ExploitShield Browser Edition 0.9

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Mar 26, 2013.

Thread Status:
Not open for further replies.
  1. All well :thumb: My mistake to add a email address in text format on web site, just coincidently collided with the testing, two incidents are not related. Next time I will use hide something to hide my IP. ExploitShield held itself well though :thumb:

    Regards Kees
     
    Last edited by a moderator: Apr 6, 2013
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,474
    Location:
    Italy
    OS XP Home service pack 3

    [Use Opera list EMET 3.5 T.P. mitigations ROP not abilited (Caller + SimExeFlow).
    VLC all mitigations abilited]
    SBIE not list EMET
    ES ver 0.9.1 not list EMET.

    Download with SBIE + the modification of DR_LaRRY_PEpPeR of movies MPG (AVI ?).
    The reproduction with VLC obtains a malfuctioning.
    Please check.
     
    Last edited: Apr 7, 2013
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Woulds it be overkill to use ESBE together with AppGuard even though I set all potentially vulnerable applications as 'Guarded' in AppGuard?
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I discovered a glitch.

    I start Chrome: 1 protected application is shown as running in ExploitShield
    I then start VLC: 0 protected applications is shown as running in ExploitShield
    After that I close Chrome and -1 applications are protected.

    Namnl?s.png




    I redo the steps above and I can make the counter go keep increasing the negative value shown on protected applications.




    Namnl?s2.png


    I am not left unprotected from attacks, right? Even with a negative value? System OS in signature.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    It's a known bug with the GUI. Nothing to worry about, has nothing to do with the protection offered.
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks for the info!
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,111
    Location:
    New York City
    Double click the IE 10 icon on my desktop and popup stating an exploit has been prevented. Not good.
    Beta 0.9.1. Win 7 32 bit.
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Not good indeed. I'll send you a PM with steps to get us needed details.

    EDIT: You have PMs blocked. Would it be possible to remote into your machine to test it ourselves? Of course you would be in front monitoring the session. Alternatively can you send us a HijackThis, DDS, Autoruns or the output of some similar tool showing installed software and IE plugins? support@zerovulnerabilitylabs.com.
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,111
    Location:
    New York City
    Autoruns output sent to email address.
     
  10. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    hi zerovulnlabs,

    Since Exploitshield found an exploit attempt on a page, I can't even open my Firefox browser without it detected on pages which are using jscript and or flash player, nothing to do with the previous detection.

    I think those are false positive exploit attemps. ;)

    Moreover, Exploitshield close before launching Internet Explorer. I don't know the reason. I've not been opened IE since one month.

    Could you tell me more please ??
     
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    PM sent to coordinate troubleshooting.
     
  12. Grey box pop-up at startup with a button which displays less than half a sec (without asking user confirmation) is normal?
     
  13. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    Yesterday night,

    I had the same as Shadek:
    Shield application: -2

    but

    block exploit attempts : 7

    This morning, Z didn't appear anymore on the system tray.

     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The grey popup disappearing at boot is the ExploitShield GUI starting and minimizing itself to the traybar as an icon.

    The negative shielded apps and the traybar icon disappearing (but the ExploitShield process still running) are both known issues and nothing to worry about. If you want the traybar icon, simply kill the ExploitShield process and run the program again.
     
  15. Yes, my first pop-up
    - Opened an e-mail from LinkedIn
    - Pressed Accept button of connect request
    - BrowserExploitShield alert popped-up

    Analysed behaviour
    1. Downloading an ID-tracker (to establish origin of linkedin request message)
    2. Starting Chrome from within Outlook with this ID-tracker

    Cool :thumb: Not a false positive, but potentially dangereous behaviour. Pitty you don't put a "what happened/what triggered" explanation in the text box
     

    Attached Files:

    Last edited by a moderator: Apr 27, 2013
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    There's many fake linkedin emails that point to Exploit Kits. Was this a valid ExploitShield detection (ie fake linkedin email) or an ExploitShield FP (ie valid linkedin email)?

    It if was an FP and you can replicate it please let me know and I'll PM you some troubleshooting instructions.
     
  17. Valid LinkedIn e-mail, PM and I will check it
     
  18. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    PM sent!

    Thanks!
     
  19. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,111
    Location:
    New York City
    Do you have a debug version of ExploitShield I can run instead of sending you Autoruns output?
    Thanks.
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, but you've blocked PM's so I can't send it to you.
     
  21. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,111
    Location:
    New York City
    Try now. Thanks.
     
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Sent!
     
  23. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    341
    Does this software work with Sandboxie? I tried it on my other computer and it didn't list my browser as running inside the ExploitShield Browser module. How long will you be in beta mode or are you trying to imitate Google with their beta products.
     
    Last edited: Apr 27, 2013
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,474
    Location:
    Italy
  25. DR_LaRRY_PEpPeR

    DR_LaRRY_PEpPeR Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    141
    Location:
    St. Louis area
    Sampei Nihira, I saw your post there the other day and then forgot about it (sorry). :) I will try to check ES again soon to see if something has changed -- oh, oops, I see you said it does work with SBIE 3.76, so this must be another bug with DLL loading in 4.01.??...

    I haven't used ES since the fall, so I want to check anyway to see if settings stuff for Sandboxie (when it works) is still the same for the ES GUI. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.