Malware Hub Report VoodooShield 6 - December 2020 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Very interesting... you might be on to something there. When VS is ON it should block it either way, but we better test AutoPilot just to be sure.

I will sign one right now and see what happens. If you guys have a sample you want me to sign and test, I would be happy to.

Edit: my sig will not let me sign a .jar file, so hopefully we can find some already signed.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I just looked at this code segment in VS, and we would have to test to be sure, but the way the code is written for AutoPilot, if the sig can be verified then it will be auto allowed (bypass). If the sig cannot be verified it will be blocked. There are obviously other checks in place for AutoPilot, but for this particular scenario, it looks like it all comes down to whether the sig can be verified or not. Ultimately we need to test to be sure, but I love the way you guys are thinking!
 

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
@danb: it would be interesting if quarantined files are stored with some kind of encrypting or compressed:

1607161440835.png
 

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
Ok, the 1st testing week just finished with Mode Free + AutoPilot...

@danb: would You like any specific VS mode to be tested? I just enabled Registered Mode... Always On? SmartMode?
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Sounds great, thank you! Maybe if you are just testing a couple samples a day, it might make sense to first test in Smart ON, then switch to AutoPilot and test again? But if you were just testing one one, I think AutoPilot makes the most sense.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top