Update VoodooShield 7.0

Thread Tags
  1. Developer is currently beta testing this product.

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
6.76. I didn't have cloud activated. Maybe that's it. I've had a few other pop-ups (Joplin and Bitwarden, and one portable app).
Yeah, it depends on A LOT of things, hence the term Dynamic Security Postures ;). Did VS block the TB installer or the installed TB from Program Files?
 

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
Challenge accepted :cool:

You let me recode Origami entirely, I have a little idea :D
Absolutely!

BTW, another good option to explore is malware with a signed EV cert. @harlan4096 and a couple other guys helped me to refine the old version of VS to effectively block signed malware, but A LOT has changed since then. I think everything is right in the new version, but we will not know for sure until we find bypasses. Thanks again!
 

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
The installed copy.

Just now I get an alert from Conhost. Completely undecipherable what this is doing, but it occurred while Symenu was updating a portable app, so I have to hope that's why it appeared.
Yeah, portable apps are cool but they are also problematic in cybersecurity for a lot of reasons. There is a reason God created the Program Files folder ;). I know a lot of people who use portable apps put all of their portable apps in one folder and run them from the one folder. They also create exceptions in their AV and create a rule in VS to always allow items in that folder.

Having said that, in a few days I will be applying some of the rules in the contextual engine that currently only apply to the Program Files folders to other areas on the OS, mainly what I call the safe user space. Which are the main user space folders like Documents, Desktop, Pictures, Videos, etc., but obliviously does not include folders like AppData. I am taking my time and thinking this through because it has to be done correctly.
 

Telos

Level 22
Verified
Top poster
Content Creator
Well-known
Jan 29, 2017
1,127
in a few days I will be applying some of the rules in the contextual engine that currently only apply to the Program Files folders to other areas on the OS, mainly what I call the safe user space.
This is good to hear as I have many programs installed outside the OS partition as well as the system folders: Downloads, Documents, Pictures... on yet another partition.

EDIT1: and 2 more blocks... Symenu and SUMo (not portable)
EDIT2: Wonderfox DVD Video Converter, Wonderfox DVD Video Converter Installer blocked
 
Last edited:

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
This is good to hear as I have many programs installed outside the OS partition as well as the system folders: Downloads, Documents, Pictures... on yet another partition.

EDIT1: and 2 more blocks... Symenu and SUMo (not portable)
EDIT2: Wonderfox DVD Video Converter, Wonderfox DVD Video Converter Installer blocked
I don't have any of the other apps, but I just ran SUMo without any blocks, so let's start with this.

What is the path of your SUMo? What was blocked? Are you running VS on Always ON, Smart or AutoPilot?
 

Telos

Level 22
Verified
Top poster
Content Creator
Well-known
Jan 29, 2017
1,127
What is the path of your SUMo? What was blocked? Are you running VS on Always ON, Smart or AutoPilot?
"D:\Program Files (x86)\KC Softwares\SUMo\SUMo.exe"

Smart/Aggressive.

Here's from today (none are portable)

propresenter.exe
e-sword.exe
startmenu.exe
pushbullet.exe
notebookfancontrol.exe
sharex.exe

Apparently I'm not your target customer 🤣

And this

UAMH16C.png


AI seems odd ? "believe this file to be safe" yet the score is 0/100 🤔
 

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
"D:\Program Files (x86)\KC Softwares\SUMo\SUMo.exe"

Smart/Aggressive.

Here's from today (none are portable)

propresenter.exe
e-sword.exe
startmenu.exe
pushbullet.exe
notebookfancontrol.exe
sharex.exe

Apparently I'm not your target customer 🤣

And this

UAMH16C.png


AI seems odd ? "believe this file to be safe" yet the score is 0/100 🤔
Yeah, the problem is that your Program Files folders are not on your C drive. You should be able to keep them on the D drive, but in order for VS (or any other software that expects Program Files folders to be in their default location), but you will need to set the Environment Variable so the Windows knows that is where your Program Files are. There are provisions for this in VS, but I have not tested it yet. but I hope to soon.

So in short, Windows, VS, and other programs thinks your Program Files are in their default location, so they treat the Program Files on your D drive, just as they would any other drive. If you need help setting the Environment Variable, please let me know.

Yeah, 0 = Safe, 100 = Unsafe.
 

Telos

Level 22
Verified
Top poster
Content Creator
Well-known
Jan 29, 2017
1,127
Yeah, the problem is that your Program Files folders are not on your C drive
This seems an artificial constraint. My past w/Linux taught me to reserve the OS partition for the OS. So my break-down is
c: OS
d: programs (those which give me a choice !)
e: personal (Documents, photos, etc.)
f: everything else that exists in a “temporary” state (downloads, video editing, etc., etc.,)
g: backup images (temporary storage) for partitions c, d, e

A security system which “assumes” I must install all my stuff on “C”… is unnecessarily restrictive.
Windows, VS, and other programs thinks your Program Files are in their default location

Windows, VS, and other programs thinks your Program Files are in their default location.

You assume far too much. with that statement. Windows has no issue with alternate partitions... even for its system folders such as Documents, Downloads, Music, Videos, Links, Favorites, OneDrive... these all can exist on any partition. Same goes with Windows Indexing (the index resides on "F" for me.

VS needs to be less rigid with its assumptions, IMO 😎
 
Last edited:

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
This seems an artificial constraint. My past w/Linux taught me to reserve the OS partition for the OS. So my break-down is
c: OS
d: programs (those which give me a choice !)
e: personal (Documents, photos, etc.)
f: everything else that exists in a “temporary” state (downloads, video editing, etc., etc.,)
g: backup images (temporary storage) for partitions c, d, e

A security system which “assumes” I must install all my stuff on “C”… is unnecessarily restrictive.


Windows, VS, and other programs thinks your Program Files are in their default location.

You assume fart too much. with that statement. Windows has no issue with alternate partitions... even for its system folders such as Documents, Downloads, Music, Videos, Links, Favorites, OneDrive... these all can exist on any partition. Same goes with Windows Indexing (the index resides on "F" for me.

VS needs to be less rigid with its assumptions, IMO 😎
Dude, that is the entire point of Windows Environment Variables. It is a feature that is built into Windows and other OS's that devs use ALL the time.

The other reason why I know that Windows and other software use Environment Variables, is because I used to have my Program Files folders on the D drive as well. And A LOT of stuff did not work correctly until I set the Environment Variable for Program Files correctly. This is not a guess.
 

danb

From VoodooShield
Thread author
Verified
Top poster
Developer
Well-known
May 31, 2017
1,280
Hey Guys,

Here is the latest, mainly just visual GUI stuff, and I still have quite a bit to do on the GUI, but I wanted to release this because it is an improvement over the 6.76 GUI ;).

VS 6.77 beta
SHA-256: 85293157e17848db255c98b0f7d07dd482fb01f68b7d45e055390683bb5168a2

Thank you guys!
 

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,683
Hey Guys,

Here is the latest, mainly just visual GUI stuff, and I still have quite a bit to do on the GUI, but I wanted to release this because it is an improvement over the 6.76 GUI ;).

VS 6.77 beta
SHA-256: 85293157e17848db255c98b0f7d07dd482fb01f68b7d45e055390683bb5168a2

Thank you guys!
Just installed it over the top, as before. Still no alert from VS to exit and continue installation. Needed to manually exit and run installer again.