Advice Request VoodooShield and Windows Powershell

Please provide comments and solutions that are helpful to the author of this topic.

cb33

New Member
Thread author
May 31, 2023
3
I just installed version 7.44 and one thing I noticed is that voodoo shield didn't give any prompts when running a powershell script.
 
F

ForgottenSeer 97327

I am not a VoodooShield user, but there is a user manual available of V6: https://www.voodooshield.com/Download/VoodooShieldUserGuide.pdf

V6 has rudimentary command line protection, so you could check whether powerscript commands are listed here
1685541831764.png

You could also check whether by default Powershell folder is mentioned (in System32 and SysWOW64) here
1685541976260.png

As a last solution you could check whether powershell.exe is mentioned as vulnerable process here
1685542134348.png

The manual mentions what to do when a vulnerable process is not listed (add it and disable "Automatically allow by parent"), but since the manual is outdated I would wait until experienced VS users chime in or contact the developer when nobody responds, before altering advanced settings. A safer suggestion is to reset VS to default settings and check again (you might have accidentely whitelisted powershell yourself).
 
Last edited by a moderator:

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
I'm still on 7.43 but I remember I complained to Dan because I got popups on my SUA when power shell wanted to run some windows "compatibility/telemetry stuff". So there are popups but some stuff that's considered safe will probably not throw an popup.
Maybe check in VS under "Command lines" if any powershell allow/blocks are listed there (mine were).
VS mode used by me aggressive/Autopilot (if I remember it right)
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Are you sure you are not editing the script? VS will not block the script when you try to edit it, but it will block when you try to run it.

VS will also not block PowerShell when the user simply runs PowerShell without a script.

How are you running the script? Like, are you right clicking on the script and choosing "Run with PowerShell"? If not, let me know how you are trying to run the script.

Also, make sure the script was not previously whitelisted ;). VS will not block scripts that were previously allowed.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
That makes sense now. Yeah, VS is not supposed to block scripts that are in an instance of PowerShell started by the user and manually ran by the user. It is our Antimalware Contextual Engine that allows fine grain policies.

See, for years I have always that it was just absolutely insane that UAC blocks utilities like CMD and PowerShell when the user is simply opening an instance of PowerShell or CMD without running a script. So we just took it a couple steps further and made it as user-friendly as possible.
 
F

ForgottenSeer 97327

See, for years I have always that it was just absolutely insane that UAC blocks utilities like CMD and PowerShell when the user is simply opening an instance of PowerShell or CMD without running a script. So we just took it a couple steps further and made it as user-friendly as possible.
Operators execute commands in a shell and users type, click, swipe, talk to a graphical interface. Reason why most (if not all) OS-ses require elevated/high rights to execute shell commands. Look at Linux, Android and iOS. Ironically we agree on the lousy implementation of rights separation in Windows. It is the OS which grants the easiest (and the worst) access to high-rights. ;)
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Operators execute commands in a shell and users type, click, swipe, talk to a graphical interface. Reason why most (if not all) OS-ses require elevated/high rights to execute shell commands. Look at Linux, Android and iOS. Ironically we agree on the lousy implementation of rights separation in Windows. It is the OS which grants the easiest (and the worst) access to high-rights. ;)
I totally agree... there is not one really great way to handle this. There are a handful of adequate but sub optimal ways ;).

If TempleOS had networking support, I would just run that... it runs everything in Ring 0 ;). And obviously I would port VS ;).
 

simmerskool

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,166
I totally agree... there is not one really great way to handle this. There are a handful of adequate but sub optimal ways ;).

If TempleOS had networking support, I would just run that... i
TempleOS...:unsure: quick skim gave me vibes from film "A Beautiful Mind" -- what am I missing?
 
  • Like
Reactions: Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top