- Aug 19, 2017
- 278
Dan
VS did not startup this morning, requiring a manual start, it did keep the setting though once on.
BTW no issues with Windows updates.
VoodooShield discussion
- Thread starter Evjl's Rain
- Start date
- Status
VS did not startup this morning, requiring a manual start, it did keep the setting though once on.
BTW no issues with Windows updates.
- Jul 3, 2015
- 8,153
Question to those who had trouble with Windows updates and VS 4: Were you in alert mode? I am wondering whether autopilot might handle it better.
- Jan 29, 2017
- 1,201
A suggestion.... Often I go to install mode for software updates. I've noticed through that the subsequent VS pop-up reminding me that VS is inactive is buried under my active windows, so it goes unnoticed for quite some time. It would be nice to force the pop-up warning "always on top".
- Jul 5, 2016
- 416
- Jan 29, 2017
- 1,201
Per VT, BitDefender classifies voodooshield.ddns.net as malware.
this is interesting
if VS is not running and I reboot it will startup normally,
but if VS is running and I reboot it won't startup
if VS is not running and I reboot it will startup normally,
but if VS is running and I reboot it won't startup
- May 31, 2017
- 1,658
That is VERY interesting... if this is true for everyone, then I think I know what is wrong, and it is an easy fix. Thank you for discovering this and letting me know!
- Jul 3, 2015
- 8,153
It is not true for me. Whether I exit VS 402 before rebooting, or whether I just never loaded it in the first place, it still fails to autostart after reboot.
- Jan 29, 2017
- 1,201
Exited VS/reboot/autologin: No autostart
Exited VS/stopped service/reboot/autologin: No autostart
Restarted service after autologin: VS gui starts
Exited VS/stopped service/reboot/autologin: No autostart
Restarted service after autologin: VS gui starts
- Jul 5, 2016
- 416
That is what came up when I clicked on the cookoo tab from within VS. VS clicked up a warning about a file and I chose cookoo to analyze it. The file was splwow64.exe and I don't have any Idea why it was even flagged. The file is used along with printers which I do not have. If it was auto allowed, why did VS kick up a warning, then get that page when trying to use cookoo? If I type voodooshield.ddns.net I do not get the smart screen warning. I do when adding the :8080 ( voodooshield.ddns.net:8080 )
Attachments
Last edited:
NOT true on here either, and strangely, have never had VS fail to autostart. The one persistent thing is that exiting VS prior to shutdown results in a nice, snappy shutdown, along with the monitor syncing its shutdown also.
- Jul 5, 2016
- 416
Here you can see from my log what went down. I clicked block the file a few times, then for some reason the log shows that VS was either set to autopilot set to off
after selecting cookoo. I never set VS to either autopilot or off, ll I did was click the cookoo tab for that file.
[09-13-2017 10:12:55] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:12:56] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:13:00] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:13:00] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:04] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\searchindexer.exe
[09-13-2017 10:13:05] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\svchost.exe
[09-13-2017 10:13:15] [INFO ] - Cuckoo Analysis: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\dmclient.exe
[09-13-2017 10:13:17] [INFO ] - Auto Allowed: splwow64.exe, c:\windows\splwow64.exe
[09-13-2017 10:13:17] [INFO ] - Process allowed by VSMode OFF or AutoPilot: c:\windows\splwow64.exe
after selecting cookoo. I never set VS to either autopilot or off, ll I did was click the cookoo tab for that file.
[09-13-2017 10:12:55] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:12:55] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:12:56] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\wbem\wmiapsrv.exe
[09-13-2017 10:13:00] [INFO ] - User Blocked: c:\windows\splwow64.exe
[09-13-2017 10:13:00] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:04] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\searchindexer.exe
[09-13-2017 10:13:05] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\svchost.exe
[09-13-2017 10:13:15] [INFO ] - Cuckoo Analysis: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process blocked by User Clicking Block: c:\windows\splwow64.exe
[09-13-2017 10:13:15] [INFO ] - Process allowed by Current Whitelist Snapshot: c:\windows\system32\dmclient.exe
[09-13-2017 10:13:17] [INFO ] - Auto Allowed: splwow64.exe, c:\windows\splwow64.exe
[09-13-2017 10:13:17] [INFO ] - Process allowed by VSMode OFF or AutoPilot: c:\windows\splwow64.exe
danb just wanted to say luv VS and keep up the the great job you are doing !
- Aug 19, 2017
- 278
VS fail to autostart after computer is off for a while or overnight.
Either asking for Registration or need a manual startup.
Setting are kept however, but for AUTOPILOT that revert to Smart(default)
Either asking for Registration or need a manual startup.
Setting are kept however, but for AUTOPILOT that revert to Smart(default)
- May 31, 2017
- 1,658
Hey guys, here is 4.03… if you are running 3.59 or 4.02, you should be able to install over the top. If you are running 4.00 or 4.01, you really need to uninstall VS, click “yes” when it asks you if you want to delete the settings and log files, then reboot the computer, then install 4.03.
I temporarily slowed down the VS startup slightly… I am not sure if you guys will notice it or not, but once this final startup bug is resolved, I will be sure to change it back. I added logging to the startup code to see why VS is not starting for some users.
There is a small chance that the startup issue is fixed, but if not, the extra logging should guide us in the right direction.
Also, after Sunshine-boy mentioned the blacklist scan not being available everywhere, I started to look into this a little more. I noticed that there were quite a few small bugs when the blacklist scan was disabled, so I believe those are all now fixed, but if you guys see anything, please let me know. But really, if the blacklist scan is not available, there is not much I can do on my end… but really, if you simply disable the blacklist scan and rely on VoodooAi, you should be in great shape. I probably would not keep VS on AutoPilot if you disable the blacklist scanner, unless you are running a great AV along with VS. Actually, AutoPilot is not really designed to be used on a daily basis, even with the blacklist and VoodooAi enabled… if you ask me, the computer needs to be locked when it is at risk .
But if you were really wanting to run on AutoPilot, a rule or a few rules might be very, very handy in this situation… maybe something like (I am sure we can come up with something better than this):
Block All files on My Computer when VoodooShield is AUTOPILOT
If VoodooAi is greater than or equal to 33.
I am not sure if you guys have noticed, but VoodooAi has become amazingly accurate the last 6-9 months, and it is only going to get better as it goes. Usually when I am analyzing and testing malware or potential false positives, I take 3 factors into consideration. 1. The overall blacklist scan results, 2. VoodooAi, 3. Cuckoo Sandbox. A lot of times they all 3 agree, so the sample is either obviously benign or obviously malware. But when one of these 3 analysis do not agree with the other 2, from my experience, VoodooAi typically does not let me down… although it can be wrong from time to time.
Then again, if VoodooAi (or any other malware engine) were perfect, there would not be a need for VS .
And the false positives are now at an all-time minimum… just go to any download type site and try it for yourself. But the reason I bring this up is that new technologies need a little time to improve and mature. So for example, I am really excited to see what happens with the new rules feature a year from now.
There were a lot of other bug fixes and changes in this version… I think we are getting close.
http://www.voodooshield.com/Download/beta4/InstallVoodooShield403beta.exe
Thank you guys for letting me know about the BD FP… I submitted a FP with them. In all fairness, there is live malware on our Cuckoo Sandbox site… I am surprised it took 3 or so years for anyone to notice .
BTW, thank you guys for all of your input, and responses… If I had time to respond to each one, I would, but as you know, things are kind of crazy right now . After we track down these last couple of bugs, we will be in great shape though. I do read everything though, and I really appreciate your help!
I temporarily slowed down the VS startup slightly… I am not sure if you guys will notice it or not, but once this final startup bug is resolved, I will be sure to change it back. I added logging to the startup code to see why VS is not starting for some users.
There is a small chance that the startup issue is fixed, but if not, the extra logging should guide us in the right direction.
Also, after Sunshine-boy mentioned the blacklist scan not being available everywhere, I started to look into this a little more. I noticed that there were quite a few small bugs when the blacklist scan was disabled, so I believe those are all now fixed, but if you guys see anything, please let me know. But really, if the blacklist scan is not available, there is not much I can do on my end… but really, if you simply disable the blacklist scan and rely on VoodooAi, you should be in great shape. I probably would not keep VS on AutoPilot if you disable the blacklist scanner, unless you are running a great AV along with VS. Actually, AutoPilot is not really designed to be used on a daily basis, even with the blacklist and VoodooAi enabled… if you ask me, the computer needs to be locked when it is at risk .
But if you were really wanting to run on AutoPilot, a rule or a few rules might be very, very handy in this situation… maybe something like (I am sure we can come up with something better than this):
Block All files on My Computer when VoodooShield is AUTOPILOT
If VoodooAi is greater than or equal to 33.
I am not sure if you guys have noticed, but VoodooAi has become amazingly accurate the last 6-9 months, and it is only going to get better as it goes. Usually when I am analyzing and testing malware or potential false positives, I take 3 factors into consideration. 1. The overall blacklist scan results, 2. VoodooAi, 3. Cuckoo Sandbox. A lot of times they all 3 agree, so the sample is either obviously benign or obviously malware. But when one of these 3 analysis do not agree with the other 2, from my experience, VoodooAi typically does not let me down… although it can be wrong from time to time.
Then again, if VoodooAi (or any other malware engine) were perfect, there would not be a need for VS .
And the false positives are now at an all-time minimum… just go to any download type site and try it for yourself. But the reason I bring this up is that new technologies need a little time to improve and mature. So for example, I am really excited to see what happens with the new rules feature a year from now.
There were a lot of other bug fixes and changes in this version… I think we are getting close.
http://www.voodooshield.com/Download/beta4/InstallVoodooShield403beta.exe
Thank you guys for letting me know about the BD FP… I submitted a FP with them. In all fairness, there is live malware on our Cuckoo Sandbox site… I am surprised it took 3 or so years for anyone to notice .
BTW, thank you guys for all of your input, and responses… If I had time to respond to each one, I would, but as you know, things are kind of crazy right now . After we track down these last couple of bugs, we will be in great shape though. I do read everything though, and I really appreciate your help!
- Aug 19, 2017
- 278
Installed over the top. All seems fine.
The autostart issue is somehow related to the length the computer stay turned off, in my case. So I'll monitor for the day and post tomorrow.
The autostart issue is somehow related to the length the computer stay turned off, in my case. So I'll monitor for the day and post tomorrow.
Last edited:
- Apr 16, 2017
- 2,094
installed 4.03 beta from scratch (other versions had been removed), accepted license aok, started on reboot this time aok. so looking good... UNTIL, connected to my vpn to come over here, and VS crashed with a popup from MS (win7_64) do I want to send them details, no not really. running SUA, with EAM and cf10@cs, had run 3.59 with this security software aok. so not sure what caused crashed. Looking into it later, have to step out for a few minutes...
- Apr 1, 2017
- 1,760
I prefer voodoo Ai to VT.
This issue exists since I meet vs but was not important for me because I don't need VT at all and I like the always-on mode.
- Status
