ZeroVulnerabilityLabs ExploitShield

Minecraft gets blocked from updating and starting. I'll have to uninstall ES.

 

Probably some WMP plugin or special operation. Can you provide more information such as what's installed under WMP and the type of problem/event/message that you receive?

 

"Windows Media player has stopped working. A problem caused the program from working correctly. Windows will close the program and notify you if a solution is available."

Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2
Exception code: 0xc0000005
Fault offset: 0x00013898
Faulting process id: 0x410
Faulting application start time: 0x01ce0f95aaef852d
Faulting application path: C:\Program Files\Windows Media Player\wmplayer.exe
Faulting module path: C:\Windows\system32\SHLWAPI.dll

Nothing installed under WMP, as far as I know.

Windows 7, 32 bit, IE 10, WSA 8.0.2.109

 

I had the same issue when I tried out ZeroVulnerabilityLabs ExploitShield on a 32-bit Windows XP PC. I was just using windows media player at the time with no add-ons,etc.

 

According to the ZeroVulnerability Forum, this is a known issue:
http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=2&t=184

@ZeroVulnLabs
Please post this under known issues for Browser Edition Beta 0.8.
Thank you.

 

ExploitShield.dll is loading in chrome.exe

 

No, I haven't tried ES yet at all. I don't have a test machine or VM, so I don't mess around with Beta apps. I'm waiting for it to go final and mature a bit.

I may very well run into no problem at all. I rarely do. I don't have much installed on my box at all. That's why I rarely run into conflicts... there aint much there to conflict with. Comodo & SBIE are the only things running real-time. Besides that a browser, VLC, 2 cleaning tools+ Puran Defrag, a couple on demand scanners, and games/emulators. That's about it. And very few services running.

Also none of the stuff you really need things like ES/EMET for in the first place... like Java, .NET FW, PDF reader. So the need for such a thing is far less than an average user. Still I'm sure there's some other things it could protect against that could benefit me.

 

We've added the WMP issue to the list of known issues. However we have not been able to replicate it.

Please send me the output of autoruns.exe or DDS to see what other software & addons you have at the time of the crash.

 

I used ZeroVulnerabilityLabs ExploitShield for a short time period,and have since uninstalled Windows media Player and using VLC player.

 

I'd be interested in hearing about any conflicts with VLC. I'm using version 2.0.5

 

I should add that Minecraft is dependent of the Java library.

 

I too am still having the issue with WMP as I reported earlier in this forum. I am using Windows 7 x64. At the time of the original posting I was using Webroot Secure Anywhere but that has since expired and is no longer on the system.

I currently have NIS 2013, Zemana AntiLogger and EMET 3.5TP for security. I have tried uninstalling EMET and disabling AntiLogger and ExploitShield still causes WMP to not work correctly or not at all. As soon as I remove or disable ExploitShield and open WMP it works correctly and enumerates all the music again.

When I install ES and open WMP it just takes a minute or two and al the media (music in this case) disappears from WMP thought it is still on the disk. I have not gotten to the point where WMP will not open again but I saw the exact errors listed a few posts back.

Is autoruns output sufficient for you to look into this problem? I can provide most anything required as I would like to know what the problem is.

 

There seems to be a bug with Exploitshield since I removed WSA and ExplotShield still was causing WMP to crash. I sent an autoruns log file via email to ZeroVulnerabilityLabs. I hope it will be helpful.

 

ZVL can you block Citidel?

 

Install in a sandbox with appropriate restrictions, run Minecraft in that sandbox.

 

ZVL is payload agnostic. It simply blocks exploit payloads from executing.

So if the exploit is dropping Citidel then it will block Citidel from running. If the exploit drops the Windows calculator then ExploitShield will block calc.exe from running. We really don't care WHAT is being executed, we only care about HOW it is being executed.

In regards to WMP we'll have to take a closer look at it again. It might have to do with components that manage libraries which is something we haven't tested yet.

 

Is Citadel an exploit? No. ES is supposed to prevent exploits from downloading trojans like Citadel in your computer. Which trojan is the payload of the exploit is irrelevant.

Edit: five seconds late. ZeroVulnLabs beat me to it.

 

I'm testing Trusteer Rapport and ExploitShield for the nth time now. TR doesn't show any injection blocking alert this time and the ExploitShield.dll is under Firefox in Process Explorer. Can anyone confirm this?

I hope this means that they finally whitelisted ES and it's not just a Rapport's miss function on my system.

 

Are there any plans to provide ES in other idioms when it reaches the final version?

P.S: I don't recall if it has been asked before, and it's a long thread by now, so I apologize if it has been asked.

 

Its in our backlog and we thought about community-driven translations, but it's still low priority right now.

 

Yesterday I had a block alert from ExploitShield when I hit 'play' on an embedded Youtube video at Tumblr. It said that USER32.dll had been blocked from executing through Firefox; the video was removed from the blog a couple of hours later.

So it seems that ExploitShield and Trusteer Rapport are running along nicely in my system: XP 32 SP3.

 

Same here with the Sumatra plugin. But now Firefox 19 comes with its own pdf reader, still not very good though.

 

Hello,

Do you have a new version almost ready for release? Or do you plan to extend the expiration date of the current release? I was getting ready to install ES on a couple new machines but saw the current version was getting ready to expire. I decided to wait for a new version or an extended expiration date to make it easier as I am putting these on a friend's machines and there is no auto-update feature (that I know of)....

 

Which I still have a license for. Sorry for the late reply. It's near impossible to keep up with all threads with my work schedule. I was thinking about Linkscanner / Socketshield also when I learned about ExploitShield.

 

There's a new version going to be released before the end of the month. It includes a lot of engine and performance improvements.