Author Topic: Can ExploitShield browser version be used next to avast resident av? (Read 66452 times)

polonus · « **on:** October 01, 2012, 12:55:03 PM »

See: http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/
Solution specially designed to detect attacks and exploits on Java, Internet Explorer en Flash Player. Detected all exploits of Blackhole Exploit-kit 2.0.
Can it be used next to avast (shields)?

polonus

SpeedyPC · « **Reply #1 on:** October 01, 2012, 04:09:37 PM »

Very interesting site polonus as I've never heard ExploitShield browser, however it still only beta stage at the moment I would rather wait until the final release is available.

Thanks for sharing Pal.

Asyn · « **Reply #2 on:** October 01, 2012, 04:14:39 PM »

Quote from: polonus on October 01, 2012, 12:55:03 PM

Can it be used next to avast (shields)?

No idea. Either try it or ask them: http://www.zerovulnerabilitylabs.com/forum/

DavidR · « **Reply #3 on:** October 01, 2012, 04:28:58 PM »

Well my thoughts can be summed up in the first paragraph of the website:

Quote

We are looking for beta testers. Active reporters will receive a complimentary license once the product is released commercially. We are interested in detection and usability testing (see below for detailed information). You can read a list of known issues. Please provide all ExploitShield testing feedback directly to us via our Support Forum.

How it works is obviously a factor in if it is compatible or not, but I have to say I wouldn't pay for it. Since the greatest majority of the exploits in their video are JAVA, remove JAVA and a high degree of exploitation is gone. Not to mention that avast has been pretty hot on exploits, added to that the conventional network and web shields; I can't really see the requirement for this and I certainly wouldn't buy it.

schmidthouse · « **Reply #4 on:** October 01, 2012, 05:32:18 PM »

I installed it 2 days ago with No apparent issues.
Very silent.

Checking it out. If any issues appear I will let you all know

polonus · « **Reply #5 on:** October 01, 2012, 06:28:59 PM »

@schmidthouse

Yep, it is silently sitting there. Logs say that 46 applications are being protected, for instance VLC Media Player and Google Chrome is now protected.
Just wait and see. I"ll report here about this bit of beta testing, I think this tool wiil be studied from front to end, as it seems a new concept from the developers,

pol

schmidthouse · « **Reply #6 on:** October 01, 2012, 06:34:42 PM »

Quote from: polonus on October 01, 2012, 06:28:59 PM

@schmidthouse

Yep, it is silently sitting there. Logs say that 46 applications are being protected, for instance VLC Media Player and Google Chrome is now protected.
Just wait and see. I"ll report here about this bit of beta testing, I think this tool wiil be studied from front to end, as it seems a new concept from the developers,

pol

polonus · « **Reply #7 on:** October 01, 2012, 07:49:24 PM »

Hi schmidthouse,

Protected applications now stand at 99.
Compatible with existing antivirus and Internet security solutions.
ExploitShield Browser Edition is free for home users and non-profit organizations,

polonus

schmidthouse · « **Reply #8 on:** October 01, 2012, 07:56:49 PM »

Quote from: polonus on October 01, 2012, 07:49:24 PM

Hi schmidthouse,

Protected applications now stand at 99.
Compatible with existing antivirus and Internet security solutions.
ExploitShield Browser Edition is free for home users and non-profit organizations,

polonus

According to the support forum, the upgrade process has not been implemented yet.
So one will have to follow their web site RSS feeds for product updates before the "final" is released

schmidthouse · « **Reply #9 on:** October 01, 2012, 08:09:21 PM »

Quote from: polonus on October 01, 2012, 07:49:24 PM

Hi schmidthouse,

Protected applications now stand at 99.
Compatible with existing antivirus and Internet security solutions.
ExploitShield Browser Edition is free for home users and non-profit organizations,

polonus

99 apps

Any screenshot

polonus · « **Reply #10 on:** October 01, 2012, 08:25:51 PM »

Well schmidthouse, it now stands on 120. Found out that you should use supported user agents. So webbug is not supported, and Browzar is not supported either. But as I use Google Chrome and my wife uses fx, I am fine. Now running Fiddler under a browser session and will report of my findings.
See attached image.
The program works mainly on kernel level (129 functions involved), ExploitShi.exe functions as a separate component in the loader, works reading Code Identifiers in the registry, checks on GetProcessImageFileNameW to establish the Process Status, it has OWNZ crypter aboard to catch CPU exceptions such as "access violation, illegal instruction, divide by zero etc"" , and will alert these. All very interesting tool to observe...exception 0xc0000135 at 0x7c96478e found to support thuis assertion,

polonus

polonus · « **Reply #11 on:** October 02, 2012, 12:01:35 AM »

Known issues with this beta version according to their blog posting, posted by zork

Quote

1. Under LOGS, Export button is missing.

2. Uninstallation might not completely delete the %ProgramFiles%\ZeroVulnerabilityLabs\ExploitShield directory and contents as well as the HKLM\SOFTWARE\ZeroVulnerabilityLabs registry key.

3. When clicking on a link from a DOS mode (e.g. a game) and the default browser that opens is Internet Explorer, the link might not load.

4. ExploitShield does not run under a non-admin account under Windows XP.

5. ExploitShield runs under a non-admin account under Windows Vista/7/8 but does not show up as an icon under the traybar nor does it open its GUI.

6. After uninstalling and installing again ExploitShield will run but not protect. After uninstallation you need to perform a reboot before installing again for the ExploitShield library to be released correctly.

7. When blocking certain types of drive-by exploits empty entries in the GUI log might show up under certain circumstances.

8. The ExploitShield alert window may appear unresponsive for a few seconds. This is because exploit kits typically try a few different exploits in a row and the ExploitShield alert window is dynamic in nature and updates the "Application", "Payload" and "Attacker" information in real-time.

9. In the General tab of the interface the counter "Shielded applications" may show an incorrect or negative number under certain circumstances. A workaround solution to this is to simply exit ExploitShield and execute it again.

10. If you stop ExploitShield from the traybar icon and then open the ExploitShield interface, the color label will still show as "Running".

11. When clicking on a torrent link under Firefox (may happen with other browsers) ExploitShield shuts down unexpectedly.

polonus

Hardtek1976 · « **Reply #12 on:** October 02, 2012, 02:33:40 AM »

Also discuused at Wilders Security. http://www.wilderssecurity.com/showthread.php?t=333127

Asyn · « **Reply #13 on:** October 02, 2012, 07:48:42 AM »

Quote from: Hardtek1976 on October 02, 2012, 02:33:40 AM

Also discuused at Wilders Security. http://www.wilderssecurity.com/showthread.php?t=333127

Thanks. (The dev is active there.)

polonus · « **Reply #14 on:** October 02, 2012, 10:23:45 AM »

Adding to the list:

"An instance of ExploitShield could become unstable during a SAS scan, e.g. become unresponsive". Correction. Computer Update Routine was being protected by Exploit Shield and during the following session completed third phase. I am very satisfied by this behavior of the program, because I had some problems there.
Good schmidthouse convinced me on testing this Californian made tool. Think I am going to like this OS kernel protection tool....

polonus