ZeroVulnerabilityLabs ExploitShield

Discussion in 'other anti-malware software' started by sbwhiteman, Sep 28, 2012.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,909
    Location:
    New York City
    Maybe WSA quashed the exploit first?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Unlikely as there were no logs about it. They probably failed as there was nothing to exploit.
    But as you are a user of WSA and Z you may also want to try and confirm this behaviour.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    This violates Kerckhoff's principle and does no good because someone *will* decompile the binary.
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Many of the exploit URLs are of Blackhole 2.0, which track visiting IPs and won't serve the exploit on a second visit. Also you have to make sure the your blacklisting AV didn't block the exploit URL or any of its other URLs it pulls from. Finally sometimes you have to have the right combination of software installed (Java6 vs Java7, Acrobat9 vs Acrobat10, etc.).

    On our ExploitShield Browser Edition webpage we offer some advice on how to test for exploits, which is quite more difficult than testing malware binaries.
     
  5. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Why not give us a beta version of corporate edition
     
  6. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi

    Am running W7 64X, taskbar icon has disappeared ExploitShield64.exe is still running in task manager though.
    Only thing I think that has changed is WSA-AV has updated versions o_O

    Thanx
    Popcorn
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    I use WSA and have the latest version, but today I have the ES tray icon :) The problem is intermittent.
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We are going to modify the startup method for beta2 (for non-admin accounts) and we will be taking a good look at this issue as well.

    In the meantime simply kill the process and run it again and you should get the traybar icon and GUI.
     
  9. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    When is the next beta scheduled to be released?
     
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    No schedule yet, still working on it. It shouldn't be longer than a few weeks.
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    When I try to kill the process in the Windows 7 x64 task manager I received an "access denied" message (logged in with Admin account).
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Download and run ProcessExplorer as admin and you'll be able to kill it.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    Thanks, I hadn't thought to try a different task manager. I was able to kill it with System Explorer.
     
  14. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Does the software needs update when the software it protects gets an update?
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    No it doesn't.
     
  16. Steve_from_Iowa63

    Steve_from_Iowa63 Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    6
    Location:
    Southwest Iowa
    I'm using W7 and IE9, along with Norton 360.

    When I'm in the General tab of ExploitShield 0.7, and Stop and then Start Protection, it will crash any brower sessions I have running. If this is necessary for your security product to start up correctly, then you might want to add a warning on that screen.

    Also a question: Can you log when protection is started and stopped? Seems like it would be useful information for many reasons.
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's weird, we haven't encountered any such problems in our W7+IE9 testing, either on 32 nor 64bits. Maybe its an issue with Norton 360.

    Yes this has already been suggested somewhere else and we do have it in our backlog.
     
  18. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Yesterday adobe patched 25 vulnerabilities in flash player. Do you know how many of them were blocked by ExploitShield ?
     
  19. Steve_from_Iowa63

    Steve_from_Iowa63 Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    6
    Location:
    Southwest Iowa
    Since this seems to be a newly reported issue, I tried same test on my 64bit Asus Tower, also W7 and IE9, and Norton 360. Stopping and Starting did not crash any browsers, neither IE9 nor Chrome.

    I repeated test on my 64 bit HP Pavilion dv6 laptop, where problem occurred. I turned everything off I could in Norton 360. Had several IE9 browser sessions open and a Chrome session. Again, all IE9 browsers crashed. Chrome was fine.

    Seems truly odd that there would be a difference between these two machines. I update Windows regularly here. So, I will try to answer any questions you might have.
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Can you send me a DDS log of each of those 2 machines?
    --http://download.bleepingcomputer.com/sUBs/dds.scr
     
  21. Steve_from_Iowa63

    Steve_from_Iowa63 Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    6
    Location:
    Southwest Iowa
    I think I have found the difference. On my Asus tower, the IE9 sessions are all 32bit. On my laptop, the IE9 sessions are all 64 bit. So, my guess is, ExploitShield is crashing 64 bit versions of IE9 during "Start Protection". If you still need the log you mentioned, you will have to tell me how to provide it.
     
    Last edited: Oct 9, 2012
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    I just sent you an email. You might want to edit your post to delete your email address.
     
  24. Steve_from_Iowa63

    Steve_from_Iowa63 Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    6
    Location:
    Southwest Iowa
    I was able to replicate the problem on my other machine, simply by running the IE9 64bit version to create some browser sessions. Those browser sessions were crashed by Stopping and Starting Protection from the ExploitShield "General" tab.
     
  25. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    What's the bottom line here? I use SandBoxie for Browser security with my firefox. So this means I have to pick one or the other. Who's going to protect my firefox browser best for me, SB or this new ExploitShield?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.