Q&A Please help me set the best settings of VoodooShield Pro

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#21
@shmu26

Thanks for these informations, Zemana AM Premium also uses cloud sandbox, should I duplicate these functions?
I must admit that I don't know much about how zemana sandbox works. I am sure someone else can give you input on that.
As for VS sandbox, @_CyberGhosT_ can probably tell you about it. I personally never submitted a file to cuckoo more than once or twice.
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,715
OS
Windows 8.1
Antivirus
Avast
#22
@shmu26

Thanks for these informations, Zemana AM Premium also uses cloud sandbox, should I duplicate these functions?
ZAM's pandora sandbox, I assume it is just an online sandbox they use to analyze malwares. I don't think it has anything to do with our computer. It increases the rate of FP and slightly improves detection rate but the rate of infection is still very high
you can enable pandora without any worry about duplication. I think they are complete 2 different things

VS according to the last time I use it. It has local sandbox and Cuckoo sandbox
- local sandbox utilizes windows virtualization feature to isolate the file and let it run. Only files WITHOUT admin right can run. It is inferior to sandboxie and other virtualization softwares but it's there so you can use it
- Cuckoo: online file analysis, similar to hybrid-analysis. It gives you the detail information about how the file works. It takes quite a lot of time to generate a report

Please correct me if I'm wrong

local.PNG
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#23
Zemana uses decentralized sandbox evaluation of files along with VT. I've found the computers that do this analysis are spread around the world in various locations, including what appears to be in homes. As noted in the Zemana forum here, I do not believe this is a secure method of operation as their sandboxes were easily exposed to the public using commonly available testing methods. Including the local machine name, OS, WAN IP address, internal IP address structure and other things.
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#24
ZAM's pandora sandbox, I assume it is just an online sandbox they use to analyze malwares. I don't think it has anything to do with our computer. It increases the rate of FP and slightly improves detection rate but the rate of infection is still very high
you can enable pandora without any worry about duplication. I think they are complete 2 different things

VS according to the last time I use it. It has local sandbox and Cuckoo sandbox
- local sandbox utilizes windows virtualization feature to isolate the file and let it run. Only files WITHOUT admin right can run. It is inferior to sandboxie and other virtualization softwares but it's there so you can use it
- Cuckoo: online file analysis, similar to hybrid-analysis. It gives you the detail information about how the file works. It takes quite a lot of time to generate a report

Please correct me if I'm wrong

View attachment 174832
VS does not have local sandbox and does not use Windows virtualization AFAIK
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,715
OS
Windows 8.1
Antivirus
Avast
#25
VS does not have local sandbox and does not use Windows virtualization AFAIK
is it removed? maybe :rolleyes:. because it's not a frequently used feature. I can't confirm because I'm opting-out of all default-deny products for a while
 
Likes: BryanB

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#26
is it removed? maybe :rolleyes:. because it's not a frequently used feature. I can't confirm because I'm opting-out of all default-deny products for a while
Hey, I just read your screenshot from VS, and it said exactly like you claimed. But I never see that option. Maybe the product has changed? Or maybe I somehow missed noticing this feature? I am confused. Maybe @danb or someone else can enlighten us.
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#27
But anyways, to sum up about Zemana sandbox and VS sandbox: it does not sound like there is a conflict or overlap, like @Evyl's Rain said. VS sandbox is an extra way that the user can examine a suspicious file, if he wants to do so. It's not really what you would call a core element of VS.
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#28
Hey, I just read your screenshot from VS, and it said exactly like you claimed. But I never see that option. Maybe the product has changed? Or maybe I somehow missed noticing this feature? I am confused. Maybe @danb or someone else can enlighten us.
Yeah, my bad, that option in VS for local sandbox is for sure there, but you can only see it if you first click on sandbox (which I almost never do), and then you can choose which kind of sandbox you want. Cool.
So I decided to go for local sandbox. And... nothing. The results never displayed, for some reason. Tried a couple times. Not sure what went wrong. But if I choose cuckoo sandbox, it works.
 

Jogos

Level 2
Joined
Apr 9, 2017
Messages
56
OS
Windows 8.1
Antivirus
Panda
#30
Can anyone explain to me the exact differences between modes? (Training, Smart mode, Always ON), I read the manual but honestly did not explain much to me
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#31
In training mode, anything you run will be whitelisted, and that is its purpose, so don't run risky stuff in training mode.
Smart mode toggles to a higher level of protection when the user is active, and toggles to a lower level when there is no user input for a certain number of minutes.
Always on is like smart mode, but does not ever toggle to lower level. This might prevent certain windows functions from running.
 

Telos

Level 11
Verified
Joined
Jan 29, 2017
Messages
548
#32
In addition to the settings suggestions posted so far... I also delete the whitelist snapshot entries when first installing. Just a bit of over-caution, but it works for me.
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#33
Guys, the future of voodooshield looks a bit unclear at the moment.
The dev has been talking about how a lot of things are up in the air, and he is no longer active on this forum, or any other forum that I know about. The main thread on this forum dealing with VS has been closed.
Just a heads up, seeing as certain elements of VS depend on cloud services that need to be maintained by the dev.
 

frogboy

Level 75
Verified
Joined
Jun 9, 2013
Messages
6,499
OS
Windows 10
Antivirus
Emsisoft
#34
Has anyone ever used Training Mode?
Also last I heard when I had the slider set to max was to leave it in the middle, since Dan's AI was still learning. I may have missed him mentioning to set it higher now.
Yes for two weeks. Not sure if it helped though. :)