Advice Request VoodooShield and double agent

[TheMalwareMaster]

Hello, do you know if VoodooShield is vulnerable to Double Agent? Can you ask Dan about this?

 

[Deleted member 178]

DoubleAgent is a weak malware , it won't even pass UAC at max. so VS and any anti-exe will block it before it even does anything.
The buzz was made by a newcomer company promoting their "Next (crap) Gen" solution and using DoubleAgent as a way to discredit reputed vendors.

 

[Handsome Recluse]

Yeah, he's right. You just gotta learn to sift through the noise and find what's really important. Everything could be manipulated. Twist the words a different way and you change the perception, change the perception and change the outcome. Psychology is like the dark matter subject, it seems, in usefulness.You can't rely on vendors especially without the free market and we don't have that anymore.

 

[ZeroDay]

As @Umbra Said it won't even pass UAC it needs admin rights to even run. It hasn't got a chance of getting round VoodooShield. I think a few AV's have patched it anyway just in case. I'm pretty sure Avast have, and to be honest I can't see too many AV companies worrying about this silly little trick let alone anti-exe's etc.

 

[Berny]

The last i heard is that the detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from March 22, 2017.

 

[Deleted member 178]

To be effective, this "trick", (i won't even call it a malware by respect for true malware, which would be offended if i did ), need an happy clicker who click yes on everything.

 

[Aura]

It's a "vulnerability" that can only be used with Admin Rights. So if the payload using it have Admin Rights, it using DoubleAgent is the latest of your worries. Also, worth a read:

KernelMode.info • View topic - Cybellum - another pseudo security company from Israel

 

[TheMalwareMaster]

Thank you all guys

 

[erreale]

To be effective, this "trick", (i won't even call it a malware by respect for true malware, which would be offended if i did ), need an happy clicker who click yes on everything.

You kill me with your humor, even if you're absolutely right.
Great comment!

 

[Marko :)]

As @UmbraI think a few AV's have patched it anyway just in case. I'm pretty sure Avast have, and to be honest I can't see too many AV companies worrying about this silly little trick let alone anti-exe's etc.

Someone from Avast team said on Avast forum that only users of Avast 12.3 and older versions are vulnerable.

AV products vulnerable to attack through Microsoft Aplication Verifier.