ZeroVulnerabilityLabs ExploitShield

Can I send an email instead? PMs don't allow file attachments.

 

Sure thing. Support@zerovulnerabilitylabs.com.
Thanks!

 

Windows 7 Professional 32-bit.

Thanks for looking at the FP.

 

Yes I understand your point.

 

Are all of the Shields currently displayed in v. 0.7 functional, or are they not active?

 

Yes they are functional. We simply deactivated them for the Browser Edition beta.

In our YouTube channel you can view some vids of the full version and all the shields in action.
PS: the vids are of prototypes and early versions, but with all shields enabled.

 

Same here Win7 x64 Enterprise. It worked well until I restarted the computer.
And If I open the program the tray icon appear and disappear after a few seconds.

 

Is there any substance to the tracking software claim mentioned here?

Al

 

What is wrong about appearing in CNET website...?

 

sounds like an interesting program.

i'll give it a try with Metasploit.

maybe play with the 'real stuff' later on when i have the times.

 

Just saw this - very positive review:

http://www.pcmag.com/article2/0,2817,2410274,00.asp

By the way, it looks like ExploitShield (ES) is detecting Waterfox as Firefox (there's a log entry saying ES is protecting Firefox which I'm not running). Is that correct and is it actually protecting Waterfox? I see that Waterfox is not on the list of supported browsers at the moment.

 

By the way, will there be an option not to send any data to your servers? By data, I mean the info about the URL that were blocked. I think that sending any info out, regardless of the application, should always be optional (unless of course, the application needs it to work).

 

Hi


Same thing here, running Waterfox and logging as "firefox is now protected"

Thanx
Popcorn

 

We are thinking about adding that to a PRO and/or Corporate version, but not the free version. That's the price you pay for getting free software.

PS: we only send data related to exploits, not about ANYTHING else.

 

I understood him as saying ExploitShield contained tracking software. CNET was just something else he didn't like.

Al

 

Ahh hooks user land API's and sanitizes them, surprised how well it worked any thoughts on protecting against different attack vectors like meterpreter and the likes? Okay test convinced me, I dropped EMET in favour of Z see pic

 

I know that it is extremely early in the product cycle, but I am going to ask anyway:

ZeroVulnLabs, do you guys have any idea yet how much you are going to charge for the Pro version of your product? I'm not looking for an exact figure, but a ballpark number would be great.

 

@Kees1958

Are you using the free Browser Edition of Z or the Corporate Edition?

 

ZeroVul,

Will there be an option to hide the block message so that it just blocks in the background without the popup window?

 

That's a good idea. Please post it at our Suggestion forum so we can keep track of it.

 

like a ballon mesage

 

Older system/Windows XP/SP3, Avast antivirus,up to date, older version of Comodo firewall (to avoid conflicts- version 3.0.25.378..), Comodo Secure DNS Server, VPN4ALL, Opera browser up to date, all settings (firewall and antivirus) set tight, Opera tweaked a little bit, NOT using EMET, downloaded ExploitShield couple of days ago, had a couple of problems that were easily solved, may have been my settings, did notice that it erased my system restore points, but, it seems like every time I download some kind of program, that happens uninstalled it, rebooted, reinstalled, seems to be working fine, nice program, lots of vulnerabilities in this old XP system, will put it to the test....I run scans very often with a multitude of antivirus programs, including Avast boot scan, Eset online scanner, Comodo firewall online scanner, Malware Bytes scanner, etc. I am pretty sure that the only problems with this PC is it's age, and a few registry problems. This is a good test bed for Exploit Shield, will use it for a while and report back.....Java is enabled....can't get this system to work with Java disabled. Oh, by the way, I like Moontan's picture, it is from the album cover of King Crimson, some of you may be too young to remember that....

 

Freebrowser edition. I have enabled SEHOP though. I have the directories of my mail (outlook 2007) and mediaplayer (VLC) denied execution through ACL (right click directory, security tab, add a deny "traverse folder/excute file for everyone), disabled visual basic for office (not installed) and Scripts (through GPO) and cross my fingers that Office2007 and VLC do not contain a lot of weak programming techniques. Office 2007 has had some service packs released, and VLC has had few exploits in the past, so it is an acceptable risk IMO.

 

If you run this - its a good enough hardening tool.

You wouldn't need EMET or a sandbox.

 

I just posted a bunch of exploit kit urls for those of you who want to test:
http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=14&t=55