ZeroVulnerabilityLabs ExploitShield

Excellent...

thanks ZeroVulnLabs

-cheers,
feandur

 

Running version 0.8.1. Stopping protection via the context menu stops protection correctly but label on menu remains "Running".
WSA 8.0.2.96, IE 9, Windows 7 32 bit

 

Are any of the incompatibilities with other security software already solved?
Trusteer Rapport, Comodo...

 

Yes, known issue #6:
http://www.zerovulnerabilitylabs.com/forum/viewtopic.php?f=2&t=147

Haven't heard anything back from them. Comodo reports a hotfix in a couple of weeks so if we're lucky the fix will be included there.

 

Webroot says they fixed it and will be released in their next beta. I've heard the new Comodo 6 hotfix also fixes the incompatibility with ES, but I haven't had time to test and verify it yet.

 

When the compatibility with CIS is fixed are they plans to add Comodo Dragon to the list of protected browsers ?

 

Another false positive by ExploitShield is the free UPnP scanner by Rapid7/Metasploit:
http://www.rapid7.com/resources/fre...ownloads/universal-plug-and-play-jan-2013.jsp

When the (Java) program file runs, it quarantines swt-win32-3740.dll.

 

Yes we were aware of this one. In fact its the same as all the other Java-based FPs. Over 99% of the FPs by ExploitShield are due to Java apps which do things they shouldn't do in an ideal situation. Even though we've fixed a large portion of them, there are still some which we will take care of in future versions of ExploitShield.

 

Just curious. Does ExploitShield also protects against scripts?

 

I'm not ZeroVulnLabs but hope you don't mind...

No it doesn't, at least not directly. ExploitShield was designed to stop payloads...which are an aftereffect of some malicious scripts.

 

Actually some of them it will, the ones that are abused by exploits. For example wscript.exe is shielded by default by ExploitShield even though it doesn't show up under the GUI SHIELDS tab. There are other "internal" shields which are part of the OS. If you're talking javascript for example, as safeguy says they are precursor of the exploit payload and those exploits will also be stopped by ExploitShield.

 

Interesting. Good to know.

 

Some of the torrent sites I visit require javascript enabled, have not tried ES on the machine I use for torrents but on that machine I use the built-in Windows Firewall there. (Most of my pals also because a 3rd party firewall sometimes causes some slowdown during downloading/surfing at the same time). How can ES protect me there?

 

If any of those sites is compromised to redirect to an exploit kit, or hosts a malicious javascript or malvertising which loads an exploit, then ExploitShield would protect you from that exploit.

 

Any chances on changing the tray icon into something more visually appealing? Someone else in here made a green shield, looked really good. Better yet, an option to hide icon in the first place. Zero Shield works in the background and there is no need to have it there in the first place.

 

Well under Vista and above you can configure the traybar to hide the icon easily, so really no need to develop something specific for that.

 

Depends on what you mean by "hide". At the moment clicking the icon is the only way to access the settings.

 

Hello,

I can confirm, on my system at least, with the latest beta (8.0.2.103) the compatibility problems with Webroot have been fixed.

 

Great news, thanks for posting this!!

 

I'm not running Comodo at the moment, but have you verified if the incompatibilities have been fixed or not with this recent release?.

It's been a while since you posted the above message, figured you may have some news for us by now.

 

Sorry, haven't had time to test this yet. I'll keep you posted as soon as we do.

 

Thank you

 

Preview of ExploitShield Corporate Edition, currently in alpha:
http://www.zerovulnerabilitylabs.com/home/exploitshield-corporate-edition-preview/

 

Hopefully a pro version with similar functionality becomes available. It's hard for me to leave sandboxie, but I would definitely recommend this to friends that complain about using sandboxie. This seems less intrusive, and from what I've read offers a similar degree of protection.

 

Yes, the last link I posted shows ExploitShield blocking this Acrobat Reader PDF zero-day.