a very minor annoyance. The tray icon tends to disappear from time to time...anyone else have this problem?

 

The ability to manually add programs for protection would be very nice also.