New Update VoodooShield CyberLock 7.0

[Dave Russo]

Does VoodooShield work with Kaspersky?

I have used both together for years (Trident has mentioned this is probably overkill) but I have had no problems, I also use CL with all Avs I ever had, never a problem

 

[simmerskool]

I have used both together for years (Trident has mentioned this is probably overkill) but I have had no problems, I also use CL with all Avs I ever had, never a problem

agree, except I did have an issue with VS/CL and DeepInstinct despite mutual exclusions. Had to do with Di sending updated info from server management console to my win10. I could not track it down in log files of either app, but stopping VS allowed Di to communicate with computer. I mentioned to Dan, but not many folks using Di here, and I think @Shadowra did not see this issue, so unexplained here.

 

[Kongo]

I have used both together for years (Trident has mentioned this is probably overkill) but I have had no problems, I also use CL with all Avs I ever had, never a problem

Overkill doesn't necessarily mean that you will face problems. It's just about logical thinking. Kaspersky has great signatures, behaviour blocker and Application Control. Is there really the need of adding another real-time security solution to the system that might use extra disk space, RAM or CPU?

 

[simmerskool]

Overkill doesn't necessarily mean that you will face problems. It's just about logical thinking. Kaspersky has great signatures, behaviour blocker and Application Control. Is there really the need of adding another real-time security solution to the system that might use extra disk space, RAM or CPU?

maybe, depends of there's a gap VS closes, hard to know, I'm not an IT engineer...

 

[Xeno1234]

Overkill doesn't necessarily mean that you will face problems. It's just about logical thinking. Kaspersky has great signatures, behaviour blocker and Application Control. Is there really the need of adding another real-time security solution to the system that might use extra disk space, RAM or CPU?

Application Control by itself without changing anything is practically useless as anything unknown by default is placed into low restricted which by default has the permissions of trusted besides mic and webcam access

I have used both together for years (Trident has mentioned this is probably overkill) but I have had no problems, I also use CL with all Avs I ever had, never a problem

It probably is since Kaspersky compared to other products is overkill itself tbh - its just that good.

I have used both together for years (Trident has mentioned this is probably overkill) but I have had no problems, I also use CL with all Avs I ever had, never a problem

Did you have to make any changes to either software to make it work?

 

[Dave Russo]

Did you have to make any changes to either software to make it work?

No, I never with Kaspersky added exception, if there is a conflict I have never noticed, I probably am not the one to give advice, better suited members with way more incite than I will ever have, are on this site,Gl

 

[Xeno1234]

But who said that you should leave it with default settings?

Thats true I have a default deny setup but idk what to do other than that

 

[Kongo]

maybe, depends of there's a gap VS closes, hard to know, I'm not an IT engineer...

Correct. That's why it's a good idea to use CyberLock with free antiviruses like Bitdefender Free for example, that have quite a few restrictions in their feature-set. Kaspersky's paid version however provides very strong protection for home users and doesn't need another security solution that runs in the background. You're better off with hardening the system with Application Control or adding tools like Simple Windows Hardening, Firewall Hardening that use the built in Windows features and don't need any extra computer resources. In my opinion everything else is exaggerated and paranoid. I had a different opinion before, but it changed over the months/years.
But it's just my personal opinion of course...

 

[simmerskool]

Correct. That's why it's a good idea to use CyberLock with free antiviruses like Bitdefender Free for example, that have quite a few restrictions in their feature-set. Kaspersky's paid version however provides very strong protection for home users and doesn't need another security solution that runs in the background. You're better off with hardening the system with Application Control or adding tools like Simple Windows Hardening, Firewall Hardening that use the built in Windows features and don't need any extra computer resources. In my opinion everything else is exaggerated and paranoid. I had a different opinion before, but it changed over the months/years.
But it's just my personal opinion of course...

I have used, (& use) H_C & SWH in some instances rather than VS. It just that I've used VS for so many years without issues, it's like an old friend and I like some of its features.

 

[Kongo]

I have used, (& use) H_C & SWH in some instances rather than VS. It just that I've used VS for so many years without issues, it's like an old friend and I like some of its features.

Thats great! I mean if you are not facing any issues or a big performance impact then there is absolutely no reason not to use it.

 

[Xeno1234]

I dont use Voodoo Shield nor have tried it, but I wonder how its detection capabilities compare to Kaspersky, or do they serve different purposes.

 

[NormanF]

If you have an endpoint security suite, Voodoo Shield is redundant because it already has an application control module.

You don't derive benefit from the overlap. However if you run a free AV, VS will fill any gaps and provide additional protection.

 

[danb]

If you have an endpoint security suite, Voodoo Shield is redundant because it already has an application control module.

You don't derive benefit from the overlap. However if you run a free AV, VS will fill any gaps and provide additional protection.

If the application control module built into your security suite does not happen have these features, you might consider installing CyberLock...


CyberLock Features (partial list):

Dynamic security postures

Antimalware contextual engine

More secure tiny, customized local whitelist

Automatically builds the tiny, customized local whitelist

Monitors entire attack chain, not just hash, name or signature

Antiexploit mechanism that protects web apps, vulnerable apps and virtually all Windows and common processes

VoodooAi analysis, detection and file insight

WhitelistCloud analysis, detection and file insight. Be quite certain that only benign processes are running at any given time.

Mini Prompt to avoid the user automatically or inadvertently clicking Allow. In other words, does not force the end-user to respond to dangerous affirmative user prompts.

Full User Prompt with complete file insight provided to the end user so they can make an informed decision

Multiple modes to adjust to any system or user

Advanced Digital Signature verification and algorithms

Robust command line handling

Robust vulnerable app handling

Robust LOLBin handling

Robust fileless malware handling

Robust script handling

Easy creation of Windows Firewall Rules

Auto creation of Windows Firewall Rules for unknown items

User recommendations with file insight on blocks

Custom Folders feature

Robust Rules feature

Protects, activates with and can disable USB drives

Automatic temp file cleanup

Installer detection

Multiple robust logging features

Local sandbox

Cuckoo sandbox

Web management console

 

[Victor M]

@danb

Hi,

I was wondering if you could add a feature to CL. Add an option to create a rule by file hash. I discovered a threat intelligence community site: RiskIQ Community Edition They publish the hash of malware. It would be great if CL can ingest that SHA256 into a rule.

 

[cartaphilus]

Hey Guys,

Here is the first VoodooShield 7.0 beta. The new Contextual Engine is almost 100% complete, but there will be a few blocks, so please let me know if you experience any unwanted blocks. Overall you should see a significant reduction in blocks, but I am certain that I am missing a few things, and we simply won’t know what they are until VS is ran on other systems with different software.

Once the Contextual Engine is 100%, I will update DefenderUI Pro to have the exact same engine. I am guessing a couple of weeks, once we figure out the unwanted blocks.

The GUI is under construction and there are a lot of colors and stuff I need to tweak, but it is fully functional. I just figured I would release this first version so you guys can beta test the new Contextual Engine, and figure out what we need to tweak under the hood, while I finish up the GUI.

BTW, VS’s self-protection is disabled for this version, just in case something weird happens you will be able to kill VS with the task manager. Assuming everything goes according to plan, we will enable self-protection in the next version.

I just want to mention, the new Contextual Engine is by far the biggest change ever made to VS under the hood, and soon I will explain how it works.

VS 6.75 beta

https://voodooshield.com/Download/InstallVoodooShield675beta.exe

SHA-256: ca2e736e000c9ab8bed84bdf978561058fb4b05a1c56080e6d3886cf5b9025a2

VS 6.76 beta

https://voodooshield.com/Download/InstallVoodooShield676beta.exe

SHA-256: eacecec901ceab9ef8eb1db36c10957c233aba24d7b5c962ff677e34b89629ab


Thank you guys!

Can you add the ability to whitelist cmd calls to a specific file? My checkpoint Harmony AV keeps popping cmd block each time it tries to connect. Mainly efrservice.exe because it's not signed.

 

[danb]

@danb

Hi,

I was wondering if you could add a feature to CL. Add an option to create a rule by file hash. I discovered a threat intelligence community site: RiskIQ Community Edition They publish the hash of malware. It would be great if CL can ingest that SHA256 into a rule.

Thank you for the suggestion, I am not exactly sure what you have in mind. Are you saying to create rules for all known bad hashes? This would create entirely way too many rules, and VS / CL already uses the SHA-256 hash extensively in our other components.

Please let me know what you mean exactly and I will look into it, thank you!

 

[danb]

Can you add the ability to whitelist cmd calls to a specific file? My checkpoint Harmony AV keeps popping cmd block each time it tries to connect. Mainly efrservice.exe because it's not signed.

Thank you for reporting this. This is super uncommon... VS / CL has reduced unwanted command line blocks to a minimum.

I am guessing that most of the command lines that are being blocked are extremely similar to each other, but maybe only vary by a few characters. If so, you can create a wildcard in the Command Lines tab of VoodooShield Settings.

If this is not the case, can you please email me a list of the command lines that are being blocked? Please send it to support at voodooshield.com, thank you!

 

[Victor M]

for all known bad hashes? This would create entirely way too many rules,

If CL can't handle too many rules, then forget it. I was thinking of using it like an SIEM.

 

[danb]

If CL can't handle too many rules, then forget it. I was thinking of using it like an SIEM.

It can handle a lot of rules, but not hundreds of thousands or millions. There are other components in VS that handle what you are thinking of.

 

[Azazel]

Will voodooshield.com add Second Factor Authentication for extra security.
Like One Time Password.