VoodooShield discussion

Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Question to those who had trouble with Windows updates and VS 4: Were you in alert mode? I am wondering whether autopilot might handle it better.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
A suggestion.... Often I go to install mode for software updates. I've noticed through that the subsequent VS pop-up reminding me that VS is inactive is buried under my active windows, so it goes unnoticed for quite some time. It would be nice to force the pop-up warning "always on top".
 

boredog

Level 9
Verified
Jul 5, 2016
416
Went to cookoo and got a warning from smart screen.
 

Attachments

  • ScreenHunter_82 Sep. 13 10.14.jpg
    ScreenHunter_82 Sep. 13 10.14.jpg
    73 KB · Views: 490

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
this is interesting
if VS is not running and I reboot it will startup normally,
but if VS is running and I reboot it won't startup
That is VERY interesting... if this is true for everyone, then I think I know what is wrong, and it is an easy fix. Thank you for discovering this and letting me know!
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
That is VERY interesting... if this is true for everyone, then I think I know what is wrong, and it is an easy fix. Thank you for discovering this and letting me know!
It is not true for me. Whether I exit VS 402 before rebooting, or whether I just never loaded it in the first place, it still fails to autostart after reboot.
 

boredog

Level 9
Verified
Jul 5, 2016
416
Per VT, BitDefender classifies voodooshield.ddns.net as malware.

That is what came up when I clicked on the cookoo tab from within VS. VS clicked up a warning about a file and I chose cookoo to analyze it. The file was splwow64.exe and I don't have any Idea why it was even flagged. The file is used along with printers which I do not have. If it was auto allowed, why did VS kick up a warning, then get that page when trying to use cookoo? If I type voodooshield.ddns.net I do not get the smart screen warning. I do when adding the :8080 ( voodooshield.ddns.net:8080 )
 

Attachments

  • ScreenHunter_83 Sep. 13 14.44.jpg
    ScreenHunter_83 Sep. 13 14.44.jpg
    22 KB · Views: 488
Last edited:
  • Like
Reactions: Gandalf_The_Grey
P

plat1098

That is VERY interesting... if this is true for everyone, then I think I know what is wrong, and it is an easy fix. Thank you for discovering this and letting me know!

NOT true on here either, and strangely, have never had VS fail to autostart. The one persistent thing is that exiting VS prior to shutdown results in a nice, snappy shutdown, along with the monitor syncing its shutdown also.
 

boredog

Level 9
Verified
Jul 5, 2016
416
Here you can see from my log what went down. I clicked block the file a few times, then for some reason the log shows that VS was either set to autopilot set to off
after selecting cookoo. I never set VS to either autopilot or off, ll I did was click the cookoo tab for that file.

[09-13-2017 10:12:55] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:12:56] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:13:00] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:13:00] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:04] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\searchindexer.exe
[09-13-2017 10:13:05] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\svchost.exe
[09-13-2017 10:13:15] [INFO ] - Cuckoo Analysis: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\dmclient.exe
[09-13-2017 10:13:17] [INFO ] - Auto Allowed: splwow64.exe, c:\windows\splwow64.exe
[09-13-2017 10:13:17] [INFO ] - Process allowed by VSMode OFF or AutoPilot: c:\windows\splwow64.exe
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
VS fail to autostart after computer is off for a while or overnight.
Either asking for Registration or need a manual startup.
Setting are kept however, but for AUTOPILOT that revert to Smart(default)
 
  • Like
Reactions: Gandalf_The_Grey

scootnod

Level 1
Sep 3, 2017
12
I have VoodooShield service set to delayed startup so the GUI starts. I have noticed every time if I do a cold boot it is the first thing that shows up in the taskbar if I do a warm reboot it delays for a minute or two before starting like I would expect from the setting.
 
  • Like
Reactions: shmu26

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Hey guys, here is 4.03… if you are running 3.59 or 4.02, you should be able to install over the top. If you are running 4.00 or 4.01, you really need to uninstall VS, click “yes” when it asks you if you want to delete the settings and log files, then reboot the computer, then install 4.03.

I temporarily slowed down the VS startup slightly… I am not sure if you guys will notice it or not, but once this final startup bug is resolved, I will be sure to change it back. I added logging to the startup code to see why VS is not starting for some users.

There is a small chance that the startup issue is fixed, but if not, the extra logging should guide us in the right direction.

Also, after Sunshine-boy mentioned the blacklist scan not being available everywhere, I started to look into this a little more. I noticed that there were quite a few small bugs when the blacklist scan was disabled, so I believe those are all now fixed, but if you guys see anything, please let me know. But really, if the blacklist scan is not available, there is not much I can do on my end… but really, if you simply disable the blacklist scan and rely on VoodooAi, you should be in great shape. I probably would not keep VS on AutoPilot if you disable the blacklist scanner, unless you are running a great AV along with VS. Actually, AutoPilot is not really designed to be used on a daily basis, even with the blacklist and VoodooAi enabled… if you ask me, the computer needs to be locked when it is at risk .

But if you were really wanting to run on AutoPilot, a rule or a few rules might be very, very handy in this situation… maybe something like (I am sure we can come up with something better than this):



Block All files on My Computer when VoodooShield is AUTOPILOT

If VoodooAi is greater than or equal to 33.



I am not sure if you guys have noticed, but VoodooAi has become amazingly accurate the last 6-9 months, and it is only going to get better as it goes. Usually when I am analyzing and testing malware or potential false positives, I take 3 factors into consideration. 1. The overall blacklist scan results, 2. VoodooAi, 3. Cuckoo Sandbox. A lot of times they all 3 agree, so the sample is either obviously benign or obviously malware. But when one of these 3 analysis do not agree with the other 2, from my experience, VoodooAi typically does not let me down… although it can be wrong from time to time.

Then again, if VoodooAi (or any other malware engine) were perfect, there would not be a need for VS .

And the false positives are now at an all-time minimum… just go to any download type site and try it for yourself. But the reason I bring this up is that new technologies need a little time to improve and mature. So for example, I am really excited to see what happens with the new rules feature a year from now.

There were a lot of other bug fixes and changes in this version… I think we are getting close.

http://www.voodooshield.com/Download/beta4/InstallVoodooShield403beta.exe

Thank you guys for letting me know about the BD FP… I submitted a FP with them. In all fairness, there is live malware on our Cuckoo Sandbox site… I am surprised it took 3 or so years for anyone to notice .

BTW, thank you guys for all of your input, and responses… If I had time to respond to each one, I would, but as you know, things are kind of crazy right now . After we track down these last couple of bugs, we will be in great shape though. I do read everything though, and I really appreciate your help!
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Installed over the top. All seems fine.

The autostart issue is somehow related to the length the computer stay turned off, in my case. So I'll monitor for the day and post tomorrow.;)
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
installed 4.03 beta from scratch (other versions had been removed), accepted license aok, started on reboot this time aok. so looking good... UNTIL, connected to my vpn to come over here, and VS crashed with a popup from MS (win7_64) do I want to send them details, no not really. running SUA, with EAM and cf10@cs, had run 3.59 with this security software aok. so not sure what caused crashed. Looking into it later, have to step out for a few minutes... :oops:
 
  • Like
Reactions: Gandalf_The_Grey
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top