Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
VoodooShield 6 - December 2020 Report
Message
<blockquote data-quote="danb" data-source="post: 922058" data-attributes="member: 62850"><p>I should explain a little better... the raw VoodooAi result for ransomware.exe was 66, even though the user prompt reported 100, and since it was below the former threshold of 75, it was allowed. The user prompt has some algos / decision trees that increase the VoodooAi result if other indicators are detected, simply as a precaution to discourage the user from allowing something potentially malicious... but this is LONG after the relaxed security posture would have allowed a bypass. So I was thinking... we might be able to move these other algos / decision trees to an early part of the code so they can be included in the security posture / autopilot decision to auto allow something. I will play around with it and see... it will be a few months before the VoodooAi / WLC is fully optimized (after replacing VT with WLC). And as I was saying, the tests you guys have performed has made HUGE steps in optimizing the new WLC integration, and I think we are getting close, but there might be a little tweak or two in the next few months.</p><p></p><p>I was not able to find a sample for ransomware.exe, but the version below has a raw VoodooAi threshold of 50 for unsigned files that bypasses SS (when on the Relaxed security posture), so it should block it... but if not please let me know <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />.</p><p></p><p>VS 6.11</p><p>[URL unfurl="true"]https://voodooshield.com/Download/InstallVoodooShield611.exe[/URL]</p><p>SHA-256: 89bf0b3c7e5fad4b55866b7d2b4c65c4e42a2024f2bfb01a0f6b8fe9cb97a840</p><p></p><p>BTW, the code conversion is going amazing. I was always reluctant to do it because I knew it would be a total mess. But I have to say, it is funny seeing squeaky clean VS code <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" />. The conversion streamlines and corrects the code in a very big way. And actually, a lot of the VS 6.0 code has already been streamlined and fixed while I have been playing around with converting the code the last few months... it found a lot of small bugs and made a lot of small optimizations.</p><p></p><p>Thanks again you guys, I really appreciate all of your help!</p></blockquote><p></p>
[QUOTE="danb, post: 922058, member: 62850"] I should explain a little better... the raw VoodooAi result for ransomware.exe was 66, even though the user prompt reported 100, and since it was below the former threshold of 75, it was allowed. The user prompt has some algos / decision trees that increase the VoodooAi result if other indicators are detected, simply as a precaution to discourage the user from allowing something potentially malicious... but this is LONG after the relaxed security posture would have allowed a bypass. So I was thinking... we might be able to move these other algos / decision trees to an early part of the code so they can be included in the security posture / autopilot decision to auto allow something. I will play around with it and see... it will be a few months before the VoodooAi / WLC is fully optimized (after replacing VT with WLC). And as I was saying, the tests you guys have performed has made HUGE steps in optimizing the new WLC integration, and I think we are getting close, but there might be a little tweak or two in the next few months. I was not able to find a sample for ransomware.exe, but the version below has a raw VoodooAi threshold of 50 for unsigned files that bypasses SS (when on the Relaxed security posture), so it should block it... but if not please let me know ;). VS 6.11 [URL unfurl="true"]https://voodooshield.com/Download/InstallVoodooShield611.exe[/URL] SHA-256: 89bf0b3c7e5fad4b55866b7d2b4c65c4e42a2024f2bfb01a0f6b8fe9cb97a840 BTW, the code conversion is going amazing. I was always reluctant to do it because I knew it would be a total mess. But I have to say, it is funny seeing squeaky clean VS code ;). The conversion streamlines and corrects the code in a very big way. And actually, a lot of the VS 6.0 code has already been streamlined and fixed while I have been playing around with converting the code the last few months... it found a lot of small bugs and made a lot of small optimizations. Thanks again you guys, I really appreciate all of your help! [/QUOTE]
Insert quotes…
Verification
Post reply
Top
