New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

ddave

ddave

Level 2
Verified
Nov 17, 2014
96
danb said:
Hey Guys,

Here is the first DefenderUI Pro version. DefenderUI Pro is not going to be compatible with VS since they offer a lot of the same protections. So if you prefer slightly more robust protection, you can run VS and DefenderUI Free.

Although ultimately (assuming things work out as planned), both DefenderUI and VS will have the same Anti-Malware and Anti-Exploit Contextual Engine, which is the main new feature I have been working on. It is similar to the VS anti-exploit mechanism, but utilizes a lot less code and should reduce unwanted blocks even further, while maintaining an even more robust security posture.

When I first created the original VS anti-exploit mechanism while I was on wilders, CET told me that one of our competitors told him it was not possible. Obviously it is possible since many products have adopted that tech now ;).

Wow, that was a long time ago… VoodooShield ?

But this new Anti-Malware and Anti-Exploit Contextual Engine tech is on an entirely different level, and it looks like it is going to work out extremely well. It might take a month or so to fine tune everything, but I think was are in amazing shape, and fine tuning will be super easy.

And actually, I have to admit, the first couple days of working on this new feature was so incredibly difficult and mind boggling, I almost gave up, thinking it was not possible. And really, the whole idea behind this new feature is that context means EVERYTHING in cybersecurity. For example, some people think that not knowing the parent process in an attack chain does not matter. Trust me, it does, and this is just one example.

You will find the new Pro features on the DefenderGuard tab, and they are active but not user adjustable yet, but they will be soon. I tried to keep the new options as simple as possible, for example, the Anti-Malware and Anti-Exploit Contextual Engine option also handles scripts, LOLBins, etc.

I promise you. Mark my words. The two most significant keys to solving cybersecurity are contextual engines and dynamic security postures.

Please let me know if you experience any unwanted blocks or are able to figure out a bypass. All of the blocks will be logged on our server, so that will help me to refine the contextual engine rules even more.

DefenderUI 0.90 beta
SHA-256: 62de4d2467259ce9451c145956ac7875f830c40f4279469c1e0f6f4fa831f219

Thank you guys!
Click to expand...
Just to understand, the new Anti-Malware and Anti-Exploit Contextual Engine will be ported to VS or not?
 
  • Like
Reactions: Gandalf_The_Grey, danb and [correlate]
F

ForgottenSeer 92963

danb said:
Hey Guys,

Here is the first DefenderUI Pro version. DefenderUI Pro is not going to be compatible with VS since they offer a lot of the same protections. So if you prefer slightly more robust protection, you can run VS and DefenderUI Free.

But this new Anti-Malware and Anti-Exploit Contextual Engine tech is on an entirely different level, and it looks like it is going to work out extremely well. It might take a month or so to fine tune everything, but I think was are in amazing shape, and fine tuning will be super easy.

I promise you. Mark my words. The two most significant keys to solving cybersecurity are contextual engines and dynamic security postures.

Thank you guys!
Click to expand...
Hey Dan,

I don't want to say "I told you so", but .... :)

Remember the talks we had in March 2017 when Avast was interested in your AI-engine and we did a test with loads of goodware and malware from the Avast top-techs? I remember you manually analyzed a few hundred samples (out of the 2500) which the Avast AI missed and Voodoo shield AI blocked (and of course the Avast top techs were telling VS was wrong).

You were disappointed that they had not manually analyzed the differences (but trusted their automated analysis). When spoke on the phone, I suggested to develop a special Microsoft Defender add-on version which would sell for about half the price of a paid AntiVirus and hurt them (AV companies) in their wallet. At that time you had more improvement ideas for VoodoooShield (the cloud whitelist and central console) than time to implement it.

Good to see you managed to develop a simular product: with VoodooShield Defender Pro :) (no pun intended, but I don' t want a DUI on my license), you are up for prime time.

Congrats (y)

Kees1958
 
Last edited by a moderator:
  • Like
Reactions: sypqys, danb, oldschool and 5 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
ddave said:
Just to understand, the new Anti-Malware and Anti-Exploit Contextual Engine will be ported to VS or not?
Click to expand...
Yes, assuming it proves to be killer, it will be ported to VS. I am 99.95% sure that it will turn out to be amazing, but something keeps telling me that it is not possible for something to be so simple and effective. But we will know soon :). There is absolutely nothing wrong with the VS code, but there is always a better way to build a mouse trap ;).
 
  • Like
Reactions: oldschool, Deletedmessiah, Moonhorse and 3 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Kees1958 said:
Hey Dan,

I don't want to say "I told you so", but .... :)

Remember the talks we had in March 2017 when Avast was interested in your AI-engine and we did a test with goodware and malware from the Avast top-techs? I remember you manually analyzed a few hundred samples which the Avast AI missed and Voodoo shield blocked (and offcourse Avast top techs were telling VS was wrong).

You were disappointed that they had not manually analyzed the differencest. When spoke on the phone, I suggested to develop a special Microsoft Defender add-on version which would sell for about half the price of a paid AntiVirus and hurt them (AV companies) in their wallet (yes I am a bad loser). At that time you had more improvement ideas for VoodoooShield (the cloud whitelist and central console) than time to implement it.

Good to see you managed: with VoodooShield Defender Companion (using contextual AI and the cloud whitelist), you are up for prime time.

Congrats (y)

Kees1958
Click to expand...
Hey Kees!

It is truly great to see you again!

I do remember you suggesting some kind of integration with MD, but at the time I was focused on proving to Avast that dynamic security postures was one of the keys to solving cybersecurity. And at the time I had no idea how it would work, or even if I was capable of such a thing back then.

Either way, I appreciate your help and input!

The only thing I regret is that when we talked to Avast is that we did not focus on dynamic security postures, and instead focused on VoodooAi. VoodooAi is okay, but it is easily reproducible, and probably not too difficult to make it better. The combo of WLC and VoodooAi is an entire different story. I think it would be difficult to find an engine that limits the bypasses and false positives like WLC does. Sure, it has false positives... but there is nothing wrong with confirming you want to run something.

Anyway, it really is great to talk to you again... we should skype sometime ;).
 
  • Like
  • Applause
Reactions: plat, Zartarra, oldschool and 5 others
ddave

ddave

Level 2
Verified
Nov 17, 2014
96
danb said:
Yes, assuming it proves to be killer, it will be ported to VS. I am 99.95% sure that it will turn out to be amazing, but something keeps telling me that it is not possible for something to be so simple and effective. But we will know soon :). There is absolutely nothing wrong with the VS code, but there is always a better way to build a mouse trap ;).
Click to expand...
I totally agree about the mouse trap :LOL:
So future release of defenderui free will have system and firewall hardening?
 
  • Like
Reactions: danb, Gandalf_The_Grey, Moonhorse and 1 other person
F

ForgottenSeer 92963

Yes,

I was also disappointed, in hindsight the focus should have been on what we could have learned (from each other), not on which was better (I should have disagreed with the procedure proposed by the Avast tech guys),

I later spoke to Ondrej, he said when his own top tech guys were not convinced, making it work, would take to much time to get it working. He had high expectations of VS, but as a CEO he had bigger fish in the ocean. Also as a general management principle he found it a bad idea to dictate his managers what to do, better to make an idea or goal their own idea/goal (and only overrule when the situation requires it).

To Ondrej's defence I later contacted him for another great product (made by David Heilig) and he again connected me to his top-techs (this time from the US-branch). That also did not work out due to IP-details. I must say, I have never met a CEO who is so open to improving his flagship product as Ondrej, he really is sympathetic and smart.

/K
 
Last edited by a moderator:
  • Like
Reactions: danb, oldschool, Deletedmessiah and 3 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Can someone post pictures of pro version / try it out?

Im running free version right now, but im kind of wanting to try pro out... but no idea how complicated it is fall from pro back to free , as i have only my main desktop available right now
 
  • Like
Reactions: danb, oldschool and [correlate]
F

ForgottenSeer 69673

Dan

How can I tell if a scan is running? The only way I can tell is by either looking at my hard drive LED being hit hard or looking at task manager.
Running DUI Pro

Thanks
Bruce
 
Last edited by a moderator:
  • Like
Reactions: danb and VecchioScarpone
codswollip

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Moonhorse said:
Can someone post pictures of pro version / try it out?
Click to expand...
z8pwIka.png

FRAtOMm.png
yQSynLX.png
n3nUDUl.png
hz3qi9q.png
 
Last edited:
  • Like
  • +Reputation
Reactions: Moonhorse, danb, VecchioScarpone and 4 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
VecchioScarpone said:
Cannot enable Prevent malware from ever infecting this system. Running DUI Pro b on Recommended Profile.
Click to expand...
Same thing. In fact, when I click on the toggle-button directly, it opens the VoodooShield website. No need to hit the little "i" up there.

Sorry Dan, just had to indulge some curiosity after all this time, so I installed it for a check. The UI is lovely and I have to tell you, it's kind of refreshing not to have to read some techno-jargon that makes me want to click down and out. It's all spelled out in plain language. Good idea to make Controlled Folder Access off by default. :rolleyes:

Thanks for this interesting software! (y)

Edit: when I want to Scan the system, it takes me to the "Custom" setting in Defender. Maybe make it "Quick" by default instead?
 
Last edited:
  • Like
Reactions: oldschool, danb and VecchioScarpone
VecchioScarpone

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
plat1098 said:
Same thing. In fact, when I click on the toggle-button directly, it opens the VoodooShield website. No need to hit the little "i" up there.
Click to expand...
to @Back3 also. Oops I did not read your post before posting this.

From :devilish:Dan:

The Prevent Malware from ever infecting this system, is kind of a joke and is meant to promote VS. So it is supposed to open voodooshield.com to let people know about VS ;).
 
  • Like
  • HaHa
  • Thanks
Reactions: Pat MacKnife, oldschool, danb and 1 other person
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
ddave said:
I totally agree about the mouse trap :LOL:
So future release of defenderui free will have system and firewall hardening?
Click to expand...
Well, it already has system hardening with the 3 new Pro features. We really need to keep it as simple as possible so I do not plan on making each script type, LOLBin, etc. its own separate option. To me, they should all be blocked unless certain contextual conditions are met. Unfortunately, users are not afforded the opportunity of choosing what file type or attack vector they are going to experience.

As far as firewall hardening goes, I do plan to implement that sometime in the near future. Although to me, firewall hardening is not nearly as important as properly blocking the malware before it ever gets a chance to execute. Thank you!
 
  • Like
Reactions: Zartarra, oldschool, ddave and 2 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Kees1958 said:
Yes,

I was also disappointed, in hindsight the focus should have been on what we could have learned (from each other), not on which was better (I should have disagreed with the procedure proposed by the Avast tech guys),

I later spoke to Ondrej, he said when his own top tech guys were not convinced, making it work, would take to much time to get it working. He had high expectations of VS, but as a CEO he had bigger fish in the ocean. Also as a general management principle he found it a bad idea to dictate his managers what to do, better to make an idea or goal their own idea/goal (and only overrule when the situation requires it).

To Ondrej's defence I later contacted him for another great product (made by David Heilig) and he again connected me to his top-techs (this time from the US-branch). That also did not work out due to IP-details. I must say, I have never met a CEO who is so open to improving his flagship product as Ondrej, he really is sympathetic and smart.

/K
Click to expand...
Yeah, later on I came to the realization that the malware analysis machines / sandboxes often fail to return the correct verdict because when they launch the malware to start the test, if any dependencies are missing, the file will not execute and so the malicious code will not execute. But that does not mean the file itself is not malicious. If the dependencies are available in a real world attack, then the system will be infected. I mean sandboxes are okay, but they are not foolproof, especially when the malware has anti-sandboxing capabilities. But yeah, I had totally forgotten about that. I manually analyzed hundreds of files over 3 or so days and slept like 3 hours a night. Wait, that is pretty much what I have been doing now ;).

Yeah, I totally agree, Ondrej is a great guy and super smart, and actually they were all great guys. You know someone is smart when they will take the time to listen to new ideas and new ways of doing things instead of acting like they already have all of the answers.

It would actually be super easy to implement dynamic security postures into any existing software. It took me 10 years to get it to that point, but it is super easy now. It only took like an hour to implement dynamic security postures (automatic toggling) into DefenderUI Pro.
 
  • Like
Reactions: oldschool, ForgottenSeer 92963, Back3 and 1 other person
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
ticklemefeet said:
Dan

How can I tell if a scan is running? The only way I can tell is by either looking at my hard drive LED being hit hard or looking at task manager.
Running DUI Pro

Thanks
Bruce
Click to expand...
Hmmm, great point. Do you think we should change the icon color when a scan is running? If not, do you have any other suggestions? Thank you!
 
  • Like
Reactions: oldschool, Back3 and Gandalf_The_Grey
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Telos said:
Some questions @danb
XAIK0KK.png
What is "Remove exclusions"... There seems to be nothing active in this window to trigger.
xdSnKiz.png
Dropdown menu isn't active.
bVyUTwI.png
How do I view Whitelist? Nothing present here, although I have allowed start-up executables.
Thanks!
Click to expand...
On the remove exclusions, you can click the white - sign and it will remove the exclusion.

The Threat Default Actions are not available when Tamper Protection is Enabled, so I am assuming that is what is up there.

We currently have no way to edit the whitelist, but I will implement that at some point. Thank you!
 
  • Like
Reactions: oldschool and Gandalf_The_Grey
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,719
Trooper said:
So how does one get to test this? Assume it is a closed beta?
Click to expand...
Hey Trooper, great to see you! You can just download it, I am going to post the latest version in a minute. The Pro version is going to be free for a very long time, probably at least 6 months (just a guess). And there is a chance that it will be free indefinitely, it depends on a lot of things.

The only important thing to remember is that the Free version works with VS, but the Pro version does not. Thank you!
 
  • Like
  • +Reputation
Reactions: oldschool, Brahman, Back3 and 1 other person

Similar threads

Shadowra
    • Like
    • Thanks
    • +Reputation
App Review Microsoft Defender Antivirus feat DefenderUI (Interactive Mode)
Replies
11
Views
2,879
Video Reviews - Security and Privacy
Shadowra
Shadowra
silversurfer
    • Like
    • Thanks
Opera GX is now available on the Microsoft Store
Replies
0
Views
1,286
Opera
silversurfer
silversurfer
fdsearchandrescue
  • Locked
malware problem out of control Its fast 10G of new data less then an hr
Replies
1
Views
2,528
Windows Malware Removal Help & Support
Ink
I

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top