ZeroVulnerabilityLabs ExploitShield

Maybe WSA quashed the exploit first?

 

Unlikely as there were no logs about it. They probably failed as there was nothing to exploit.
But as you are a user of WSA and Z you may also want to try and confirm this behaviour.

 

This violates Kerckhoff's principle and does no good because someone *will* decompile the binary.

 

Many of the exploit URLs are of Blackhole 2.0, which track visiting IPs and won't serve the exploit on a second visit. Also you have to make sure the your blacklisting AV didn't block the exploit URL or any of its other URLs it pulls from. Finally sometimes you have to have the right combination of software installed (Java6 vs Java7, Acrobat9 vs Acrobat10, etc.).

On our ExploitShield Browser Edition webpage we offer some advice on how to test for exploits, which is quite more difficult than testing malware binaries.

 

Why not give us a beta version of corporate edition

 

Hi

Am running W7 64X, taskbar icon has disappeared ExploitShield64.exe is still running in task manager though.
Only thing I think that has changed is WSA-AV has updated versions

Thanx
Popcorn

 

I use WSA and have the latest version, but today I have the ES tray icon The problem is intermittent.

 

We are going to modify the startup method for beta2 (for non-admin accounts) and we will be taking a good look at this issue as well.

In the meantime simply kill the process and run it again and you should get the traybar icon and GUI.

 

When is the next beta scheduled to be released?

 

No schedule yet, still working on it. It shouldn't be longer than a few weeks.

 

When I try to kill the process in the Windows 7 x64 task manager I received an "access denied" message (logged in with Admin account).

 

Download and run ProcessExplorer as admin and you'll be able to kill it.

 

Thanks, I hadn't thought to try a different task manager. I was able to kill it with System Explorer.

 

Does the software needs update when the software it protects gets an update?

 

No it doesn't.

 

I'm using W7 and IE9, along with Norton 360.

When I'm in the General tab of ExploitShield 0.7, and Stop and then Start Protection, it will crash any brower sessions I have running. If this is necessary for your security product to start up correctly, then you might want to add a warning on that screen.

Also a question: Can you log when protection is started and stopped? Seems like it would be useful information for many reasons.

 

That's weird, we haven't encountered any such problems in our W7+IE9 testing, either on 32 nor 64bits. Maybe its an issue with Norton 360.

Yes this has already been suggested somewhere else and we do have it in our backlog.

 

Yesterday adobe patched 25 vulnerabilities in flash player. Do you know how many of them were blocked by ExploitShield ?

 

Since this seems to be a newly reported issue, I tried same test on my 64bit Asus Tower, also W7 and IE9, and Norton 360. Stopping and Starting did not crash any browsers, neither IE9 nor Chrome.

I repeated test on my 64 bit HP Pavilion dv6 laptop, where problem occurred. I turned everything off I could in Norton 360. Had several IE9 browser sessions open and a Chrome session. Again, all IE9 browsers crashed. Chrome was fine.

Seems truly odd that there would be a difference between these two machines. I update Windows regularly here. So, I will try to answer any questions you might have.

 

Can you send me a DDS log of each of those 2 machines?
--http://download.bleepingcomputer.com/sUBs/dds.scr

 

I think I have found the difference. On my Asus tower, the IE9 sessions are all 32bit. On my laptop, the IE9 sessions are all 64 bit. So, my guess is, ExploitShield is crashing 64 bit versions of IE9 during "Start Protection". If you still need the log you mentioned, you will have to tell me how to provide it.

 

You can find an updated list of known vulnerabilities which ExploitShield blocks in the following page:
http://www.zerovulnerabilitylabs.com/home/technology/success-stories-cve/

 

I just sent you an email. You might want to edit your post to delete your email address.

 

I was able to replicate the problem on my other machine, simply by running the IE9 64bit version to create some browser sessions. Those browser sessions were crashed by Stopping and Starting Protection from the ExploitShield "General" tab.

 

What's the bottom line here? I use SandBoxie for Browser security with my firefox. So this means I have to pick one or the other. Who's going to protect my firefox browser best for me, SB or this new ExploitShield?