- Jan 4, 2016
- 1,022
Good mornig, I thought of a situation with VoodooShield. We are running VoodooShield free on AutoPilot mode. A user downloads a javascript file "malware.js". This file is really new, it has already been scanned with VirusTotal and has a detection rate of 0/61. Since VoodooAI is not available for javascript files, this file will be allowed to run (if this last sentence is false, please say it). This javascript file downloads "payload.exe". This executable has already been scanned with VirusTotal and has a detection rate of, let's say 3/61 (it's possible, considering that not all antivirus companies add javascript files to signatures, but only the dropped file). I have some questions
1 After malware.js is able to run, it will download payload.exe. Will payload.exe be blocked, or it will be allowed, considering that malware.js has been allowed (does parent process influence this situation?)?
2 If we were in Always ON or Smart mode, will VoodooShield prompt us for malware.js?
1 After malware.js is able to run, it will download payload.exe. Will payload.exe be blocked, or it will be allowed, considering that malware.js has been allowed (does parent process influence this situation?)?
2 If we were in Always ON or Smart mode, will VoodooShield prompt us for malware.js?