Advice Request Please help me set the best settings of VoodooShield Pro

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@shmu26

Thanks for these informations, Zemana AM Premium also uses cloud sandbox, should I duplicate these functions?
I must admit that I don't know much about how zemana sandbox works. I am sure someone else can give you input on that.
As for VS sandbox, @_CyberGhosT_ can probably tell you about it. I personally never submitted a file to cuckoo more than once or twice.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@shmu26

Thanks for these informations, Zemana AM Premium also uses cloud sandbox, should I duplicate these functions?
ZAM's pandora sandbox, I assume it is just an online sandbox they use to analyze malwares. I don't think it has anything to do with our computer. It increases the rate of FP and slightly improves detection rate but the rate of infection is still very high
you can enable pandora without any worry about duplication. I think they are complete 2 different things

VS according to the last time I use it. It has local sandbox and Cuckoo sandbox
- local sandbox utilizes windows virtualization feature to isolate the file and let it run. Only files WITHOUT admin right can run. It is inferior to sandboxie and other virtualization softwares but it's there so you can use it
- Cuckoo: online file analysis, similar to hybrid-analysis. It gives you the detail information about how the file works. It takes quite a lot of time to generate a report

Please correct me if I'm wrong

local.PNG
 
F

ForgottenSeer 58943

Zemana uses decentralized sandbox evaluation of files along with VT. I've found the computers that do this analysis are spread around the world in various locations, including what appears to be in homes. As noted in the Zemana forum here, I do not believe this is a secure method of operation as their sandboxes were easily exposed to the public using commonly available testing methods. Including the local machine name, OS, WAN IP address, internal IP address structure and other things.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
ZAM's pandora sandbox, I assume it is just an online sandbox they use to analyze malwares. I don't think it has anything to do with our computer. It increases the rate of FP and slightly improves detection rate but the rate of infection is still very high
you can enable pandora without any worry about duplication. I think they are complete 2 different things

VS according to the last time I use it. It has local sandbox and Cuckoo sandbox
- local sandbox utilizes windows virtualization feature to isolate the file and let it run. Only files WITHOUT admin right can run. It is inferior to sandboxie and other virtualization softwares but it's there so you can use it
- Cuckoo: online file analysis, similar to hybrid-analysis. It gives you the detail information about how the file works. It takes quite a lot of time to generate a report

Please correct me if I'm wrong

View attachment 174832
VS does not have local sandbox and does not use Windows virtualization AFAIK
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
VS does not have local sandbox and does not use Windows virtualization AFAIK
is it removed? maybe :rolleyes:. because it's not a frequently used feature. I can't confirm because I'm opting-out of all default-deny products for a while
 
  • Like
Reactions: vtqhtr413

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
is it removed? maybe :rolleyes:. because it's not a frequently used feature. I can't confirm because I'm opting-out of all default-deny products for a while
Hey, I just read your screenshot from VS, and it said exactly like you claimed. But I never see that option. Maybe the product has changed? Or maybe I somehow missed noticing this feature? I am confused. Maybe @danb or someone else can enlighten us.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
But anyways, to sum up about Zemana sandbox and VS sandbox: it does not sound like there is a conflict or overlap, like @Evyl's Rain said. VS sandbox is an extra way that the user can examine a suspicious file, if he wants to do so. It's not really what you would call a core element of VS.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hey, I just read your screenshot from VS, and it said exactly like you claimed. But I never see that option. Maybe the product has changed? Or maybe I somehow missed noticing this feature? I am confused. Maybe @danb or someone else can enlighten us.
Yeah, my bad, that option in VS for local sandbox is for sure there, but you can only see it if you first click on sandbox (which I almost never do), and then you can choose which kind of sandbox you want. Cool.
So I decided to go for local sandbox. And... nothing. The results never displayed, for some reason. Tried a couple times. Not sure what went wrong. But if I choose cuckoo sandbox, it works.
 

Jogos

Level 2
Thread author
Verified
Apr 9, 2017
62
Can anyone explain to me the exact differences between modes? (Training, Smart mode, Always ON), I read the manual but honestly did not explain much to me
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
In training mode, anything you run will be whitelisted, and that is its purpose, so don't run risky stuff in training mode.
Smart mode toggles to a higher level of protection when the user is active, and toggles to a lower level when there is no user input for a certain number of minutes.
Always on is like smart mode, but does not ever toggle to lower level. This might prevent certain windows functions from running.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
In addition to the settings suggestions posted so far... I also delete the whitelist snapshot entries when first installing. Just a bit of over-caution, but it works for me.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Guys, the future of voodooshield looks a bit unclear at the moment.
The dev has been talking about how a lot of things are up in the air, and he is no longer active on this forum, or any other forum that I know about. The main thread on this forum dealing with VS has been closed.
Just a heads up, seeing as certain elements of VS depend on cloud services that need to be maintained by the dev.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Has anyone ever used Training Mode?
Also last I heard when I had the slider set to max was to leave it in the middle, since Dan's AI was still learning. I may have missed him mentioning to set it higher now.
Yes for two weeks. Not sure if it helped though. :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top