Q&A VoodooShield - Custom Rules to increase protection

Discussion in 'VoodooShield' started by Raka Daku, Oct 9, 2017.

  1. Raka Daku

    Raka Daku Guest

    #1 Raka Daku, Oct 9, 2017
    Last edited by a moderator: Oct 9, 2017
    Official Website:
    https://voodooshield.com/
    Build version:
    Beta releases may be unstable and contain unreported bugs
    RULES, anyone trying custom rules?

    Current custom ruleset (just test purpose, VAi only, & VAi set to "81" in the ruleset)
    Allow All Files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
    If VoodooAi is less than or equal to 81

    Other customizations
    Settings - Basic - Deny by Default (uncheck to show prompt instead of balloon) - Unchecked
    Settings - Advanced - Automatically scan blocked files with the multi engine blacklist scanner - Unchecked

    Snapshots
    Initial Snapshot taken
    Advanced Snapshot not taken

    Test (30 safe programs.. popular/lesser known/forum made/etc)
    All programs were automatically allowed (VAi score less than 81)

    Test (cannot test malware on the system, downloaded 13 keygens by well-known or popular crackers on various forums)
    12 keygens got verdict Unsafe (VAi score above 91)
    1 keygen got verdict Suspicious (VAi score 89)
    1 keygen was automatically allowed (VAi score less than 81)

    I uploaded the allowed keygen to VirusTotal & Comodo Valkyrie
    VirusTotal - Latest report.. 3 vendors detected, CrowdStrike Falcon, Rising & Webroot
    Comodo Valkyrie - Latest report.. Clean (Human Expert Analysis Overall Verdict.. Clean)

    Test done under Shadow Defender
    VoodooShield Latest Beta 4/406 Beta
    Win 10 64 Bits Pro
    Win Inbuilt Firewall
    Windows Defender
     
  2. DotNet

    DotNet Level 1

    Sep 4, 2017
    20
    23
    USA
    Windows 10
    Allow All Files on My Computer when VoodooShield is ON, OFF, AUTOPILOT, untick digital signature & blacklist, leave the Ai setting at 0 or Safe, & all my command line issues are gone! Everything works as it should.
     
  3. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Very cool! It is great to see that people are starting to experiment with the new rules feature. I think most users will totally understand the rules feature after about 5 minutes of experimentation... and I really think that once we build this feature out a little more, it is going to be an amazing feature.

    BTW, if you can think of any other parameters that I should add to this feature, please let me know. Also, 81 sounds about right to me as well ;). Thank you!
     
  4. Raka Daku

    Raka Daku Guest

    What do you mean command line issues are gone?
     
  5. Raka Daku

    Raka Daku Guest

    #5 Raka Daku, Oct 10, 2017
    Last edited by a moderator: Oct 10, 2017
    Yes, Rules feature will be helpful to customize or optimize VS to suit users, layered protection on the system, etc.

    VAi verdict based on VAi score
    If I am correct..
    VAi score & verdict
    0 - 50 Safe
    51 - 89 Suspicious
    90 - 100 Unsafe

    Yes, 81 plus layered protection seems effective, & less alerts.

    Vulnerable Processes option would be good like drop down menu with options default & allow
    set allow to automatically allow
    set default to keep default
     
    Weebarra, BryanB, plat1098 and 2 others like this.
  6. Raka Daku

    Raka Daku Guest

    danb,

    Custom Ruleset
    Allow All Files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
    If the Blacklist scan is less than or equal to 5 Positives
    Block Unknowns and Trust VoodooShield's False Positive Detection
    If VoodooAi is less than or equal to 90

    The bold above, what does Unknowns here means?
     
    Weebarra and frogboy like this.
  7. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,493
    Retired
    Central US
    Linux Mint
    Default-Deny
    I believe it means Unknown to VoodooAI and or VT scan ?
    Dan will have to clarify :)
     
    Weebarra and frogboy like this.
  8. Raka Daku

    Raka Daku Guest

    Yes, I thought so.. just want to be clear before going with the rules.
     
    _CyberGhosT_ likes this.
  9. plat1098

    plat1098 Level 5

    Aug 23, 2017
    230
    1,343
    Brooklyn
    Windows 10
    Microsoft
    Question: Example: I set a custom rule for a games application using the default parameters and SMART mode. This app creates a lot of child processes. Now I have everything running in Sandboxie (might switch to Shade).. Are rules still necessary?
     
    _CyberGhosT_, Weebarra and frogboy like this.
  10. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,493
    Retired
    Central US
    Linux Mint
    Default-Deny
    I don't create Custom Rules for the following clients: Steam, Origin, Uplay, GOG, and I have no issues.
    Same for TS & GameVox as well.
    Always in Smart Mode ;)
     
    frogboy and plat1098 like this.
  11. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Yes, those are the correct ranges... there is also a "Be Careful" / suspicious range of 51-75, which is actually part of suspicious. This is the range where things start to get a little dicey.

    Yeah, at some point I will add an editable list of vulnerable processes to the Settings / Advanced tab, and I will see what I can do with adding these to the rules as well. Thank you for the suggestions!
     
    simmerskool, shukla44, j9ksf and 2 others like this.
  12. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Block Unknowns are for the blacklist scan only. VoodooAi should never have an unknown because it is going to return the verdict each and every time... unless the VoodooAi cloud server is down (which is hosted on Azure), in which case, VoodooAi would return "Error in VoodooAi".

    BTW... whenever you create and save a rule, VS automatically copies the new rule to Windows Clipboard, so you can paste it wherever you like after creating a new rule. I just thought this might be helpful when people start experimenting with and sharing rules.
     
    shukla44, j9ksf, shmu26 and 1 other person like this.
  13. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Sorry, I am not sure what you mean when you ask "Are rules still necessary", can you please clarify?
     
    shukla44 and _CyberGhosT_ like this.
  14. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Yeah, Smart Mode pretty much takes care of everything automatically, but it is nice to be able to create a rule when you need to. Rules will be particularly useful to SMB and enterprise admins. Thank you CG!
     
  15. plat1098

    plat1098 Level 5

    Aug 23, 2017
    230
    1,343
    Brooklyn
    Windows 10
    Microsoft
    @_CyberGhosT_ has already answered the question. :)
     
    frogboy and _CyberGhosT_ like this.
  16. Raka Daku

    Raka Daku Guest

    #16 Raka Daku, Oct 12, 2017
    Last edited by a moderator: Oct 12, 2017
    VoodooShield 406 Beta (Usability Test)

    Win 10 64 Pro
    Win Defender
    Win Firewall
    Test done under Shadow Defender


    Custom Ruleset
    Allow All Files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
    If VoodooAi is less than or equal to 90

    Settings changed
    Settings - Basic - Deny by Default (uncheck to show prompt instead of balloon) - Unchecked
    Settings - Advanced - Automatically scan blocked files with the multi engine blacklist scanner - Unchecked

    Reasons to test VAi at 90 (90 - 100 or 90 & above)
    *
    VAi at 90 score means VAi verdict "Unsafe". There will be "Unsafe" verdict alerts only
    * I have watched quite a few VS tests, & noticed that VAi does well against malicious or malware i.e mostly or almost all the time "Unsafe" verdict
    * I thought lets see how it does against safe programs at VAi 90. And if it does well, then I will request a HUB tester or post a request to do VS malware test with Custom Rules & Settings mentioned here + Windows Defender (PUP enabled) + Windows Firewall

    Here is the Usability Test results (all safe programs)
    Programs already on the system were run (No Unsafe verdict alerts, 1 issue was there)

    Adguard Desktop, Adobe Acrobat DC, DVDFab Media Player 3, FreeFileSync, Macrium Home 7, MS Office 2016, Picasa, Shadow Defender, Sticky Password, Unchecky, Unlocker 64, Windscribe Desktop, WinRAR & WordWeb.
    FreeDownloadManager 5 (extension in GoogleChrome) - Everytime Chrome is run, a Command Line alert is there

    Portable programs already on the system were run (No Unsafe verdict alerts or issues were there)
    4kvideodownloader, 4kvideotomp3, 7-Zip, 10AppsManager, AIMP, Advanced Renamer, Audacity, Avidemux, DnsJumper, Firefox 64, FixWin10, GoogleChrome, HDSentinel Pro, HitmanPro 64, Kaspersky System Checker, MediaInfo, Microsoft PID Checker, Mkvtoolnix, PEstudio, Process Explorer, qBittorrent, Revo Uninstaller, Rufus, SecureMyBit, SubtitleEdit, TeamViewer, Ultimate Windows Tweaker, VidCoder 64, Vivaldi 64, Western Digital Diagnostics, WUShowHide, XYplorer & Zemana Antimalware.

    New programs.. programs installed/uninstalled successfully (No Unsafe verdict alerts or issues were there, Command/Script alerts info, & 1 Crack tested)
    WebsiteX5 Start, Shade Sandbox, Veeam Agent for Windows 2, Western Digital Diagnostics, DeepArmor 36, Ashampoo Snap Business 10, BCompare 4, Camtasia 9, CPUBalance 64, ExpressVPN, Wondershare Filmora, FotoJet Collage Maker, GOMPlayerPlus, InternetDownloadManager, MailBird, MediaPlayerMorpher, OODiskImage Pro 11 64, ProtonVPN, Apowersoft Screen Recorder Pro, Tally ERP 9, XeroWeight Flashback, TeraCopy 3, Apowersoft Video Editor Pro, VirtualBox 5, Vivaldi 64, VLC 64 & VMware Workstation Pro 12
    EaseUS Todo Backup Home/Workstation 10 - During install/uninstall, more than 10 Command/Script alerts
    PowerDVD Ultra 17 (Trial Retail) -
    During install/uninstall, more than 10 Anti-Exploit alerts mentioning conhost.exe (Safe verdict with score 1)
    Wondershare Video Converter Ultimate -
    During install/uninstall, more than 20 Command/Script alerts
    Tally 9 Crack - Unsafe verdict with score 100

    I have mentioned only programs with many VS Command/Script alerts. During the whole test i.e Start to Finish, there were total 78 Command/Script alerts as per VS Command Lines section in the GUI.


    UPDATE

    VoodooShield 407 Beta

    Same Results for the above mentioned FreeDownloadManager, EaseUS Backup, PowerDVD & Wondershare Video
     
  17. Raka Daku

    Raka Daku Guest

    I am looking forward to vulnerable processes option.
    Any chance to see vulnerable processes atleast in rules in the on-going betas & final?
     
    shukla44 and shmu26 like this.
  18. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,287
    13,652
    Utopia
    +1
     
    shukla44 likes this.
Loading...
Similar Threads Forum Date
Q&A SRP vs VoodooShield General Security Discussions Friday at 1:24 AM
Q&A Cycling Update VooDooShield VoodooShield Dec 31, 2017
voodooshield and malware without files VoodooShield Dec 21, 2017