ZeroVulnerabilityLabs ExploitShield

I'm curious - what went into that year? Research? Development of the idea? Actual programming etc?

You may not b able to give details - I'll understand. But I am very curious.

 

Yes, all of it.

 

ZeroVulnLabs

Does ExploitShield protect customized versions of Firefox:
in Tor Browser Bundle
and
in Advanced Onion Router (AdvOr)?

 

Some of them yes and some no, depends on the level of customization.

I've tried Portable Firefox and ExploitShield seemed to shield it correctly and stop exploits ITW, but no real compatibility tests have been performed.

With Tor Bundle the browser itself doesn't get shielded, but we've only tried an old version.

You can test it yourself by monitoring the ExploitShield Log tab in the interface while opening the customized browser. But you should also check the browser components. The best way to test it is to install the custom browser and ES in a VM and visit some exploit URLs like those found in our forum. Of course that doesn't guarantee compatibility (as the exploit may simply skip that browser or not know which is the correct exploit to serve based on the user-agent) but it will give you a general idea if ExploitShield sets off its alerts.

We haven't the resources to try each one out to find out. At least for beta we're sticking with our short list (IE, FF, Chrome and Opera) which represents over 90% of the users. But if you do test some of these please let us know the results of your tests.

 

Installed on Windows 7 Home Premium x64 SP1, with WinPatrol Plus as only other real time protection, and Google Chrome & VLC. I am most impressed with the UI layout, as it is simple, if not elegant. Most designers try to impress with unneeded bells and whistles, and I'm glad you didn't.

On my machine there is only one ES process, and it averages 1.5mb of ram, with no I/O to speak of. When I launched Chrome, the ES log immediately showed Chrome as a protected program, and when I launched VLC through Chrome, it too was immediately logged. I don't have Java, Adobe Reader, or Office installed so I can't speak to their interaction.

So far, this has been the best new program/beta experience that I have personally had........Keep up the great work pbust.

 

ZeroVulnLabs

Tor Browser Bundle for Windows (version 2.2.39-1)


You should consider adding Tor Browser protection.

 

Doesn't appear to work with Sandboxed (with SBIE) applications according to the logs at any rate. Also appears to be saying I have a negative number of apps protected if I run them outside the sandbox.

On 64 bit it installs into Program Files rather than Program Files (x86) although it is not 'real' 64 bit app. Is that what it should do?

Edit: Oh yeah, and it doesn't start with Windows so needs re-enabled. Again, is that how it should work

Thanks

 

Are there any plans to release a beta version that runs under standard user rights? Or, will it only be released when it hits the stable channel?

 

@ZeroVulnLabs

Not exactly sure what the intended purpose of ExploitShield is, but does it detect/prevent things such as man-in-the-browser (e.g., Zeus) and man-in-the-middle attacks?

 

That's exactly what it does - it prevents browser attacks from being loaded before they can execute.

Its truly install and forget browser protection. It stops zero day attacks cold.

 

@ZeroVulnLabs

Does ExploitShield protect a browser running under Sandboxie?

 

I downloaded it afternoon of 09/28/12 to a Windows 7 Home Premium 64 bit OS; seems to work fine on online test/wild exploits I found; but evening of 09/30/12, on a lark after reading Wilder posts re app disruptions, I downloaded a few flash video downloaders, and found "Express Files" when opened will A) knock out ExploitShield including wiping out the little "z" tray icon; and B) keep ExploitShield from re-opening as long as Express Files remains on machine. It would be sadly ironic if something like an exploitable-video downloader, not being malware or an exploit per se, could defeat ExploitShield; does anyone else get such results? I'm sorry for butting in, but CNET appears to presently have comments disabled for ExploitShield Browser Edition beta 0.7 and I couldn't ask at source I got it.

 

You don't need Sandboxie with it.

I'm guessing that it works akin to a virtual sandbox around your browser so two layers would be redundant.

You could get rid of SB and be fully protected by ExploitShield when surfing the Internet.

 

We haven't tested with Sandboxie. But conceptually if you know not to manually download & execute EXEs from suspicious webs, you don't need Sandboxie if you have ExploitShield.

ExploitShield is a full 64bit program. In the installation directory you will see ExploitShield64.exe, sys and dll. Also a 32bit dll for 32bit programs which may run under your 64bit OS.

It should start with Windows. Are you running as an admin account? This is a known issue with the current beta. We will fix this shortly.

 

Our next beta, which should come shortly, will work under non-admin accounts.

It prevents you from getting infected with Zeus in the first place. Read the following 2 pages, especially the 2nd one:
http://www.zerovulnerabilitylabs.com/home/technology/zerovulnerabilitylabs-technology/
http://www.zerovulnerabilitylabs.com/home/technology/frequently-asked-questions/

 

Thanks for your testing and your comment DBone, it really feels great to hear this!!

 

Thanks for reporting. This should help us find and fix bugs before releasing ExploitShield out of beta. Can you post or PM me the link where you downloaded this flash video downloader from?

 

Glad to see this.

 

I believe that Media Player Classic (presently Media Player Classic Home Cinema) should be included among the protected media players:

http://mpc-hc.sourceforge.net/

 

Not sure what the 1806 trick is, I'll have to look it up. Also don't want to upset any SBIE fans as I myself am one. It just doesn't work with my mom and sister. They end up wanting to get rid of it.

Btw, you did mention earlier:

Here it is:
http://www.zerovulnerabilitylabs.com/home/technology/success-stories-cve/

 

That's great.

 

After installing ExploitShield on two of my Win7 x64 systems, I am now experiencing shutdown issues. I have to keep using "force shutdown" because some tasks are not stopping properly. Is anyone elese having similar issues at shutdown??

 

Couple of things:

Sometimes the icon is missing in the tray after a system restart even though ExploitShield is running and working effectively.

Also, I loaded up PS3 Media Server and i'm getting a exploit block.
Application: Java
Payload: Jna512596589802840335.dll
Which must be a false positive. I'm on Win7 32-bit.

 

Not experiencing that here. I have no AV, just AppGuard and ES.