- Apr 28, 2015
- 8,916
I recall in the past We had a signed jar in the Hub... 
VoodooShield 6 - December 2020 Report
- Thread starter harlan4096
- Start date
- May 31, 2017
- 1,725
Very interesting... you might be on to something there. When VS is ON it should block it either way, but we better test AutoPilot just to be sure.
I will sign one right now and see what happens. If you guys have a sample you want me to sign and test, I would be happy to.
Edit: my sig will not let me sign a .jar file, so hopefully we can find some already signed.
I will sign one right now and see what happens. If you guys have a sample you want me to sign and test, I would be happy to.
Edit: my sig will not let me sign a .jar file, so hopefully we can find some already signed.
- May 31, 2017
- 1,725
I just looked at this code segment in VS, and we would have to test to be sure, but the way the code is written for AutoPilot, if the sig can be verified then it will be auto allowed (bypass). If the sig cannot be verified it will be blocked. There are obviously other checks in place for AutoPilot, but for this particular scenario, it looks like it all comes down to whether the sig can be verified or not. Ultimately we need to test to be sure, but I love the way you guys are thinking!
- Apr 28, 2015
- 8,916
@danb: it would be interesting if quarantined files are stored with some kind of encrypting or compressed:
- May 31, 2017
- 1,725
Great point, thank you @harlan4096! What do you guys think is better, encrypting or compressing?
- Apr 28, 2015
- 8,916
Or compressed with a private key only known by the application 
- May 31, 2017
- 1,725
Thank you for the suggestion @harlan4096, I added encryption of quarantined files in this version...
VS 6.06e
SHA-256: c6721bdb861b9c772f1e1edf67686d75cecd9fe3d0fafb9e264d55b548013b80
There were a few other minor changes, but nothing that should affect testing.
VS 6.06e
SHA-256: c6721bdb861b9c772f1e1edf67686d75cecd9fe3d0fafb9e264d55b548013b80
There were a few other minor changes, but nothing that should affect testing.
- Apr 28, 2015
- 8,916
Ok, the 1st testing week just finished with Mode Free + AutoPilot...
@danb: would You like any specific VS mode to be tested? I just enabled Registered Mode... Always On? SmartMode?
@danb: would You like any specific VS mode to be tested? I just enabled Registered Mode... Always On? SmartMode?
- May 31, 2017
- 1,725
Sounds great, thank you! Maybe if you are just testing a couple samples a day, it might make sense to first test in Smart ON, then switch to AutoPilot and test again? But if you were just testing one one, I think AutoPilot makes the most sense.
- Mar 29, 2018
- 7,625
I agree because it's the mode most like an AV.
- May 31, 2017
- 1,725
Now that they are testing the Pro version, just for fun, they should try AutoPilot on the Relaxed Security Posture .
.
- Apr 28, 2015
- 8,916
- May 31, 2017
- 1,725
Hehehe, yeah, exactly... VS is quite relaxed in this setting, and I have always been curious how well it would do .
.
- Apr 28, 2015
- 8,916
- Apr 28, 2015
- 8,916
It seems today was not a good day for VS in the last malware pack testing, it had problems to stop some signed malware exe files...
Results coming soon...
Results coming soon...
- Apr 24, 2016
- 7,284
Can that be caused by the change to "Relaxed Security Posture" in VS settings?
- Apr 28, 2015
- 8,916
I still don't know, the truth is that VS tagged them as Safe in static scan, so when executed seems it let do them "almost" everytthing...
- Mar 29, 2018
- 7,625
@harlan4096 would you please indicate VS mode and posture in your test results? That would help readers to evaluate results. TIA!
Even with relaxed mode the file has to be labeled from whitelist cloud as safe. Atleast thats what the "relaxed mode" discription says. And since whitelist cloud should only allow known safe files im curious what happened
Attachments
Last edited:
- Apr 28, 2015
- 8,916
Similar threads
