ZeroVulnerabilityLabs ExploitShield

Most of the conflicts just prevent ES from working. If you use Process Explorer to view the DLLs loaded by your browser, then you should see ExploitShield.dll or ExploitShield64.dll, but some security apps will prevent this DLL from loading with the browser.

 

I think you might be correct. We will take a closer look.

@kjdemuth, I think he was referring to the following:
http://www.sandboxie.com/phpbb/viewtopic.php?t=13794

 

Thanks for the info pete.

 

I would like to make a small, but simple suggestion

Hopefully it's good enough to be implemented

Here it goes:

When opening a protected program (Firefox, Internet Explorer, Chrome, etc.), the ES icon should change to green, by simply letting the user know the following app is under ExploitShield's protection (Demonstrated below)


Hovering over the ES icon (tooltip) should also read:

Green icon (Protected program) = "Exploitshield is protecting you"
White icon (Process running) = "ExploitShield is running" or just "ExploitShield"

The above are just examples, it's up to you if you want to do such a thing or not.

I dunno, it's up to you if you want to implement these suggestions or not. I just think it's a simple, but yet convenient way of letting your users know that ExploitShield is doing it's job correctly (Rather than opening up ES to find out that way)

 

That's a good suggestion @radeon0101, we'll add it to our backlog. Thanks!

 

What does the following post means?
http://blog.trailofbits.com/2012/10/29/ending-the-love-affair-with-exploitshield/

I'm not an expert in anything so I cannot comment because it seems to be too technical, but this review of exploit shield didn't sound too good(?)...
Does anyone know what the author of this post was trying to say about Exploit shield?

And will exploit shield be able to protect Nitro PDF reader from exploits?

 

It's been covered before earlier in this thread.

Basically they mostly only look at the interception mechanism of ExploitShield and its implementation, which is the least important part of ExploitShield. When it comes to reversing the actual blocking intelligence/algorithms, they only look at the tip of the iceberg and even then get it wrong.

Our full response here:
http://www.zerovulnerabilitylabs.com/home/the-objective-of-exploitshield-beta/

 

Thanks a lot for this very quick response and link. To be honest I still don't know the definition of "exploit" what exactly is it?

 

Thanks for the compatibility details with Sandboxie and AppGuard. We've added a thread on our forum which lists compatibility test results with other third party security software:
http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=2&t=173

 

Thank you, that's good

 

Sorry about that

 

When an app has a security vulnerability, the exploit is the bit of code (script) that exploits that vulnerability to make the target app download and execute the payload (such as a trojan).

So you go to a website that contains a malicious script that tricks the vulnerable browser into automatically downloading and executing a malicious exe. The script is the exploit and the exe is the payload.

 

Ok, thanks for this explanation.

 

It's always worth to give Wikipedia a try when you find an unknown technical term. For example:

http://en.wikipedia.org/wiki/Exploit_(computer_security)

 

ZeroVulnLabs

From web page list: -

.............Any E.T.A on resolving these. Could be a deal breaker for some ?

- cheers
feandur

 

I'm running BitDefender Free here with no obvious issues. The tray icon is showing just fine.

 

Hello ZVL,

Pale moon browser works fine by renaming the exe from palemoon.exe to Firefox.exe. Since a simple rename makes it work, I am hoping that means it would be a simple thing to add palemoon to the next beta release. I ask because all of the renaming (exe, links, shortcuts, etc) can be a big pain. Of course with an update you have to be sure to change the name back or delete the old as you rename the new all over again. Thanks for considering this.

 

Same.

However I did have Bitdefender cause problems with tray icons in general, including its own, at one point. I've seen genuine problems with the tray icon and ES not running right, but the Bitdefender issue that I experienced just seemed to be the Windows issue with losing tray icons.

I seem to remember other software resolving this by somehow 'refreshing' the icon. Perhaps Radeon's idea would allow you to do that more easily.

 

@Feandur we still need to do some more testing before contacting each of these vendors to have it fixed. It appears that in some cases the issue happens while in others (such as just reported by @Mman79 & @Notok) it does not.

@puff-m-d, in a future version we might add the ability to customize shields by yourself (ie add a shield for a certain application).

@Peter2150, you're right, that's obviously an FP. We are working on including a local exclusion system to be able to manage FPs.

 

I should mention that when Bitdefender was having problems with tray icons, ES was one of the first affected. It's just that on some reboots the BD icon itself would go missing as as well. With BD, ES continued to work. This issue tends to happen when you have multiple programs that start early in the boot process, and it's been a bug since Win9x or so. The bug was with the SSDP discovery service, but disabling it no longer seems to work as well as it used to.

OTOH there have also been real issues where the icon didn't show and ES didn't work.

It's just worth disambiguating. The first should be relatively easy to fix, but it's also something that's likely to happen somewhat randomly and will likely persist until addressed in some way. I think all security software runs into this at some point.