How would one get passed voodoo shield?

[LukeNukesEm]

How would malware or viruses get passed voodoo shield? Just curious.

 

[SHvFl]

First the easier method is the user allowing something bad. Then we have running smart or autopilot and it fails to detect a virus, VS is exploited and finally by a method that VS doesn't protect from.

 

[Ink]

How would malware or viruses get passed voodoo shield? Just curious.

A vulnerability within VDS that can be exploited to bypass protection.

More commonly, user error.

 

[LukeNukesEm]

Luke, were a security themed site, this is a question for a very dif type of site, please don't pursue
this here. I could be wrong though, If I am a mod can delete this reply.

I was asking this to use whatever methods I can learn from how they would get passed voodoo shield. For example I now know to be more aware of what apps I allow with voodoo shield.

First the easier method is the user allowing something bad. Then we have running smart or autopilot and it fails to detect a virus, VS is exploited and finally by a method that VS doesn't protect from.

So if I were very aware of what I allow, voodoo shield practically makes me near bullet-proof?

 

[_CyberGhosT_]

I was asking this to use whatever methods I can learn from how they would get passed voodoo shield

Still poorly worded but VS is very secure, it is you who would be more likely to let something through than for VS to fail you Like Huracan points out.
Still even if a user here knew how to bypass VS, I assure you it would not be posted here.

 

[ExoGen CyberSecurity]

I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.

In conclusion, I exploit the user and the confusing alerts

 

[SHvFl]

So if I were very aware of what I allow, voodoo shield practically makes me near bullet-proof?

And you run always on mode then yes. Chance of getting infected gets low.

EDIT: Also if you have the premium version disable allow by parent process in advance settings.

 

[_CyberGhosT_]

I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.

In conclusion, I exploit the user and the confusing alerts

Not even close, Voodoo AI would most likely catch the payload, have you ever used VS before ?

 

[ExoGen CyberSecurity]

Not even close, Voodoo AI would most likely catch the payload, have you ever used VS before ?

Yes and Yes, like I said before you exploit the confusing alerts It's like any other security product (you don't even know what you install or what you allow).

Once you allow something, that is a bypass.

 

[_CyberGhosT_]

Yes and Yes, like I said before you exploit the confusing alerts It's like any other security product.

Once you allow something, that is a bypass.

The file approach would be more likely than not to fail, and you should know that if your familiar with VS.
now were back to "User Error"

 

[ExoGen CyberSecurity]

I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong

I'm using Comodo with the best settings you can have and you can still bypass it

The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.

 

[hjlbx]

Browser exploit that abuses whitelisted Windows processes - e.g. NET Framework, msiexec, etc - and \ or use memory exploits.

 

[_CyberGhosT_]

I don't know why you keep saying that I don't know how it works or that I'm not familiar with VoodooShield. Just because I said my point of view and you don't agree doesn't mean that I don't understand how it works or that I'm wrong

I'm using Comodo with the best settings you can have and you can still bypass it

The OP wanted to know some points of view and we gave him, it's not about how good this product is and how nothing can bypass it.

I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.
No software is 100% thats common knowledge.

 

[ExoGen CyberSecurity]

I will comment no further, but what I clearly stated is that "if your truly familiar" with VS then you should be aware that hiding a payload within a safe or whitelisted file, process, or folder will mostlikely fail due to VoodooShields AI, suggesting its a viable approach to bypassing VS in and of itself speaks volumes as to your experience with VS period, I infer nothing else.
No software is 100% thats common knowledge.

This is the same with any security product, the human factor is the most important because he/she must know what to allow or what to block, it's the same with firewalls and the list goes on. That's why you should always have a second opinion scanner if you use some type of Default Deny, HIPS and so on.

Also, that's why I never recommend a security product to anyone.

 

[askmark]

Browser exploit that abuses whitelisted Windows processes - e.g. NET Framework, msiexec, etc - and \ or use memory exploits.

My understanding from what Dan has said on the other forum is Web apps are protected and cannot run vulnerable system processes. Would that mitigate the risk of the type of exploit you are referring to?

 

[ExoGen CyberSecurity]

VoodooShield can't be bypassed by Browser attacks, from what I tested you can bypass VoodooShield if you do it yourself (I tested in Auto-Pilot), what I'm saying is if you click on the alert and allow it. There is a high chance that you can bypass it with sponsored type attacks or some type of gov attack (targeted for VoodooShield).

 

[_CyberGhosT_]

My understanding from what Dan has said on the other forum is Web apps are protected and cannot run vulnerable system processes. Would that mitigate the risk of the type of exploit you are referring to?

Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark

 

[askmark]

Very astute Mark and correct, the way he suggested to foil VS was misinformation and as a self proclaimed "advanced user"
this surprised me is all. Oh well I'm past it now.
Great post Mark

Thank you. Well, we can't have people who might read this thread think VS isn't a credible security layer to have on your PC. That would be an injustice.

 

[ZeroDay]

I would use a safe file to trick the user of installing the malware, once you allow something there is no other way of checking the file. So there you go. If you use it with BitDefender Free or other product that has IDS/BB it's a little harder.

In conclusion, I exploit the user and the confusing alerts

Can you provide a video demonstration? I'd be interested and it would help the Dev's too

 

[_CyberGhosT_]

Can you provide a video demonstration? I'd be interested and it would help the Dev's too

If he does I will invite Dan here to view it.
I'l post it up at Wilders too.