Prevx also protects against LNK vulnerability

Discussion in 'Prevx Releases' started by trjam, Jul 30, 2010.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ trjam

    Hi, be nice if it was confirmed ;)

    I'm not so sure that Prevx blocks ALL .lnk exploits ?

    See the comments towards the end, replies Still waiting to be answered !
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We don't block the .lnk itself (as it is a fundamental feature within the OS, not actually something discretely malicious) but any malicious file executing from the exploit will be blocked (but features like Control Panel applets that legitimately use the function will not be blocked :))
     
  4. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    464
    Location:
    UK
    That's good to know. If you want to block the exploit now, Hitman Pro has a temporay fix. A Microsoft update to fix the vulnerability is planned for Monday.

    In my experience a lot of PCs have software installed which contain known vulnerabilities. You can find and patch these using PSI from Secunia (which I use regularly). But there could also be many unknown vulnerabilities. And its for zero day exploits of these that Prevx and its heuristics is very useful layer for blocking. Its not perfect but what is.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    Sounds good to me :thumb:
     
  6. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    how do you do that?
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We're able to identify files specifically loading from the exploit's code path using behavior monitoring functions that were built in the 3.0.5.x line. We also did develop a specific patch for our larger Enterprise clients but have not made it available for complete public use, awaiting Microsoft's official patch (due out tomorrow I believe) but we were the first to distribute a "real" patch (not a suggestion that just disables all of the icons of shortcuts on the system :)).
     
Thread Status:
Not open for further replies.