New Update DefenderUI by VoodooShield - Turn on Hidden Security Features of Microsoft Defender

ddave

Level 2
Verified
Nov 17, 2014
87
Hey Guys,

Here is the first DefenderUI Pro version. DefenderUI Pro is not going to be compatible with VS since they offer a lot of the same protections. So if you prefer slightly more robust protection, you can run VS and DefenderUI Free.

Although ultimately (assuming things work out as planned), both DefenderUI and VS will have the same Anti-Malware and Anti-Exploit Contextual Engine, which is the main new feature I have been working on. It is similar to the VS anti-exploit mechanism, but utilizes a lot less code and should reduce unwanted blocks even further, while maintaining an even more robust security posture.

When I first created the original VS anti-exploit mechanism while I was on wilders, CET told me that one of our competitors told him it was not possible. Obviously it is possible since many products have adopted that tech now ;).

Wow, that was a long time ago… VoodooShield ?

But this new Anti-Malware and Anti-Exploit Contextual Engine tech is on an entirely different level, and it looks like it is going to work out extremely well. It might take a month or so to fine tune everything, but I think was are in amazing shape, and fine tuning will be super easy.

And actually, I have to admit, the first couple days of working on this new feature was so incredibly difficult and mind boggling, I almost gave up, thinking it was not possible. And really, the whole idea behind this new feature is that context means EVERYTHING in cybersecurity. For example, some people think that not knowing the parent process in an attack chain does not matter. Trust me, it does, and this is just one example.

You will find the new Pro features on the DefenderGuard tab, and they are active but not user adjustable yet, but they will be soon. I tried to keep the new options as simple as possible, for example, the Anti-Malware and Anti-Exploit Contextual Engine option also handles scripts, LOLBins, etc.

I promise you. Mark my words. The two most significant keys to solving cybersecurity are contextual engines and dynamic security postures.

Please let me know if you experience any unwanted blocks or are able to figure out a bypass. All of the blocks will be logged on our server, so that will help me to refine the contextual engine rules even more.

DefenderUI 0.90 beta
SHA-256: 62de4d2467259ce9451c145956ac7875f830c40f4279469c1e0f6f4fa831f219

Thank you guys!
Just to understand, the new Anti-Malware and Anti-Exploit Contextual Engine will be ported to VS or not?
 
F

ForgottenSeer 92963

Hey Guys,

Here is the first DefenderUI Pro version. DefenderUI Pro is not going to be compatible with VS since they offer a lot of the same protections. So if you prefer slightly more robust protection, you can run VS and DefenderUI Free.

But this new Anti-Malware and Anti-Exploit Contextual Engine tech is on an entirely different level, and it looks like it is going to work out extremely well. It might take a month or so to fine tune everything, but I think was are in amazing shape, and fine tuning will be super easy.

I promise you. Mark my words. The two most significant keys to solving cybersecurity are contextual engines and dynamic security postures.

Thank you guys!
Hey Dan,

I don't want to say "I told you so", but .... :)

Remember the talks we had in March 2017 when Avast was interested in your AI-engine and we did a test with loads of goodware and malware from the Avast top-techs? I remember you manually analyzed a few hundred samples (out of the 2500) which the Avast AI missed and Voodoo shield AI blocked (and of course the Avast top techs were telling VS was wrong).

You were disappointed that they had not manually analyzed the differences (but trusted their automated analysis). When spoke on the phone, I suggested to develop a special Microsoft Defender add-on version which would sell for about half the price of a paid AntiVirus and hurt them (AV companies) in their wallet. At that time you had more improvement ideas for VoodoooShield (the cloud whitelist and central console) than time to implement it.

Good to see you managed to develop a simular product: with VoodooShield Defender Pro :) (no pun intended, but I don' t want a DUI on my license), you are up for prime time.

Congrats (y)

Kees1958
 
Last edited by a moderator:

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Just to understand, the new Anti-Malware and Anti-Exploit Contextual Engine will be ported to VS or not?
Yes, assuming it proves to be killer, it will be ported to VS. I am 99.95% sure that it will turn out to be amazing, but something keeps telling me that it is not possible for something to be so simple and effective. But we will know soon :). There is absolutely nothing wrong with the VS code, but there is always a better way to build a mouse trap ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Hey Dan,

I don't want to say "I told you so", but .... :)

Remember the talks we had in March 2017 when Avast was interested in your AI-engine and we did a test with goodware and malware from the Avast top-techs? I remember you manually analyzed a few hundred samples which the Avast AI missed and Voodoo shield blocked (and offcourse Avast top techs were telling VS was wrong).

You were disappointed that they had not manually analyzed the differencest. When spoke on the phone, I suggested to develop a special Microsoft Defender add-on version which would sell for about half the price of a paid AntiVirus and hurt them (AV companies) in their wallet (yes I am a bad loser). At that time you had more improvement ideas for VoodoooShield (the cloud whitelist and central console) than time to implement it.

Good to see you managed: with VoodooShield Defender Companion (using contextual AI and the cloud whitelist), you are up for prime time.

Congrats (y)

Kees1958
Hey Kees!

It is truly great to see you again!

I do remember you suggesting some kind of integration with MD, but at the time I was focused on proving to Avast that dynamic security postures was one of the keys to solving cybersecurity. And at the time I had no idea how it would work, or even if I was capable of such a thing back then.

Either way, I appreciate your help and input!

The only thing I regret is that when we talked to Avast is that we did not focus on dynamic security postures, and instead focused on VoodooAi. VoodooAi is okay, but it is easily reproducible, and probably not too difficult to make it better. The combo of WLC and VoodooAi is an entire different story. I think it would be difficult to find an engine that limits the bypasses and false positives like WLC does. Sure, it has false positives... but there is nothing wrong with confirming you want to run something.

Anyway, it really is great to talk to you again... we should skype sometime ;).
 

ddave

Level 2
Verified
Nov 17, 2014
87
Yes, assuming it proves to be killer, it will be ported to VS. I am 99.95% sure that it will turn out to be amazing, but something keeps telling me that it is not possible for something to be so simple and effective. But we will know soon :). There is absolutely nothing wrong with the VS code, but there is always a better way to build a mouse trap ;).
I totally agree about the mouse trap :LOL:
So future release of defenderui free will have system and firewall hardening?
 
F

ForgottenSeer 92963

Yes,

I was also disappointed, in hindsight the focus should have been on what we could have learned (from each other), not on which was better (I should have disagreed with the procedure proposed by the Avast tech guys),

I later spoke to Ondrej, he said when his own top tech guys were not convinced, making it work, would take to much time to get it working. He had high expectations of VS, but as a CEO he had bigger fish in the ocean. Also as a general management principle he found it a bad idea to dictate his managers what to do, better to make an idea or goal their own idea/goal (and only overrule when the situation requires it).

To Ondrej's defence I later contacted him for another great product (made by David Heilig) and he again connected me to his top-techs (this time from the US-branch). That also did not work out due to IP-details. I must say, I have never met a CEO who is so open to improving his flagship product as Ondrej, he really is sympathetic and smart.

/K
 
Last edited by a moderator:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Can someone post pictures of pro version / try it out?

Im running free version right now, but im kind of wanting to try pro out... but no idea how complicated it is fall from pro back to free , as i have only my main desktop available right now
 
F

ForgottenSeer 69673

Dan

How can I tell if a scan is running? The only way I can tell is by either looking at my hard drive LED being hit hard or looking at task manager.
Running DUI Pro

Thanks
Bruce
 
Last edited by a moderator:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Can someone post pictures of pro version / try it out?
z8pwIka.png

FRAtOMm.png
yQSynLX.png
n3nUDUl.png
hz3qi9q.png
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Cannot enable Prevent malware from ever infecting this system. Running DUI Pro b on Recommended Profile.
Same thing. In fact, when I click on the toggle-button directly, it opens the VoodooShield website. No need to hit the little "i" up there.

Sorry Dan, just had to indulge some curiosity after all this time, so I installed it for a check. The UI is lovely and I have to tell you, it's kind of refreshing not to have to read some techno-jargon that makes me want to click down and out. It's all spelled out in plain language. Good idea to make Controlled Folder Access off by default. :rolleyes:

Thanks for this interesting software! (y)

Edit: when I want to Scan the system, it takes me to the "Custom" setting in Defender. Maybe make it "Quick" by default instead?
 
Last edited:

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Same thing. In fact, when I click on the toggle-button directly, it opens the VoodooShield website. No need to hit the little "i" up there.
to @Back3 also. Oops I did not read your post before posting this.

From :devilish:Dan:

The Prevent Malware from ever infecting this system, is kind of a joke and is meant to promote VS. So it is supposed to open voodooshield.com to let people know about VS ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I totally agree about the mouse trap :LOL:
So future release of defenderui free will have system and firewall hardening?
Well, it already has system hardening with the 3 new Pro features. We really need to keep it as simple as possible so I do not plan on making each script type, LOLBin, etc. its own separate option. To me, they should all be blocked unless certain contextual conditions are met. Unfortunately, users are not afforded the opportunity of choosing what file type or attack vector they are going to experience.

As far as firewall hardening goes, I do plan to implement that sometime in the near future. Although to me, firewall hardening is not nearly as important as properly blocking the malware before it ever gets a chance to execute. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Yes,

I was also disappointed, in hindsight the focus should have been on what we could have learned (from each other), not on which was better (I should have disagreed with the procedure proposed by the Avast tech guys),

I later spoke to Ondrej, he said when his own top tech guys were not convinced, making it work, would take to much time to get it working. He had high expectations of VS, but as a CEO he had bigger fish in the ocean. Also as a general management principle he found it a bad idea to dictate his managers what to do, better to make an idea or goal their own idea/goal (and only overrule when the situation requires it).

To Ondrej's defence I later contacted him for another great product (made by David Heilig) and he again connected me to his top-techs (this time from the US-branch). That also did not work out due to IP-details. I must say, I have never met a CEO who is so open to improving his flagship product as Ondrej, he really is sympathetic and smart.

/K
Yeah, later on I came to the realization that the malware analysis machines / sandboxes often fail to return the correct verdict because when they launch the malware to start the test, if any dependencies are missing, the file will not execute and so the malicious code will not execute. But that does not mean the file itself is not malicious. If the dependencies are available in a real world attack, then the system will be infected. I mean sandboxes are okay, but they are not foolproof, especially when the malware has anti-sandboxing capabilities. But yeah, I had totally forgotten about that. I manually analyzed hundreds of files over 3 or so days and slept like 3 hours a night. Wait, that is pretty much what I have been doing now ;).

Yeah, I totally agree, Ondrej is a great guy and super smart, and actually they were all great guys. You know someone is smart when they will take the time to listen to new ideas and new ways of doing things instead of acting like they already have all of the answers.

It would actually be super easy to implement dynamic security postures into any existing software. It took me 10 years to get it to that point, but it is super easy now. It only took like an hour to implement dynamic security postures (automatic toggling) into DefenderUI Pro.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Dan

How can I tell if a scan is running? The only way I can tell is by either looking at my hard drive LED being hit hard or looking at task manager.
Running DUI Pro

Thanks
Bruce
Hmmm, great point. Do you think we should change the icon color when a scan is running? If not, do you have any other suggestions? Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Some questions @danb
XAIK0KK.png
What is "Remove exclusions"... There seems to be nothing active in this window to trigger.
xdSnKiz.png
Dropdown menu isn't active.
bVyUTwI.png
How do I view Whitelist? Nothing present here, although I have allowed start-up executables.
Thanks!
On the remove exclusions, you can click the white - sign and it will remove the exclusion.

The Threat Default Actions are not available when Tamper Protection is Enabled, so I am assuming that is what is up there.

We currently have no way to edit the whitelist, but I will implement that at some point. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
So how does one get to test this? Assume it is a closed beta?
Hey Trooper, great to see you! You can just download it, I am going to post the latest version in a minute. The Pro version is going to be free for a very long time, probably at least 6 months (just a guess). And there is a chance that it will be free indefinitely, it depends on a lot of things.

The only important thing to remember is that the Free version works with VS, but the Pro version does not. Thank you!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top