notabot

Level 14
Does voodooshield monitor parent-child process relationships?

I’m interested eg in a post exploit situation where Firefox has been compromised, can it detect & block a compromised Firefox from eg running cmd or rundll32 ( or any other lolbin ) ? - without entirely blocking cmd.exe ofc , just based on parent-child relationships
 

notabot

Level 14
You mean something like this? View attachment 223054
Can Voodooshield be made to ignore signatures ?

If so, that looks great actually. So fully hardened Windows native security combined with Voodooshield ( as WDAG lacks a useable UI.. ) would pretty much stop most attack vectors, assuming the user uses UWP/Sandboxed apps.

I can only see
1. Kernel-level exploits
2. Scenarios where the exploited app is trusted and instead of leveraging child processes, leverages dlls

1. Can’t be stopped anyhow and while 2. is an attack that would not be stopped, it is a reasonable hole to leave open for a home system.
 

oldschool

Level 36
Verified
Can Voodooshield be made to ignore signatures ?
You may un-check "Automatically allow items that match a digital signature in the whitelist snapshot". Just be ready for a much more vocal VS. :eek:

So fully hardened Windows native security combined with Voodooshield ( as WDAG lacks a useable UI.. ) would pretty much stop most attack vectors, assuming the user uses UWP/Sandboxed apps.
Yes, most attack vectors. There are definitely users who use only VS and OS hardening, including firewall hardening. ;) It all depends on the user. And depending on your browser setup (which browser, extensions, etc.) your browsing speed will be lightening fast!(y)
 
Can Voodooshield be made to ignore signatures ?
I did some screenshots. You can see the functions there. I left "quarantine(obvl what it is) and Register" page.Nothing special there only my key for the pro version to see there :D
 

Attachments

notabot

Level 14
I did some screenshots. You can see the functions there. I left "quarantine(obvl what it is) and Register" page.Nothing special there only my key for the pro version to see there :D
Thanks ! I like that it centers security around web apps which are tightly controlled, this is the setup to wanted do with WDAG alas without a reasonable UI, this will take a lot of time and it won’t be maintainable
 

notabot

Level 14
It pretty much ticks all the boxes as a WDAG replacement, only worry is the kernel driver and the supply chain risk that comes with a small vendor . I’ll think about it and maybe I’ll give it a go.

Stability-wise how has it managed so far with Windows updates and releases ?
 

notabot

Level 14
You are most welcome. One need not be a fanboy to experiment with or use VS. Just realize its strengths and weaknesses. It should be getting stronger protection in an upcoming update which will add the new Whitelist Cloud feature. It will be that much stronger out-of-the-box.
Have they said when they’ll release this feature ?
 

oldschool

Level 36
Verified
Have they said when they’ll release this feature ?
It's being finished now and should be out fairly soon, except Dan has his sense of time (only kidding Dan! :)) :

This was his post:

"Hey guys, sorry I have been away, things have been crazy.

I will catch up on the posts and emails asap.

Hopefully VS 5.02 will be ready in a couple of days. There are no major new features, just a couple of small bug fixes and the Web Management Console integration should be fully working."


Have they said when they’ll release this feature ?
I was too hasty copying above. Here is his post on WLC:

"...This vulnerability was first disclosed by a competitor here: mbr encrypt test short - Streamable, which is what started the wheels in my head turning for WhitelistCloud, which turned out amazing, and will be implemented into VS soon. I sincerely thank the people responsible for the streamable video, you only made VS stronger… as you have done many, many, many times in the past. ..."