See: http://www.zerovulnerabilitylabs.com/home/exploitshield/browser-edition/
Solution specially designed to detect attacks and exploits on Java, Internet Explorer en Flash Player. Detected all exploits of Blackhole Exploit-kit 2.0.
Can it be used next to avast (shields)?

polonus

Very interesting site polonus as I’ve never heard ExploitShield browser, however it still only beta stage at the moment I would rather wait until the final release is available.

Thanks for sharing Pal. ;D

No idea. Either try it or ask them: http://www.zerovulnerabilitylabs.com/forum/

Well my thoughts can be summed up in the first paragraph of the website:

[b]We are looking for beta testers[/b]. Active reporters will receive a complimentary license [i]once the product is released commercially[/i]. We are interested in detection and usability testing (see below for detailed information). You can read a list of known issues. Please provide all ExploitShield testing feedback directly to us via our Support Forum.

How it works is obviously a factor in if it is compatible or not, but I have to say I wouldn’t pay for it. Since the greatest majority of the exploits in their video are JAVA, remove JAVA and a high degree of exploitation is gone. Not to mention that avast has been pretty hot on exploits, added to that the conventional network and web shields; I can’t really see the requirement for this and I certainly wouldn’t buy it.

I installed it 2 days ago with No apparent issues.
Very silent.
Checking it out. If any issues appear I will let you all know 8)

@schmidthouse

Yep, it is silently sitting there. Logs say that 46 applications are being protected, for instance VLC Media Player and Google Chrome is now protected.
Just wait and see. I"ll report here about this bit of beta testing, I think this tool wiil be studied from front to end, as it seems a new concept from the developers,

pol

Hi schmidthouse,

Protected applications now stand at 99.
Compatible with existing antivirus and Internet security solutions.
ExploitShield Browser Edition is free for home users and non-profit organizations,

polonus

According to the support forum, the upgrade process has not been implemented yet.
So one will have to follow their web site RSS feeds for product updates before the “final” is released

99 apps ???
Any screenshot

Well schmidthouse, it now stands on 120. Found out that you should use supported user agents. So webbug is not supported, and Browzar is not supported either. But as I use Google Chrome and my wife uses fx, I am fine. Now running Fiddler under a browser session and will report of my findings.
See attached image.
The program works mainly on kernel level (129 functions involved), ExploitShi.exe functions as a separate component in the loader, works reading Code Identifiers in the registry, checks on GetProcessImageFileNameW to establish the Process Status, it has OWNZ crypter aboard to catch CPU exceptions such as “access violation, illegal instruction, divide by zero etc”" , and will alert these. All very interesting tool to observe…exception 0xc0000135 at 0x7c96478e found to support thuis assertion,

polonus

Known issues with this beta version according to their blog posting, posted by zork

1. Under LOGS, Export button is missing.

2. Uninstallation might not completely delete the %ProgramFiles%\ZeroVulnerabilityLabs\ExploitShield directory and contents as well as the HKLM\SOFTWARE\ZeroVulnerabilityLabs registry key.

3. When clicking on a link from a DOS mode (e.g. a game) and the default browser that opens is Internet Explorer, the link might not load.

4. ExploitShield does not run under a non-admin account under Windows XP.

5. ExploitShield runs under a non-admin account under Windows Vista/7/8 but does not show up as an icon under the traybar nor does it open its GUI.

6. After uninstalling and installing again ExploitShield will run but not protect. After uninstallation you need to perform a reboot before installing again for the ExploitShield library to be released correctly.

7. When blocking certain types of drive-by exploits empty entries in the GUI log might show up under certain circumstances.

8. The ExploitShield alert window may appear unresponsive for a few seconds. This is because exploit kits typically try a few different exploits in a row and the ExploitShield alert window is dynamic in nature and updates the “Application”, “Payload” and “Attacker” information in real-time.

9. In the General tab of the interface the counter “Shielded applications” may show an incorrect or negative number under certain circumstances. A workaround solution to this is to simply exit ExploitShield and execute it again.

10. If you stop ExploitShield from the traybar icon and then open the ExploitShield interface, the color label will still show as “Running”.

11. When clicking on a torrent link under Firefox (may happen with other browsers) ExploitShield shuts down unexpectedly.

polonus

Also discuused at Wilders Security. http://www.wilderssecurity.com/showthread.php?t=333127

Thanks. (The dev is active there.)

Adding to the list:

“An instance of ExploitShield could become unstable during a SAS scan, e.g. become unresponsive”. Correction. Computer Update Routine was being protected by Exploit Shield and during the following session completed third phase. I am very satisfied by this behavior of the program, because I had some problems there.
Good schmidthouse convinced me on testing this Californian made tool. Think I am going to like this OS kernel protection tool…

polonus

@Polonus, thank you very much for the information you have added.
I appreciate that

Checked the executable here: http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=166992&GHash=B220FA4722A44827BD4FFBB6756AC074

polonus

Interestingly, I am experiencing a lot more BS reaction (set to Ask) since ExploitShield has been installed. ???
And thats OK, it just interesting to see the BS so active when previously performing the same tasks, I hardly had any pop-ups from BS. 8)

For example:

Hi schmidthouse,

Yes, the last bs alert was when I opened Resource Hacker. Seems that Z is somehow enhancing or hardening.
From the logfile:
ZeroVulnerabilityLabs Loader <> Argument
2012-10-02 10:46:23 C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.exe
2012-10-02 10:46:23 ZeroVulnerabilityLabs Loader <> return TRUE (being evaluated http://systemexplorer.net/file-database/file/loader64-exe )
2012-10-02 10:46:24 ZeroVulnerabilityLabs ExploitShield <> Checking OS …
2012-10-02 10:46:25 ZeroVulnerabilityLabs ExploitShield <> Windows XXXX
2012-10-02 10:46:25 ZeroVulnerabilityLabs ExploitShield <> Standard xxx Edition
2012-10-02 10:46:26 [i] ExploitShield Driver is already Installed
2012-10-02 10:46:26 ZeroVulnerabilityLabs ExploitShield <> Checking OS …
2012-10-02 10:46:27 ZeroVulnerabilityLabs ExploitShield <> Windows XXXXX
2012-10-02 10:46:27 ZeroVulnerabilityLabs ExploitShield <> Standard xxx Edition
2012-10-02 10:46:31 [i] Starting Injection with: ExploitShield.dll
2012-10-02 10:46:31 C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield.dll
2012-10-02 11:06:07 ZeroVulnerabilityLabs ExploitShield <> Checking OS …
2012-10-02 11:06:07 ZeroVulnerabilityLabs ExploitShield <> Windows XXXXXXX
2012-10-02 11:06:07 ZeroVulnerabilityLabs ExploitShield <> Standard xXX Edition
2012-10-02 11:06:11 Google Chrome is now protected…

Interesting blog read: http://www.zerovulnerabilitylabs.com/home/blog/page/2/
See what was found in log data.dat…

polonus

“Seems that Z is somehow enhancing or hardening.”

Exactly what I assumed. “somehow” is the interesting addition:>