Hi bob3160,
Well the clever thing is that the sofware consists of three separate parts in the software folder and is a stand-alone application protection tool for certain third party software applications that could be vulberable to zero day exploits. The three parts are the shield executable, a separate shield dll and the loader executable. The one does not work without the other, so advanced security achieved there. Api's are denied to run for security reasons. The processes that are being protected are constantly being monitored by the software against security breaches deep inside the OS on a kernel level, constantly being checked against the default situation. So when the malcode attempts to perform anything that seems specific performance of 0-day malcode, the ExploitShield software turns red for an alert, blocks and saves logs. Some protection gets locked as it is being protected when active, meaning when process is active. Adobe Reader is being protected, Foxit Reader, Microsoft Office Application, Windows Media Player, also VLC player, Winamp and QuickTime Player, Java, GoogleChrome, Firefox and Safari browsers and off course IE. The software is MS certified. When malware tries to write onto the computer without being initialezed by user intervention (typical gor malware performance) it is found up by the shield tool. Crypting and debugging is going on all of the time. It sits silently on the taskbar, a bit like you experienced with RUBotted. So all is contantly compared to a default situation and if not so alarm bells should ring. In my actual section on the computer 130 applications are being shielded. To early days to give a final verdict, but what I have seen is encouracing to try it out. Keep you all informed. You will sure like it.
Damian
