ExploitShield / Malwarebytes Anti-Exploit beta

[OXYGEN THIEF]

ExploitShield (ExploitShield Browser Edition) to nowa aplikacja (w wersji beta) do ochrony przeglądarek internetowych (Internet Explorer, Firefox, Chrome, Opera) i innych programów przed exploitami (znanymi jak i nieznanymi).
Lista obsługiwanych aplikacji:

Firefox

Google Chrome

Internet Explorer

Opera

Java

WebBrowser Components (PDF, FLASH, JAVA …)

Adobe Acrobat*

Adobe Reader*

Foxit Reader*

Microsoft Office Word*

Microsoft Office Excel*

Microsoft Office PowerPoint*

Windows Media Player (wmplayer)*

Windows Media Player (wmplayer2)*

VLC Player*

Winamp Player*

QuickTime Player**

ExploitShield (ExploitShield Browser Edition) działa automatycznie,nic nie trzeba konfigurować.Program jest darmowy.

Detection testing

The type of malicious behavior we are interested in testing is basically malicious drive-by download infections from exploit kits (Blackhole Exploit Kit, Phoenix, Incognito, Eleonore, Sakura, etc.). These type of exploit kits incorporate a variety of exploits for different vulnerable applications such as the browsers themselves, Java, Acrobat Reader, etc.

TESTING SETUP: We recommend running detection tests under a Virtual Machine. To ease detection testing beta testers might want to create a VM with older versions of vulnerable applications (IE, FF, Java, WMP, Acrobat, etc.) which can be downloaded from oldapps.com.

HOW TO TEST: In order to test exploits we recommend visiting exploit kits in-the-wild. Every day we post some fresh exploit kit URLs in our Malicious / Drive-by URLs forum. Note that in-the-wild URLs are short-lived, thus only a handful of the most recent entries might try to infect reliably. In order to test ExploitShield more reliably against vulnerability exploits we recommend using Metasploit. In order to reproduce in-the-wild exploits from drive-by Exploit Kits, the “windows/download_exec” payload should be used under Metasploit. To join the ExploitShield Corporate Edition private beta which blocks meterpreter and reverse shells type payloads please contact us.

WHAT NOT TO TEST: ExploitShield blocks exploitation of vulnerabilities by shielding applications. We do not intend to replace the antivirus or security suite but rather to complement and enhance it. Therefore manually downloading and executing a PE file (EXE, DLL, etc.) is not a valid test as it is the job of the antivirus to detect malicious binaries. The only exception are maliciously crafted PDF/DOC/XLS/PPT/etc documents that do exploit vulnerabilities in the host application (Acrobat Reader, Microsoft Word, Excel, etc.) and which should be blocked by ExploitShield Corporate Edition upon execution.


Usability testing

Usability testing encompasses using a shielded application while ExploitShield is running and using all its features to make sure no adverse effect is noticed. Testers should click and use all possible options of the shielded application, especially updating and upgrading of the applications. The list of applications we are interested in testing are the following:

Web browsers (Internet Explorer, Firefox, Chrome, Opera)
Media players (Windows Media Player, VLC, QuickTime, Winamp)
Microsoft Office (Word, Excel and Powerpoint)
PDF readers (Adobe Acrobat, Reader & Foxit Reader)

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

Info na Cnet o programie

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

Jednym z autorów programu ExploitShield (ExploitShield Browser Edition) jest Pedro Bustamante, jeden z pracownikow firmy Panda więc możemy się spodziewać naprawdę dobrego programu.

ExploitShield Browser Edition – to nowy bezpłatny program zabezpieczający którego zadaniem jest ochrona popularnych przeglądarek internetowych (Internet Explorer, Firefox, Chrome, Opera) jak i powiązanych z nimi programów przed znanymi jak i nieznanymi exploitami które wykorzystują błędy/luki w oprogramowaniu w celu przejęcia nad nimi kontroli.Tego typu ataki mogą zostać wykorzystane na przykład do zainfekowania systemu złośliwym oprogramowaniem które udaje program antywirusowy a jedynym jego celem jest wyłudzenie od nieświadomego użytkownika określonej sumy pieniędzy.

ExploitShield Browser Edition zapobiega takim atakom, stosując unikalne mechanizmy ochrony. Program uniemożliwia uruchomienie szkodliwego kodu nawet w przypadku gdy zainstalowany antywirus nie wykrywa go, więc spokojnie może stanowić świetne uzupełnienie dla zainstalowanego programu antywirusowego czy pakietu zabezpieczającego.

ExploitShield Browser Edition po instalacji nie wymaga żadnej dodatkowej konfiguracji, program działa automatycznie i w przypadku wykrycia i zablokowania niebezpiecznego działania zostanie wyświetlone specjalne okienko.ExploitShield Browser Edition jest bardzo lekki dla systemu (zużywa znikome ilości zasobów) i nie spowalnia komputera.Program chroni popularne przeglądarki internetowe jak i programy z nimi powiązane czyli Java, Flash, Schockwave, czytniki plików PDF, odtwarzacze multimedialne itp.

 

[OXYGEN THIEF]

Re: ExploitShield (ExploitShield Browser Edition) beta

ExploitShield Browser Edition 0.8

We are happy to announce the availability of ExploitShield Browser Edition version 0.8 (beta2). In this release of ExploitShield we have focused our efforts in improving the core engine as well as some basic usability improvements:

Improved detection of memory exploits
Improved detection of Java exploits
Improved prevention of false positives
Ability to run as a non-administrator user
Fixes for various bugs and crashes

In order to install ExploitShield Browser Edition 0.8 on top of the previous 0.7 version, simply download the new version and run the installer. It will automatically upgrade the previous version. IMPORTANT: make sure to close all your browsers prior to running the installation.

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[OXYGEN THIEF]

Re: ExploitShield (ExploitShield Browser Edition) beta

ExploitShield Corporate Edition Preview

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Kamelka]

Re: ExploitShield (ExploitShield Browser Edition) beta

Progsik przyda się mojemu teściowi. Kilka dni temu informatycy w firmie drugi raz usuneli mu paskudztwo z lapka, które chciało sto ojro.
Gdzie on mógł to załapać ??

 

[OXYGEN THIEF]

Re: ExploitShield (ExploitShield Browser Edition) beta

pewnie przez starą javę lub stary czytnik PDF od adobe bo te są podatne na ataki i mają masę dziur.ExploitShield nawet ten darmowy blokuje takie ataki.

 

[remool]

Re: ExploitShield (ExploitShield Browser Edition) beta

Gdzie on mógł to załapać ??

no jak to gdzie ...ciężko pracując

 

[OXYGEN THIEF]

Re: ExploitShield (ExploitShield Browser Edition) beta

ExploitShield Browser Edition 0.9

Today we are releasing a new version of ExploitShield Browser Edition, version 0.9.1. This version has undergone many improvements over version 0.8, mostly engine improvements.

Some of the key improvements are the following:

Expanded ExploitShield’s detection and blocking capabilities of advanced vulnerability exploits.
Integrated hooking mechanism lower into the Operating System to prevent potential bypasses.
Added quite a few new exploit detection techniques such as memory checks in order to detect and block exploits at an earlier stage.
Stopped ExploitShield from “calling home” every time there is an exploit blocking event.
Fixed usability bugs like the error when clicking on URL links when browser was closed.

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Anonymous]

Re: ExploitShield (ExploitShield Browser Edition) beta

świetny programik
bardzo dobry dodatek do zabezpieczeń

 

[OXYGEN THIEF]

Malwarebytes Anti-Exploit 0.9.2.1000 Beta

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[fluid]

Malwarebytes Anti-Exploit 0.9.3.1000 Beta

32

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

64

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

Fixed false positive with MS Word 2007 when saving as PDF.
· Fixed crash under IE10 with Google or Yahoo Toolbar.
· Fixed driver uninstallation during installation of new version.
· Fixed error creating Desktop shortcut during install (64bits).

 

[fluid]

Malwarebytes Anti-Exploit 0.10.0.1000 Beta

We've re-architected the underlying application so it now runs as a standard Windows Service instead of as a stand-alone EXE which used to be launched from the TaskScheduler. This new architecture means that MBAE now works in multi-user environments (multiple logged-on users and server environments) and it also limits the operations that non-admin users can perform. Therefore only admins can stop the protection, clear the logs or add/delete exclusions. There are many benefits to this new architecture, but one of the most visible ones is that it fixes the old disappearing traybar icon bug as well as some application crashes.
Under the new architecture there are a new set of log and auxiliary data files which can be found under the %AllUsersProfile% directory. Specifically under Windows XP this maps by default to C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Exploit and under Vista and above it maps to C:\ProgramData\Malwarebytes\Malwarebytes Anti-Exploit.If you are reporting a problem or bug, please ZIP or RAR the entire contents of the MBAE logs directory and attach it to your post.
In addition to the new architecture this new MBAE beta version also sports a new installer/uninstaller which can perform hot upgrades to new versions and which completely deletes its program directory when uninstalling. But please note hot-upgrades will only work from 0.10 and above. So if you still have a 0.09 build you will first need to uninstall it manually and then install the 0.10.0.1000 version. Once the next version of MBAE comes out you'll be able to perform the hot upgrade and won't have to manually uninstall anymore.

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[fluid]

Malwarebytes Anti-Exploit 0.10.3.0100 Beta

New Features:
Added protection for Office 2010 Starter Edition (cloud version).
Added protection for Foxit Reader PRO.
Added support to send alert and service events to syslog.
Added support for license ID and KEY.
Added support to manage custom shields via MBAE-CLI.EXE.
Added reporting of payload URL in mbae-alert.log.
Updated telemetry library.
Fixed bug with Windows Updates via IE under Windows XP.
Fixed bug with Windows 8.1 Update 1.
Fixed bug with application behavior protection.
Fixed bug with certain Java exclusions.
Fixed bug with certain Win7 hooks.
Fixed bug when upgrading to new version.
Fixed bug with log timestamps.
Fixed FP with Excel under certain conditions.
Fixed FP with Ginger Grammar Checker browser plugin.
Fixed FP with MacType IE11 plugin.
Fixed crash condition of Quicktime Player.
Fixed crash condition of MS Office under rare conditions.

Malwarebytes Anti-Exploit 1.05.1.1004 Beta

New Features:
Engine (DLL) code re-write to improve stability and compatibility.
Added Quarantine of blocked payloads from Layer3 detections.
Added details for default and custom shields.
New graphic user interface bitmaps.
New Shielded Apps counter which counts apps instead of processes.
Improvements:
Improved IPC communication between Service and protection DLL.
Improved management of 64bit processes by keeping mbae64.exe running.
Finetuned "other" custom shield profile to reduce potential FPs.
Adapted Foxit Reader default shield to shield the latest version.
Fixes:
Fixed injection driver to resolve conflicts with third-party applications.
Fixed multi-select and edit options in Shields and Exclusions tab.
Fixed traybar icon right-click bug under Windows 8.1.
Fixed UI closing when right-clicking on traybar icon.
Fixed issues with shielded apps counter with Chrome and Java.
Fixed bug when uninjecting under certain conditions.
Fixed remaining issues which caused Java FPs under certain conditions.
Fixed DoS condition in the MBAE driver.

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[fluid]

Malwarebytes Anti-Exploit 1.06.1.1012 RC1

New Features:
Added new Layer3 mitigations for IE, Java and Office.
Added default protection for more popular browsers.
Added Chromium-based browser application family.
Added new alert window with exploit details.
Added protection traybar tooltip notification.
Added advanced configuration of mitigations per family.
Added configuration for general settings.
Added browse button when adding custom shields.
Added new mechanism to reduce known false positives.
Added anonymous submission of blocked exploits.
Added confirmation window for file-format exploit submissions.
Added Premium notifications in Free/Trial builds.
Added support for Windows 10.
Improvements:
Improved upgrade process to maintain existing custom shields.
Improved visibility in GUI of Management Console exclusions.
Improved error and crash reporting.
Improved missing GUI notification for guest user accounts.
Improved managed installation to avoid Start Menu folder creation.
Fixes:
Fixed false positive with Word or Excel under certain conditions.
Fixed false positive with LoadLibrary exploit mitigation.
Fixed false positive with web-based Java applications.
Fixed bug with timestamp conversions.
Fixed bug which could cause protection to stop during startup.
Fixed bug whereby LUA could start/stop protection.

Spoiler: pokaż

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[fluid]

Malwarebytes Anti-Exploit 1.09.1.1175 Beta

New Features:
Hardened and more secure API hooking framework
Added self protection mechanisms
Added Layer3 techniques against Macro exploits
Added Layer3 techniques against social engineering exploits
Added Java advanced configuration options for companies
Fixes:
Fixed conflict Symantec DLP
Fixed conflict Chinese banking software
Fixed conflict Office TabLoader

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Jarom]

Malwarebytes Anti-Exploit 1.10.1.41 Beta

New Features:

• Added Dynamic Hooking Feature to manage conflicts
• Opened up Premium shields to Free users as part of MBAE Beta
• Opened up addition of custom shields feature to Free users as part of MBAE Beta

Fixes:

• Fixed dll uninjection issues resulting in ghost process
• Fixed dll uninjection issues with chrome extensions
• Fixed false positive with FLTLDR.exe
• Fixed false positive with QTTabBar plugin in Opera

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!