ZeroVulnerabilityLabs ExploitShield

From trusteer rapport

 

Thanks for the confirmation!

 

I think that the combination of ExploitShield and Trusteer Rapport for browser protection is the best available, and both are free. I just need to confirm the compatibility of EMET with TR to add it to my config.

 

Yes they have been fully compatible for me since a month now, as I posted back then. I check Firefox and Chrome daily and IE8 from time to time. Both ES and TR inject their DLLs without an issue.

 

Hi,
At present I'm running Win 8 Pro 64 bit with Sandboxie 4.01.04 64 bit, ExploitShield 0.9.1 beta, and Software Restriction Policy. I've also added Dr. Pepper's two Sandboxie tweaks ($:ExploitShield64.exe, and *\BaseNamedObjects*\ZVL_IPC_Channel*) to Firefox's configuration. The problem is that in ExploitShield's log nothing is showing up and Shielded applications: 0 while Firefox is sandboxed. If I run Firefox outside Sandboxie then Firefox shows up in the log and Shielded applications: 1. There must be something else missing from the Firefox-Sandboxie configuration that prevents it from working correctly.

Does anyone have any suggestions?

Thank you.

Later...

Bob

 

Been awfully quiet in here lately....I am not sure if it was deliberate or not but the windows media player issue seems to have vanished with 0.9.1. I have verified this on both of the computers that had issues previously with earlier versions or ExploitShield. Nice work!

 

With 0.9.1 we added some new optimized detection logic which as a side benefit fixes some of these bugs. But its good to know that this one in particular is fixed. We will delete it from the "known issues" list. Thanks for confirming!

 

Hello, will you add an option to manually add shields in application in the free edition or will it only be available in the enterprise edition?

 

Yes, that's in the backlog. Right now we are working on exclusions to have an option to manage FPs. Here's a sneak peak of what it will look like:


Screen 1: Ability to exclude from the LOG of blocked payloads.


Screen 2: New Exclusions tab where you can also manually add to the list.

 

Hello, I installed latest version. I noticed that if after boot and you open Firefox (right after the system boots) it won't be shielded by ExploitShield. I also noticed that there is some kinda "loading time" for ExploitShield when starting up. (If you right click at the tray icon right after boot, it won't do anything, however my other system tray icon works)

 

Possible false positive report.
1. Using Firefox go to this site (RebootRestoreRx) -http://www.horizondatasys.com/en/products_and_solutions.aspx?ProductId=18

2. Download it, (ExploitShield triggers)

 

What does it say in the log window?

 

Web Browser Opera.
Download file no problem
0 pop-up ES.

 

Here is the log window.

 

I see. This is a known bug we've been fixing lately. We'll release a new version soon fix a fix for this and some other things.

 

Hello, I would just like to inform you that all downloads in Firefox are being counted as an exploit. . Hope to test the new version soon.

 

UPDATE: It is not a bug within ExploitShield, upon further testing, it seems to be a conflict when Firefox is guarded with AppGuard (lockdown).
Doesn't happen when in "High" mode though.

 

Does it help to add ExploitShield to Power Apps? You could keep using 'lockdown'-mode if that works.

 

New beta 0.9.2

http://www.majorgeeks.com/files/details/malwarebytes_anti_exploit_(formerly_exploitshield).html

Plus this:

http://www.zerovulnerabilitylabs.com/

 

Do we install over top of old version?

 

No don't do it...just uninstall the previous version first.

 

Just tried to remove the old version before I install the Malwarebytes version...oops.

 

Same thing happened to me, don't know what uninstall manually means. Delete folder or go into registry and start hacking away. I know when I tried to uninstall it got rid of maybe half of the files in the folder, had a hard time deleting the rest, had to do it in safe mode. Funny thing is after it tried to uninstall the program was still there on my task bar and still opened the gui. Gort rid of everything eventually but took awhile. Since then I've read you do not have to uninstall old version. Somebody correct me if I'm wrong.

 

These problems are due to an incomplete uninstall of the previous version, probably because the DLL was still injected into some shielded process.

Follow these instructions if you're upgrading from a ZVL ExploitShield:
1- Close all shielded applications (browsers, etc.)
2- Right-click on the traybar icon and choose Exit
3- From Control Panel, Add/Remove Programs, uninstall ExploitShield
4- Download and install the latest version.

 

Further to my post above, the program is no longer installed but as per the following screenshots uninstaller.exe was launched and a subkey was deleted.



after which the C:\Program Files\ZeroVulnerabilityLabs\ExploitShield still remained, but I have deleted the folder, manually.



Also, these two system32 dll's have also have been deleted.

*****************************
COMPARING RECORDS FROM SYSTEM
*****************************
-----------------------------
These files were present at:
22 Jun 13 at 17:12:10
but not on:
18 Jun 13 at 18:57:56
-----------------------------
-----------------------------
These files were present at:
18 Jun 13 at 18:57:56
but not on:
22 Jun 13 at 17:12:10
-----------------------------
msvcp100d.dll
msvcr100d.dll
-----------------------------
*****************************



C:\WINDOWS\system32\msvcp100d.dll
C:\WINDOWS\system32\msvcr100d.dll