Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
VoodooShield 6 - December 2020 Report
Message
<blockquote data-quote="danb" data-source="post: 922006" data-attributes="member: 62850"><p>Oops, sorry, I forgot to mention... 6.10 still has a VoodooAi threshold of .75 for unsigned files when VS is in the Relaxed Security Posture. I have since changed it to .5, and that will be included in all new releases. The .5 threshold will block these samples, but I imagine you guys would be able to find samples that are not over the .5 threshold <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />, so those would not be blocked. These samples would be extremely difficult to find, but I am certain they exist somewhere <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />.</p><p></p><p>You guys have helped tremendously to harden the Relaxed security posture, because it need hardening after implementing WLC and all of the VS 6.0 changes, so I wanted to say thank you very much! VS really has always been about the locked modes, and I never got around to hardening the lower security postures, so this all worked out really, really well!</p><p></p><p>I hope that everyone understands that even though the lower security postures are now hardened and fine tuned now, there is still a possibility to bypass VS in the lower security postures. That is just the way malware detection is <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />. Otherwise, everyone would just run VS in the relaxed security posture <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />.</p><p></p><p>We will probably do one more release before the public release, just to double check the last bypass. I hope to have that version in the next day or so... I am right in the middle of the code conversion and things are going to get really confusing if I am not careful <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />. Thanks again for all of your help!</p></blockquote><p></p>
[QUOTE="danb, post: 922006, member: 62850"] Oops, sorry, I forgot to mention... 6.10 still has a VoodooAi threshold of .75 for unsigned files when VS is in the Relaxed Security Posture. I have since changed it to .5, and that will be included in all new releases. The .5 threshold will block these samples, but I imagine you guys would be able to find samples that are not over the .5 threshold ;), so those would not be blocked. These samples would be extremely difficult to find, but I am certain they exist somewhere ;). You guys have helped tremendously to harden the Relaxed security posture, because it need hardening after implementing WLC and all of the VS 6.0 changes, so I wanted to say thank you very much! VS really has always been about the locked modes, and I never got around to hardening the lower security postures, so this all worked out really, really well! I hope that everyone understands that even though the lower security postures are now hardened and fine tuned now, there is still a possibility to bypass VS in the lower security postures. That is just the way malware detection is ;). Otherwise, everyone would just run VS in the relaxed security posture ;). We will probably do one more release before the public release, just to double check the last bypass. I hope to have that version in the next day or so... I am right in the middle of the code conversion and things are going to get really confusing if I am not careful ;). Thanks again for all of your help! [/QUOTE]
Insert quotes…
Verification
Post reply
Top
