VoodooShield discussion

shmu26 · May 28, 2017

Evjl's Rain said:
also HMPA failed, according to him (if I don't misunderstand)

HMPA 3.7 is in closed beta, I wonder if it does better?

Peter2150 · May 28, 2017

Frankly I consider the test bogus. Appguard will protect the system against any Run32dll attack, but not by blocking it's execution. I tested against several hundred malware samples gathered here, and VS,ERP, and Appguard protected the system against all of them. In fact to test ERP and VS I had to shut down Appguard or ERP and VS never even got a chance to do anything.

The problem here is Dan said he was testing WHitelisting anti exe's Appguard doesn't even have a whitelist, and it isn't really an AE. Bogus test.

Parsh · May 28, 2017

shmu26 said:
On Friday, I removed Babylon translation software from automatic startup, and rebooted.
BSOD.
Rebooted again, and Windows could not finish loading.
Rebooted into safe mode, uninstalled VS, rebooted.
Windows loaded properly.

I reinstalled VS, put it in training mode, and rebooted, and then switched to alert mode, rebooted.
Windows loaded properly.

VS has some more work to do with whitelisting command lines. When VS can't read a command line, for whatever reason, this can bork the system.

In fact, the whole reason why I removed Babylon from automatic startup in the first place was to try and solve a VS command line problem. VS was intermittently prompting me for a certain Babylon dll that loads relatively early after system startup. Sometimes it precedes VS, and sometimes not.

Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

shmu26 · May 28, 2017

Parsh said:
Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

Dan knows that VS has a hard time reading certain command lines. He often recommends that people put VS in training mode, and in extreme cases, even to install software in training mode, in order to overcome this problem.

shmu26 · May 28, 2017

Parsh said:
Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

Thanks to your encouragement, I just emailed Dan my report on the problem, together with my logs...

Parsh · May 28, 2017

shmu26 said:
Thanks to your encouragement, I just emailed Dan my report on the problem, together with my logs...

Nice

We know that Dan will put his best to understand and solve these queries/issues for the upcoming versions.

shmu26 · May 28, 2017

Evjl's Rain said:
VoodooShield said:
Yeah, can you send me her settings? I tested with default settings and it was not an optimal result . Maybe Comodo should use CS's settings for everyone.

In other words, Dan gave a polite but evasive answer, in order to avoid an epic battle with the Comodo enthusiasts. Smart move, actually.

Peter2150 · May 28, 2017

I want to amend someothing I said relative to Dan's test and the Appguard results. I used the word bogus, which could imply intentional deceit. I certainly don't believe that to be the case, so it would be more appropriate to describe the results as invalid.

Pete

shmu26 · May 28, 2017

Peter2150 said:
I want to amend someothing I said relative to Dan's test and the Appguard results. I used the word bogus, which could imply intentional deceit. I certainly don't believe that to be the case, so it would be more appropriate to describe the results as invalid.

Pete

Perhaps it could best be said that the results present a very interesting but very incomplete picture.

Deleted member 178 · May 28, 2017

shmu26 said:
Perhaps it could best be said that the results present a very interesting but very incomplete picture.

You nailed it. it just showed the 1st stage of the attack , which is not dangerous by itself.

using an analogy :

A terrorist want put a bomb in a building, for that he needs to make a hole in the wall and then place the bomb; the hole isn't dangerous, the bomb is.

Av Gurus · May 28, 2017

...this new terrorist don't need hole they just come to building...kill himself and everybody else...

shmu26 · May 28, 2017

Parsh said:
Nice We know that Dan will put his best to understand and solve these queries/issues for the upcoming versions.

After looking at logs, he said it was a corrupted data base.

Parsh · May 28, 2017

shmu26 said:
After looking at logs, he said it was a corrupted data base.

The training/whitelisting database? Then resetting or reinstalling should be the way I guess, unless the problem corrupting the database confronts again.

shmu26 · May 28, 2017

Parsh said:
The training/whitelisting database? Then resetting or reinstalling should be the way I guess, unless the problem corrupting the database confronts again.

He said to delete all data files in the Voodooshield ProgramData folder, and reinstall.

Evjl's Rain · May 28, 2017

shmu26 said:
He said to delete all data files in the Voodooshield ProgramData folder, and reinstall.

yeah, that's a common problem of VS. Sometimes, after a big update, it becomes incompatible with the previous data files and creates random bugs. we may try to backup the settings to VS cloud if we have the pro version, there is an option. If it doesn't work we have to reset the programdata folder

shmu26 · May 28, 2017

Evjl's Rain said:
yeah, that's a common problem of VS. Sometimes, after a big update, it becomes incompatible with the previous data files and creates random bugs. we may try to backup the settings to VS cloud if we have the pro version, there is an option. If it doesn't work we have to reset the programdata folder

This happened not too long after Thursday's Windows 10 update. Maybe that's connected?
But it was not after a VS update.

Evjl's Rain · May 28, 2017

shmu26 said:
This happened not too long after Thursday's Windows 10 update. Maybe that's connected?
But it was not after a VS update.

I really don't know but I don't think it's a problem

shmu26 · May 28, 2017

Evjl's Rain said:
I really don't know but I don't think it's a problem

I agree with you, but nevertheless, I will give a clean reinstall a chance to prove itself.

enaph · Jun 3, 2017

@danb I was wondering if it could be an option to add a forced cloud upload function to VS (under the restore settings in about section for example)?
Somehow I've removed my computer from my online account

and I wasn't able to upload my whitelist to the cloud until I confirmed my registration again.

Handsome Recluse · Jun 3, 2017

mekelek said:
i guess VS isn't only for "novice/beginner" users after all.

I'd be really interested how VoodooShield/Comodo Firewall/etc. would work when used by a bunch of novice users. The coming of Windows 10 S and Chromebooks would already tell what happens when all app installations are blocked.

VoodooShield discussion

Level 85

Level 7

Level 25

Level 85

Level 85

Level 25

Level 85

Level 7

Level 85

Deleted member 178

Level 29

Level 85

Level 25

Level 85

Level 47

Level 85

Level 47

Level 85

Level 29

Level 23

Similar threads