Discussion in 'Prevx Releases' started by trjam, Jul 30, 2010.
Hi, be nice if it was confirmed
I'm not so sure that Prevx blocks ALL .lnk exploits ?
See the comments towards the end, replies Still waiting to be answered !
We don't block the .lnk itself (as it is a fundamental feature within the OS, not actually something discretely malicious) but any malicious file executing from the exploit will be blocked (but features like Control Panel applets that legitimately use the function will not be blocked )
That's good to know. If you want to block the exploit now, Hitman Pro has a temporay fix. A Microsoft update to fix the vulnerability is planned for Monday.
In my experience a lot of PCs have software installed which contain known vulnerabilities. You can find and patch these using PSI from Secunia (which I use regularly). But there could also be many unknown vulnerabilities. And its for zero day exploits of these that Prevx and its heuristics is very useful layer for blocking. Its not perfect but what is.
Sounds good to me
how do you do that?
We're able to identify files specifically loading from the exploit's code path using behavior monitoring functions that were built in the 3.0.5.x line. We also did develop a specific patch for our larger Enterprise clients but have not made it available for complete public use, awaiting Microsoft's official patch (due out tomorrow I believe) but we were the first to distribute a "real" patch (not a suggestion that just disables all of the icons of shortcuts on the system ).
Separate names with a comma.