ZeroVulnerabilityLabs ExploitShield

Discussion in 'other anti-malware software' started by sbwhiteman, Sep 28, 2012.

Thread Status:
Not open for further replies.
  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for posting this Thankful. We will try to replicate it.

    Can anybody else who is having the same "icon disappearing" issue confirm or replicate it?

    PS: could not replicate under Windows7 x64 Ultimate. What's your security/UAC settings?
     
    Last edited: Oct 5, 2012
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    1. Does this require .NET Framework to be installed? This is the main reason I don't use EMET.

    2. Does it use similar, or even the same mitigation techniques that EMET uses? I see people mentioning that it is similar.

    3. How is the resource usage?

    ... if the answer to #1 is "no", I'll probably test it out myself, even use it as an alternative to EMET.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    1- Does not require .NET Framework
    2- Different than EMET
    3- Minimal... average 3MB private bytes and practically zero I/O & CPU.
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Excellent news. I don't use EMET not only because I consider .NET Framework bloatware on XP, but because it's not nearly as useful on XP as it is on Win7. This looks like an ideal alternative for me. Potentially stronger and certainly lighter than EMET.

    I'll most certainly give it a look when it's out of beta and an official, stable build.

    This is seriously one of the most promising looking things I've seen in awhile, maybe even since Sandboxie. Keep on it.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks, it always helps to hear these things :)
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,967
    I have just installed.

    ScreenShot_ExploitShield_01.jpg
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,910
    Location:
    New York City
    Default.
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    I think you have all bases covered already :D ;) :blink:
     
  9. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    I have seen the ExploitShield icon disappear twice. I am running Win7 x64 Home with Webroot SecureAnywhere Complete. Unfortunately, I have not been able to recreate this situation.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,089
    Location:
    USA
    I'm also running Webroot SecureAnywhere on Win7 x64. Today the ES icon is showing, so the problem is not consistent. It would help if there was a way to restart the program without rebooting.
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Well if this indeed uses different measures than EMET, and doesn't utilize DEP/ASLR,SEHOP,etc... then I see no reason why it would conflict with it. But if it does use those techniques (perhaps in addition to others), then I wouldn't want to run them side by side. So it's understandable that you don't want to reveal exactly how it works, but it would be nice to know if it does in fact use any of those same mitigation techniques EMET does... if you can go there. So that we don't have the fear of any possible conflicts.
     
  12. clubhouse

    clubhouse Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    180
    Does anyone know if this will run happily with sandboxie or will they conflict?
     
  13. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    No real problematic conflicts, it just doesn't currently function with Sandboxie. So of course, if you launch your browser without Sandboxie, it works fine.
     
  14. guest

    guest Guest

    I'm also looking at it with the demised of WRSA-AV
    looks like it could be a candidate along with a HIPS
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Doesn't use any of those techniques, so no need to worry about potential conflicts.
     
  16. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    More good news. So it can be used as either a compliment to EMET, or in place of it for people in my boat.

    Can't wait until a stable/official release. I'll definitely be adding it to my repertoire. I don't have an extra machine for testing though, so I don't do beta's. I'm sure you'll find many willing & able guinea pigs here though that'll run it through the gauntlet real proper.
     
  17. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Anyone here done any testing of this little app yet?
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I installed and removed Chrome (besides having Chromium) after that the icon disappeared and chrome (chromium) did noy show in the logs anymore. So could be same sequence of events. Also on Win7 x32 ultimate with no other software.

    Now travelling, so can't replicate (working from asus transformer when on travel).
     
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Does it work in combination with WSA? I see that there is no detection of exploits whatsoever but just "xxxx is protected".... :blink:
     
  20. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Im very much intrigued by this program.It looks quite unique and certainly looks very interesting.
    Once it has gone final i would certainly like to give this one a try out.:thumb: :D
     
  21. pintas

    pintas Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    173
    I wish it can support Maxthon browser in the future.
     
  22. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,910
    Location:
    New York City
    What exploits did you test against?
    Thanks.
     
  23. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,674
    It guards all browsers except Safari - which Apple has made abandonware on Windows.

    Its a combo hardening tool like EMET and a virtual sandbox like Sandboxie so you can run two less applications on Windows.

    ExploitShield has great potential and I believe the company's approach of a free version for home users and and a more advanced paid version for corporate environments makes a lot of sense.

    People shouldn't have to pay for basic protection. If they want more features - then of course they should pay for them. The idea behind this product is to make it as simple to operate as possible.

    Too much of today's security software is confusing and people can get lost in setting it up. This is truly set and forget security software. :isay:
     
  24. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    According to ZeroVulnLabs, it's different from EMET (post #178 ) and doesn't use any of EMET's mitigation techniques (post #190). So, while the end goal is the same, which is to protect against exploits, they do it so by different methods.

    Also, while Sandboxie main task (if we can call it that) is to isolate dangerous applications from the real system, it's also possible to use it for other purposes, such as running trial/free software (other stuff as well, such as malicious files and see what would happen) in a dedicated sandbox and analyse what happens (there's a tool BSA, whose author is also a user at this forum).

    Using ExploitShield doesn't necessarily exclude running both EMET and Sandboxie, IMHO. Especially considering that the free version won't protect as much applications as the enterprise version will, for instance. :)
     
  25. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    The ones at ZeroVulnerabilityLabs forum. Many dead links but few working but no reactions from Z.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.