Malware Hub Report VoodooShield 6 - December 2020 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,089
6,366
Very interesting... you might be on to something there. When VS is ON it should block it either way, but we better test AutoPilot just to be sure.

I will sign one right now and see what happens. If you guys have a sample you want me to sign and test, I would be happy to.

Edit: my sig will not let me sign a .jar file, so hopefully we can find some already signed.
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,089
6,366
I just looked at this code segment in VS, and we would have to test to be sure, but the way the code is written for AutoPilot, if the sig can be verified then it will be auto allowed (bypass). If the sig cannot be verified it will be blocked. There are obviously other checks in place for AutoPilot, but for this particular scenario, it looks like it all comes down to whether the sig can be verified or not. Ultimately we need to test to be sure, but I love the way you guys are thinking!
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,444
68,651
  • Thread starter
  • Moderator
  • #28
Ok, the 1st testing week just finished with Mode Free + AutoPilot...

@danb: would You like any specific VS mode to be tested? I just enabled Registered Mode... Always On? SmartMode?
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,089
6,366
Sounds great, thank you! Maybe if you are just testing a couple samples a day, it might make sense to first test in Smart ON, then switch to AutoPilot and test again? But if you were just testing one one, I think AutoPilot makes the most sense.
 

Freki123

Level 9
Verified
Aug 10, 2013
404
1,437
Even with relaxed mode the file has to be labeled from whitelist cloud as safe. Atleast thats what the "relaxed mode" discription says. And since whitelist cloud should only allow known safe files im curious what happened :)
 

Attachments

  • Untitled - Copy.jpg
    Untitled - Copy.jpg
    167.6 KB · Views: 31
Last edited:
Top