VoodooShield discussion

[shmu26]

also HMPA failed, according to him (if I don't misunderstand)

HMPA 3.7 is in closed beta, I wonder if it does better?

 

[Peter2150]

Frankly I consider the test bogus. Appguard will protect the system against any Run32dll attack, but not by blocking it's execution. I tested against several hundred malware samples gathered here, and VS,ERP, and Appguard protected the system against all of them. In fact to test ERP and VS I had to shut down Appguard or ERP and VS never even got a chance to do anything.

The problem here is Dan said he was testing WHitelisting anti exe's Appguard doesn't even have a whitelist, and it isn't really an AE. Bogus test.

 

[Parsh]

On Friday, I removed Babylon translation software from automatic startup, and rebooted.
BSOD.
Rebooted again, and Windows could not finish loading.
Rebooted into safe mode, uninstalled VS, rebooted.
Windows loaded properly.

I reinstalled VS, put it in training mode, and rebooted, and then switched to alert mode, rebooted.
Windows loaded properly.

VS has some more work to do with whitelisting command lines. When VS can't read a command line, for whatever reason, this can bork the system.

In fact, the whole reason why I removed Babylon from automatic startup in the first place was to try and solve a VS command line problem. VS was intermittently prompting me for a certain Babylon dll that loads relatively early after system startup. Sometimes it precedes VS, and sometimes not.

Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

 

[shmu26]

Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

Dan knows that VS has a hard time reading certain command lines. He often recommends that people put VS in training mode, and in extreme cases, even to install software in training mode, in order to overcome this problem.

 

[shmu26]

Thanks for mentioning this problem. Did you discuss the entire incident and the apparent culprit module with Dan?
Though I know that they're working on improving Command-line scanning, I'm not sure if this issue is known and being worked upon.

Thanks to your encouragement, I just emailed Dan my report on the problem, together with my logs...

 

[Parsh]

Thanks to your encouragement, I just emailed Dan my report on the problem, together with my logs...

Nice We know that Dan will put his best to understand and solve these queries/issues for the upcoming versions.

 

[shmu26]

VoodooShield said:
Yeah, can you send me her settings? I tested with default settings and it was not an optimal result . Maybe Comodo should use CS's settings for everyone.

In other words, Dan gave a polite but evasive answer, in order to avoid an epic battle with the Comodo enthusiasts. Smart move, actually.

 

[Peter2150]

I want to amend someothing I said relative to Dan's test and the Appguard results. I used the word bogus, which could imply intentional deceit. I certainly don't believe that to be the case, so it would be more appropriate to describe the results as invalid.

Pete

 

[shmu26]

I want to amend someothing I said relative to Dan's test and the Appguard results. I used the word bogus, which could imply intentional deceit. I certainly don't believe that to be the case, so it would be more appropriate to describe the results as invalid.

Pete

Perhaps it could best be said that the results present a very interesting but very incomplete picture.

 

[Deleted member 178]

Perhaps it could best be said that the results present a very interesting but very incomplete picture.

You nailed it. it just showed the 1st stage of the attack , which is not dangerous by itself.

using an analogy :

A terrorist want put a bomb in a building, for that he needs to make a hole in the wall and then place the bomb; the hole isn't dangerous, the bomb is.

 

[Av Gurus]

...this new terrorist don't need hole they just come to building...kill himself and everybody else...

 

[shmu26]

Nice We know that Dan will put his best to understand and solve these queries/issues for the upcoming versions.

After looking at logs, he said it was a corrupted data base.

 

[Parsh]

After looking at logs, he said it was a corrupted data base.

The training/whitelisting database? Then resetting or reinstalling should be the way I guess, unless the problem corrupting the database confronts again.

 

[shmu26]

The training/whitelisting database? Then resetting or reinstalling should be the way I guess, unless the problem corrupting the database confronts again.

He said to delete all data files in the Voodooshield ProgramData folder, and reinstall.

 

[Evjl's Rain]

He said to delete all data files in the Voodooshield ProgramData folder, and reinstall.

yeah, that's a common problem of VS. Sometimes, after a big update, it becomes incompatible with the previous data files and creates random bugs. we may try to backup the settings to VS cloud if we have the pro version, there is an option. If it doesn't work we have to reset the programdata folder

 

[shmu26]

yeah, that's a common problem of VS. Sometimes, after a big update, it becomes incompatible with the previous data files and creates random bugs. we may try to backup the settings to VS cloud if we have the pro version, there is an option. If it doesn't work we have to reset the programdata folder

This happened not too long after Thursday's Windows 10 update. Maybe that's connected?
But it was not after a VS update.

 

[Evjl's Rain]

This happened not too long after Thursday's Windows 10 update. Maybe that's connected?
But it was not after a VS update.

I really don't know but I don't think it's a problem

 

[shmu26]

I really don't know but I don't think it's a problem

I agree with you, but nevertheless, I will give a clean reinstall a chance to prove itself.

 

[enaph]

@danb I was wondering if it could be an option to add a forced cloud upload function to VS (under the restore settings in about section for example)?
Somehow I've removed my computer from my online account and I wasn't able to upload my whitelist to the cloud until I confirmed my registration again.

 

[Handsome Recluse]

i guess VS isn't only for "novice/beginner" users after all.

I'd be really interested how VoodooShield/Comodo Firewall/etc. would work when used by a bunch of novice users. The coming of Windows 10 S and Chromebooks would already tell what happens when all app installations are blocked.