ZeroVulnerabilityLabs ExploitShield

I am never seeing "Internet Explorer is now protected" in either the logs tab of the GUI or the log file located at "C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\exploitshield.log". If I happen to run Adobe Reader or Java inside of IE, I do get a "is now protected" entry for those. I assume for IE to be protected that a DLL is injected into IE (C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.dll or ExploitShield64.dll), however this is not the case. Checking on the driver (C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield64.sys), it is indeed running. From this information, it appears to me that IE is not being protected (IE9 with Vista HP x64). I feel uncomfortable because of this trying to run an exploit that ES is known to block. Is there some way that I can verify that IE is actually being protected or not? I want to discard EMET but am hesitant until I know I am being protected.

 

We just updated the known CVEs list that are blocked by ExploitShield including the latest Adobe Flash Player (CVE-2012-5248 through 5272) and Google Chrome vulns:
http://www.zerovulnerabilitylabs.com/home/technology/success-stories-cve/

All of these new Flash Player vulns are blocked by ExploitShield.

 

Can you please PM a DDS log while you have ES and IE running?

Also ExploitShield uses different techniques than EMET so both are compatible. To achieve the highest possible protection against exploits its best to keep both.

 

PM sent...

 

In your recent list of exploits posted at your support forum, I tried going to the following. See google search here

 

Maybe its down already or maybe your router/ISP/upstream killed the connection as it is probably listed in all blacklisting security signatures by now.

Try some of the more recently listed entries.

 

So far, I have not seen ES react to anything on my system. I don't think I will ever see it react , due to my surfing habits. My computer sems to be a malware-free zone.

 

Funnily, as I was preparing my post above, I got a popup from SSM which I have never seen before. I blocked it.

 

Trying out this program now.

 

Any conflict with Sandboxie?

 

That's not the way to look at it. I think what he was trying to convey was that as of yet there's no compatibility for ExploitShield in Sandboxie. So it won't protect you in a sandboxed session right now. I have no doubt that when there's a final/stable build of ES and it's out of beta phase that Tzuk will add compatibility for it in a future update. I'm personally waiting until then to use ES.

 

None so far.

 

Wonderful news & two doses. This is what becomes of a bloke when he gets attached to cyber pets like SandboxiE & DefenseWall & so on.

 

There is NO SB - if you run ExploitShield your browser already enjoys "virtual protection." Two are redundant. But I thought you knew that already!

 

Generally speaking, excluding all exe's purposely dowloaded, is ES strong enough to be used with no other real time protection of any kind, in regards to internet infections via web browsers?

 

Please remember this is still beta and as such not a finished product. There's still bugs to fix and improvements to be made.

 

Yea, I should have been clearer, When this app is final, and has been up and running, is the goal to make it strong enough to protect browsers all by itself.

 

when EShield is finalized will it be expected to be superior to SBoxiE in browser security, stopping exploits that SB cannot (not that I'm aware of any)? Or will it be a case of pick either, both will deliver the same level of security?

 

From browser-based exploits, yes, that's the idea. But not from other things such as EXE downloads, phishing, etc.

 

Why not offer a deny execute/traverse folder ACL to set on download folder of the browser when installing the free browser version. With Chrome's sandbox, an ACL on the download folder and the exploit protection of the freebie, what possibly could go wrong for most users?

 

http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=13&t=61

According to the above article exploitshield can be easily bypassed. As far as technology of the software I am sold. Some insight on the technology after the patent is granted will be good.

 

will exploitshield work better if the technology is implanted in the software it protects. Have you got any offer by any company for your software? If yes then who?

 

The issue from the forum has already been fixed and will be included once beta2 comes out.

It would not make much sense to apply the technology to ExploitShield itself. ExploitShield makes use of DEP and ASLR for those type of protections.

Regarding offers, I'm sure you must realize that we are not going to discuss internal company details publicly, don't you

 

Though I am not a developer but I think Mircrosoft should sponsor your software and then you will have more brains. As they say 2 is better than 1

 

So, Microsoft would one more brain? LOL Seriously, Microsoft is debatably like the Titanic and unable to get out of its' own way. I'm grateful for smaller developers.