Separate names with a comma.
Discussion in 'VoodooShield' started by TheMalwareMaster, May 6, 2017.
Thank you. I am not taking my case, but the one of a click-happy beginner, who executes everything
VoodooShield has script heuristics, that should catch a malware *.js script when ran from the disk. There was a bug related to *.wsf scripts, but it is now corrected in the latest VoodooShield version.
See the posts #6, #39 in the thread:
How-to Guide - How do you secure PowerShell?
After some mailing between me and VoodooShield developer, the bug related to *.wsf files was fixed:
"... It was not an issue with the design, it has something to do with the way VS extracts the command lines for .wsf files... it will be an easy fix and it will be included in the next release"
Thats the whole point of VS. If it is not whitelisted, VS will block it.
Glad to know the same concept applies to .js files.
Im not sure, but imagine a case of a script with:
- 0/61 detections on VT
- Fake digital signature
Would VS still block it in auto pilot?
I do not think, so. Signed scripts can do things, that can also do malware scripts (deleting files, folders, etc.). It would be very hard to differentiate between them by heuristics only. But, anyone can confim this by asking at VoodooShield support page.
If you go by what the developer has said then yes.
1 It is uncommon for malware to have a digital sig
2 I have never seen Voodooshield allow a file without a sig
3 Even if you are on the free version, or the paid version at default settings, keep in mind that parent/child permissions are disabled for the sensitive locations where malware might be downloaded, as well as for the system files that malware might want to abuse. This feature is hard-coded.
Yep and i suggest use it smart mode, actually i have using always smartmode if testing not count for the past. Now official VS site has been updated VS Version 3.53 to => 3.59, several fixes done. Dev Dan is the man in the mission!
To answer the OP's question:
a script file doesn't get analysed by Ai, so it will never collect enough security points to become automatically allowed, even if it has a sig.
That is my understanding of the system.