ZeroVulnerabilityLabs ExploitShield

Discussion in 'other anti-malware software' started by sbwhiteman, Sep 28, 2012.

Thread Status:
Not open for further replies.
  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    I am never seeing "Internet Explorer is now protected" in either the logs tab of the GUI or the log file located at "C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\exploitshield.log". If I happen to run Adobe Reader or Java inside of IE, I do get a "is now protected" entry for those. I assume for IE to be protected that a DLL is injected into IE (C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.dll or ExploitShield64.dll), however this is not the case. Checking on the driver (C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield64.sys), it is indeed running. From this information, it appears to me that IE is not being protected (IE9 with Vista HP x64). I feel uncomfortable because of this trying to run an exploit that ES is known to block. Is there some way that I can verify that IE is actually being protected or not? I want to discard EMET but am hesitant until I know I am being protected.
     
  2. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We just updated the known CVEs list that are blocked by ExploitShield including the latest Adobe Flash Player (CVE-2012-5248 through 5272) and Google Chrome vulns:
    http://www.zerovulnerabilitylabs.com/home/technology/success-stories-cve/

    All of these new Flash Player vulns are blocked by ExploitShield.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Can you please PM a DDS log while you have ES and IE running?

    Also ExploitShield uses different techniques than EMET so both are compatible. To achieve the highest possible protection against exploits its best to keep both.
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,599
    Location:
    North Carolina, USA
    PM sent...
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    In your recent list of exploits posted at your support forum, I tried going to the following. See google search here

    ScreenShot_ES_malicious url_01.jpg
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Maybe its down already or maybe your router/ISP/upstream killed the connection as it is probably listed in all blacklisting security signatures by now.

    Try some of the more recently listed entries.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    So far, I have not seen ES react to anything on my system. I don't think I will ever see it react ;), due to my surfing habits. My computer sems to be a malware-free zone.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    Funnily, as I was preparing my post above, I got a popup from SSM which I have never seen before. I blocked it.

    ScreenShot_SSM_misc warning popup_01.jpg
     
  9. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    Trying out this program now.
     
  10. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Any conflict with Sandboxie?
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    That's not the way to look at it. I think what he was trying to convey was that as of yet there's no compatibility for ExploitShield in Sandboxie. So it won't protect you in a sandboxed session right now. I have no doubt that when there's a final/stable build of ES and it's out of beta phase that Tzuk will add compatibility for it in a future update. I'm personally waiting until then to use ES.
     
  12. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    None so far. ;)
     
  13. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    :thumb:

    :thumb:

    Wonderful news & two doses. This is what becomes of a bloke when he gets attached to cyber pets like SandboxiE & DefenseWall & so on.
     
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,742
    There is NO SB - if you run ExploitShield your browser already enjoys "virtual protection." Two are redundant. But I thought you knew that already! :mad:
     
  15. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Generally speaking, excluding all exe's purposely dowloaded, is ES strong enough to be used with no other real time protection of any kind, in regards to internet infections via web browsers?
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Please remember this is still beta and as such not a finished product. There's still bugs to fix and improvements to be made.
     
  17. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Yea, I should have been clearer, :) When this app is final, and has been up and running, is the goal to make it strong enough to protect browsers all by itself.
     
  18. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    when EShield is finalized will it be expected to be superior to SBoxiE in browser security, stopping exploits that SB cannot (not that I'm aware of any)? Or will it be a case of pick either, both will deliver the same level of security?
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    From browser-based exploits, yes, that's the idea. But not from other things such as EXE downloads, phishing, etc.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Why not offer a deny execute/traverse folder ACL to set on download folder of the browser when installing the free browser version. With Chrome's sandbox, an ACL on the download folder and the exploit protection of the freebie, what possibly could go wrong for most users?
     
    Last edited: Oct 10, 2012
  21. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
  22. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    will exploitshield work better if the technology is implanted in the software it protects. Have you got any offer by any company for your software? If yes then who?
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The issue from the forum has already been fixed and will be included once beta2 comes out.

    It would not make much sense to apply the technology to ExploitShield itself. ExploitShield makes use of DEP and ASLR for those type of protections.

    Regarding offers, I'm sure you must realize that we are not going to discuss internal company details publicly, don't you o_O
     
  24. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Though I am not a developer but I think Mircrosoft should sponsor your software and then you will have more brains. As they say 2 is better than 1
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,101
    Location:
    USA
    So, Microsoft would one more brain? LOL Seriously, Microsoft is debatably like the Titanic and unable to get out of its' own way. I'm grateful for smaller developers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.