- Apr 24, 2016
- 7,414
@danb VS 7.21b is blocking ConfigureDefender's command lines.BTW, I just noticed that VS 7.21 is blocking DefenderUI's command lines, so I need to think about and refine that rule a little more.
Can you have a look at that?
@danb VS 7.21b is blocking ConfigureDefender's command lines.BTW, I just noticed that VS 7.21 is blocking DefenderUI's command lines, so I need to think about and refine that rule a little more.
Same here.@danb VS 7.21b is blocking ConfigureDefender's command lines.
I spent some time on this and there are several ways to fix this issue.Same here.
This is what I do and I turn off "Deny by default" for less click-throughs. I doubt I ever had 5 or 6 blocks from WD.Or just keep VS on .. Always ON and allow the 5-6 blocks it creates.
Thanks Dan for the free license for 100 yearsHello Dan,
I am glad to help . The new version is installed.
When you start to run low on years, let me know and I will add a couple more .Thanks Dan for the free license for 100 years
Thank you, I appreciate that!Amazing work as always!
Yeah, depending on which malware repository it comes from, there are usually tons of invalid, duplicates and safe files mixed in with the real malware. This skews the results in a very big way. The invalid files will never execute, so they need to be excluded completely. The duplicates should be removed because if, for example, you have a malware pack with 100 samples, and 10 of them are dups, then the results are skewed by 10%... especially if the dup is a safe file . And the safe files need to be removed as well, for obvious reasons. I think what I will do is add some features in VoodooAi Desktop to remove the duplicates. The invalid files are already sorted automatically if your malware pack is located on your desktop. The reason the sorting is limited to the desktop is because we did not want a user to analyze the Windows directory and have VoodooAi Desktop move the Windows files to the sorted directories.thanks for the updates, just took the ai tool for a spin, I didn't expect to see quite so many items classified as safe nor invalid
also not sure if its a bug, but you need to wait for analysis of the entire folder to complete before you can click on a sample to open up virus total. this worked ok in the example below
if I then click a different sample in the safe list, virus total page loads but says "404 page cannot be found"
it appears only one virus total submission can be viewed per analysis
excellent thanks for this!!Yeah, depending on which malware repository it comes from, there are usually tons of invalid, duplicates and safe files mixed in with the real malware. This skews the results in a very big way. The invalid files will never execute, so they need to be excluded completely. The duplicates should be removed because if, for example, you have a malware pack with 100 samples, and 10 of them are dups, then the results are skewed by 10%... especially if the dup is a safe file . And the safe files need to be removed as well, for obvious reasons. I think what I will do is add some features in VoodooAi Desktop to remove the duplicates. The invalid files are already sorted automatically if your malware pack is located on your desktop. The reason the sorting is limited to the desktop is because we did not want a user to analyze the Windows directory and have VoodooAi Desktop move the Windows files to the sorted directories.
As they say, that is not a bug, it is a feature . I actually added that feature and I cannot remember why at the moment, but I will play around with it and if it is possible to click on the item before the analysis is complete then I will remove that feature .
Yeah, if you see a 404 error that means the sample has not been uploaded to VT yet. What we might do is make it so when the user right clicks on an item, it will take them directly to the file so they can manually upload the file to VT and to WLC. If WLC says the file is safe, you can be almost 100% certain that it is safe, especially if the VT results are safe as well.
There is a limit to how many files can be analyzed with VT without having to respond to Captchas, so I just made it do one at a time. Thank you!
Afaik the option just creates an entry on Dans FP list or so. He then has do check them. And when he does that every now and then you may get lucky with your FP. So whenever I have a really annoying FP I use the email support. Because I had that every now and then.So I've done this numerous times with Shadow Defender and a couple other programs, why do I have to do it every time, does reporting a False Positive not do anything?
Thank you, I appreciate that!Just a couple of comments.
Every time I install VS I go thru all my installed programs and saved programs, open them and then see if VS reacts. I have 3 versions of Shadow Defender saved, I open them and every time VS throws up a block, so I click on Report a False Positive and Allow (my wording my be off from the actual wording). So I've done this numerous times with Shadow Defender and a couple other programs, why do I have to do it every time, does reporting a False Positive not do anything?
And, VS is supposed to be a "simple" computer lock, well the idea and execution is superb, but its not so simple once you open the gui, way too many options and settings imo. I think that 98% of computer users would be lost trying to figure them out. Not sure if this is even possible to fix, doubt it.
My idea of a perfect, simple program has 5 buttons, On, Off, Update, Block, Allow. You want everyone and anyone to use/like a program, then use these 5 buttons. Just some thoughts and questions Dan, your program is probably one of the best for computer security.
Yeah, sorry I keep forgetting about this, I am going to fix this right now, thank you!Afaik the option just creates an entry on Dans FP list or so. He then has do check them. And when he does that every now and then you may get lucky with your FP. So whenever I have a really annoying FP I use the email support. Because I had that every now and then.
I like VS I just also hope for a better FP solution for it.
I sort of thought that.Afaik the option just creates an entry on Dans FP list or so. He then has do check them. And when he does that every now and then you may get lucky with your FP. So whenever I have a really annoying FP I use the email support. Because I had that every now and then.
I like VS I just also hope for a better FP solution for it.
Thanks Dan, don't envy you if you have to do the false positive procedure manually.Thank you, I appreciate that!
Yeah, I have a custom app that I use to manage VS and to automate certain tedious tasks. For example, I can automatically add a digital signature signer to our list very quickly, and the app allows me to quickly perform the necessary research before adding the signer. The last few weeks I have been working on all kinds of ways to fully automate VS, because making little changes manually takes tons of time. I have not automated the false positive procedure yet, but I am going to do it right now . So hopefully by this afternoon it will only take a few seconds to correct false positives, compared to 5-10 minutes for each one the manual way.
I totally agree that the VS settings can be overwhelming, especially for users who are trying VS for the first time. The last couple of years we have eliminated a few options, but it would be great if we could eliminate even more, or somehow organize them better. If anyone has any suggestions on how we might be able to do this, please let me know. I think this is a common problem with cybersecurity software and software in general. That is, once the user starts to explore the advanced settings, there are so many different settings that is quite overwhelming. If anyone has seen a great implementation of advanced settings in any software that would be a great example to work from, please let me know. The good thing is that most users do not need to adjust any of the settings, but it would be really cool if we could somehow optimize this either way.
Hi Dan! Your product is great, but I despair at the thought of the amount of headaches involved in maintaining it. Lately I've noticed a few types of malware that on first glance (and a VERY quick glance at that) seem to legitimate certificates. For instance:I can automatically add a digital signature signer to our list very quickly, and the app allows me to quickly perform the necessary research before adding the signer