void011

New Member
Joined
Nov 25, 2015
Messages
52
#1
A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.
VoodooAi extracts the features from each of the files, and uploads the raw data to the server. And actually, VoodooAi does not upload any files at all, just the metadata from the features that it extracts (which is why it is not slow). The data that it sends looks something like this: 0, 3, 63000, 1, 0... except the string is a log bigger than that ;). Also, no personal information is uploaded at all... just the string of numbers.
VoodooAi is not intended to replace VoodooShield, but rather to compliment it and most importantly to detect the unknowns and zero days
Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising :D
 
Last edited:

CMLew

Level 23
Verified
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#2
A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.

Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising :D
What happen if there is no connection? Does it going to work offline too?
 

void011

New Member
Joined
Nov 25, 2015
Messages
52
#3
It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary ;)
 

CMLew

Level 23
Verified
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#5
It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary ;)
Thanks for the explanation.
Unfortunately the product isn't suitable for me, since it would render the protection unusable at all if there is no protection, if that's how I see it.
 

void011

New Member
Joined
Nov 25, 2015
Messages
52
#6
@Anti-Malware Reviewer for now VoodooAi is just like an on-demand scanner, thus I think it wouldn't conflict with other existed security apps. I can confirm that it really works as I tested it with some samples from virus-exchange & clean files (though still many FPs, Voodoo team is finding resources of clean files as many as possible to train it as well as malicious files). They also plan to integrate VoodooAi into VoodooShield in future.
since it would render the protection unusable at all if there is no protection
Sorry I don't get what you mean..
 
Last edited:
Likes: Tornado

DracusNarcrym

Level 19
Verified
Joined
Oct 16, 2015
Messages
908
OS
Windows 10
Antivirus
Comodo
#7
This tool indeed looks promising.
I'd like to see or make a comparison of online executable analysis services, such as Valkyrie by COMODO and VoodooAi.
This type ofn technology is going to be an essential part of modern security solutions (apparently it already is for many products).
 

CMLew

Level 23
Verified
Joined
Oct 30, 2015
Messages
1,212
OS
Windows 10
Antivirus
Default-Deny
#8
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
 

SHvFl

Level 34
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,364
OS
Windows 10
#9
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
Yes scanner needs to connect to the voodooshild servers in order to work so you need an active internet connection.
 

void011

New Member
Joined
Nov 25, 2015
Messages
52
#11
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
Since it doesn't provide realtime protection you can use it as an on-demand scanner like ZemanaAM, HMP but no "remove/quarantine threat" button ;)
 

SHvFl

Level 34
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,364
OS
Windows 10
#12
Keep in mind tool still was not trained with a massive clean stuff list so it should improve in the future. Dev is looking for 25000+ clean files to train his software so if anyone has an idea where he can mass download them inform him i guess.
 
Likes: frogboy

DracusNarcrym

Level 19
Verified
Joined
Oct 16, 2015
Messages
908
OS
Windows 10
Antivirus
Comodo
#13
but no "remove/quarantine threat" button
You can always delete/remove the suspicious file(s) manually. :p
The most important part is actually detecting which file is malicious or not, in my opinion. The rest is routine procedure (kill malicious process locking the malicious file and then delete the file, or simply delete the file on reboot).
 
Last edited:

jamescv7

Level 61
Verified
Joined
Mar 15, 2011
Messages
12,638
OS
Windows 10
Antivirus
Microsoft
#14
Indeed a tool that can increase better detection and not too much rely on numerous engines at all, sometimes incorporating a method which is practical result to optimize more on performance. So as the description intended to use the internet for uploading the files and not as like BB/HIPS.