ZeroVulnerabilityLabs ExploitShield

The counter is not fixed yet, even the log has problem and it does not protect torbrowser based on firefox

 

click!

point n°5 is clearly not required in your case...

 

Yes it does. It protects browsers and browser components from exploits. Drive-by are only one type of implementation of browser and browser component exploits. For example ExploitShield Browser Edition also protects against exploits to Help Center, Windows Media Player, Windows Scripting, Java, Flash, etc.

Those are not browser exploits. XSS are webserver vulns. Malware installed via downloads and social engineering are not vulnerability exploits.

Read our FAQ, specifically the section on "which vulns does ES protect against":
http://www.zerovulnerabilitylabs.com/home/technology/frequently-asked-questions/

 

Shielded apps counter is known issue:
http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=2&t=147

Foxit, Office, etc. are not supposed to be protected as stand-alone apps in ExploitShield Browser Edition. However if you open a PDF from within the browser it will be protected:
http://www.zerovulnerabilitylabs.com/home/exploitshield/

 

What is the log's problem you are referring to?
Torbrowser and other browsers are not supported. List of supported apps is shown on our website and on the ExploitShield GUI itself.

 

@ZeroVulnLabs

When I try to install this

https://www.microsoft.com/en-us/download/details.aspx?id=14632

I get this "error":
Please resolve the following:

A newer version of Microsoft Visual C++ 2010 Redistributable has been detected on the machine.

Using win7 x64 updated.

Maybe you are linking your program to an old version of MVC++

 

There's an SP1 version:
-https://www.microsoft.com/en-us/download/details.aspx?id=8328 (x86)
-https://www.microsoft.com/en-us/download/details.aspx?id=13523 (x64)

 

stopping protection via tray icon/GUI lead correctly to unloading injection of both .dll (ES/ES64.dll) as well as its own driver.
Exiting via tray icon, instead, doesn't unload the 64bit component if a 64bit application is running.

For exemple, if IE10 is running and exit ES, the parent process (64bit) keeps the injection...

Sorry for my poor english

 

I installed over the top of v0.7.





I don't know why it isn't showing Opera...

Whereas, in another snapshot it is showing....

Also, I now have two Desktop icons...

I will delete the unnecessary one.

 

Yes but in their website
http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/

They recomend the one that I have posted, so, or the version is wrong or there is something wrong with ExploitShield.

I already have MVC++ installed and updated.

BTW when I have installed 0.8.1 over 0.8 there was an error that a file could no be deleted because it was in use. (all the browsers were closed) after a while it has worked.

 

in your security arsenal, you miss CIS, OA,...so you are not truly secured...

 

Tarnak

Are you running 2 firewalls at the same time?

 

when I start application log was not showing but after restarting the software it got fixed

 

If you rename ice deagon to "chrome" ZS will protect it. I asked the same at the ZS forums and got that suggestion there. Works until they intend to support it.

 

So you have MVC++ 2010 installed and it still throws this error during install? Can you send me a DDS log or something similar that shows installed apps?

Just as a clarification, the error comes from Inno installer itself, which includes some functionality to uninstall the previous version of ES before installing the new one on top. We're investigating how we can improve this.

 

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

 

I am glad that you have the details in your FAQ.

True. My point was that the average user is not going to understand that distinction.

To state my concern another way: In my experience users tend to lump all malicious activity into "viruses". You and I know that viruses are only a small portion of the attacks. A fair number of users with this incorrect perception believe that anti-virus software will protect against all threats when reality is they're completely unprotected from anything but signatured malware. Same thing for ExploitShield: The typical user will not understand that ExploitShield Browser Edition will not protect them from all exploits involving the browser.

I do like that you say your product is not designed to replace any existing tools, it's meant to be a force multiplier. Perhaps that accomplishes what I was driving at.

Thanks for listening to my concern.

 

Seems like you may have multiple MSVCR100D.DLL files on your system from different runtimes, in different paths and different versions. Try searching for all of them and renaming them to something like MSVCR100D.DLL.BAK and keep only one at a time, until you find the right one. Specifically check in System32 and SysWOW64, as well as any other dirs you might have in your %PATH%.

 

BC, allow me to jump in - it's my experience that the average user cannot understand much of anything about security threats. While I agree that ExploitShield should be described as accurately as possible, average users still won't understand what it does and does not do. It makes sense that there will be a version for the corporate world where there are I.T. people who will understand why and how ExploitShield is valuable.

 

I think this is a great solution for those who do not know much about computers but still need to be protected (family members).

My questions is. How do I get the full version?

 

Sorry, for the late reply. ...No.

 

Yes, that's exactly the purpose of the design of ExploitShield!

Still in beta, so there's no full version yet.

 

Will ES still install correctly even without C++ and the install error warning on my W7 x64 machine? Will the end result be the same as a machine with C++?

 

Yes, actually it is only Inno that needs the C++ Runtime DLL. ExploitShield itself does not need it.

One way of verifying that this is true is to grab the installation directory of ExploitShield (%ProgramFiles%\ZeroVulnerabilityLabs\ExploitShield) and copy its contents to a clean or different machine without the C++ runtime. Simply double-click on ExploitShield.exe or ExploitShield64.exe and it will install its driver and run correctly (without even requiring the installer).

EDIT: In fact even if you get the error during install, ExploitShield will finish its installation correctly and run correctly without problems. So you can effectively ignore the warning.

 

Perfect! Thanks as always for the help.