VoodooShield discussion

Status
Not open for further replies.

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Installed 4.04 and no i don't have any default rules. Installed 4.03 and they come back. Reinstall 4.04 and they disappear again. I tried to create a rule in 4.04 but when the wizard finished there was nothing in the rules. Not sure if rules are missing or just not being displayed.
 

boredog

Level 9
Verified
Jul 5, 2016
416
Installed 4.04.
I had an unknown file VS gave a popup on. At the time I blocked it. Later I looked up the file and it belongs to Windows Defender.
Went back to user log and tried to whitelist the file and got error. I clicked quite and VS did shut down.
 

Attachments

  • ScreenHunter_84 Sep. 16 13.54.jpg
    ScreenHunter_84 Sep. 16 13.54.jpg
    53.6 KB · Views: 380

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Installed 4.04 and no i don't have any default rules. Installed 4.03 and they come back. Reinstall 4.04 and they disappear again. I tried to create a rule in 4.04 but when the wizard finished there was nothing in the rules. Not sure if rules are missing or just not being displayed.
Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Installed 4.04.
I had an unknown file VS gave a popup on. At the time I blocked it. Later I looked up the file and it belongs to Windows Defender.
Went back to user log and tried to whitelist the file and got error. I clicked quite and VS did shut down.
This is similar to the conversion bug above, let me see what I can do, thank you!
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!
Yes, that's the exact message. I changed my Region Date and Time Settings from "English (United Kingdom)" to "English (United States)" and I can see the default rules and my custom rules.

Update:
I'm see this message in the DeveloperService.log, if it's helps...
Code:
Exception in VoodooShieldWCF_CleanupWhitelist: String was not recognized as a valid DateTime..    at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles)
   at VoodooShieldService.SnapShotStorage.GetAllProcess()
   at VoodooShieldService.VoodooShieldWCF.CleanupWhitelist()
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Yes, that's the exact message. I changed my Region Date and Time Settings from "English (United Kingdom)" to "English (United States)" and I can see the default rules and my custom rules.

Update:
I'm see this message in the DeveloperService.log, if it's helps...
Code:
Exception in VoodooShieldWCF_CleanupWhitelist: String was not recognized as a valid DateTime..    at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles)
   at VoodooShieldService.SnapShotStorage.GetAllProcess()
   at VoodooShieldService.VoodooShieldWCF.CleanupWhitelist()
Very cool, thank you, that will help me reproduce the error on my end... it will be a super easy fix. I have always been absolutely terrible with Region / Conversion issues, but if I can reproduce them, they are super easy.
 

vonvon

Level 2
Verified
Nov 25, 2014
88
I installed VS 4.04b, fresh install. registration etc... ok
All ok, 2 reboots, all ok
Another complete reboot , register forgotten ... ? I re regist, tomorrow, I will see.
French version of windows 10.

I think I m not good enough to translate all VS in french, but I can help, if necessary.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Clean installation. Everytime I open WinRAR I get a pop-up window. Even though I allow the program, the next time I call it up the window is there again. The other odd thing is that the pop-up window freezes initially and does not respond to mouse clicks for several seconds.

I had a similar problem with Q-Dir (a file manager). I had to block it and then whitelist it from the log since allowing it never added to the whitelist. This had the same non-responsive window delay as WinRAR.

Am I doing something wrong here?
 

ColonelMal

Level 3
Verified
Well-known
Jul 5, 2017
109
I installed v.4.0.4b over 4.0.3b but the same problem that I had mentioned in this posting continues. I had to go back to v. 3.59b with which I don't experience the programs freezing.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Very cool, thank you, that will help me reproduce the error on my end... it will be a super easy fix. I have always been absolutely terrible with Region / Conversion issues, but if I can reproduce them, they are super easy.
I have English (South Africa). FWIW I do see the two default rules (no custom rules created yet). I installed 4.04b over the top of 4.03b.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Here is 4.04... you should be able to install over the top of 4.03b, but if you run into problems, please uninstall, reboot and reinstall.

http://www.voodooshield.com/Download/beta4/InstallVoodooShield404beta.exe

I believe most of the bugs are fixed, but there will most likely be a few small bugs over the next couple of weeks that we will need to fix.

Thank you guys!
Thank you, Dan!

I know you are not currently active on that forum, but you may want to consider this for a future release, for those who are not comfortable with creating rules?
VoodooShield ?
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!
I have the same problem as @askmark on my Dutch (Nederlands) Windows 10. No rules present.
15 errors in the DeveloperLog.log.
If you want I can sent the DeveloperLog,log to you by mail?
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Regarding my issue w/WinRAR not going to whitelist... I did another clean install. Here's what I found... when I run in Autopilot, WinRAR opens without incident. When I run in Default, I must always allow WinRAR, and allowing WinRAR does not place it in whitelist - NOR does it show in the User Log.

Relatedly, when I first ran 7zip in Default, I got the pop-up window (again frozen for few seconds; is that an internet connectivity issue? other?) but allowing it added it to the whitelist (notably it DOES also show in the User Log, unlike WinRAR).

I recall a few months ago that there was the concern of launching executables contained in WinRAR. Was something done w/WinRAR AI that prevents WinRAR from being added to the allow list?
 

boredog

Level 9
Verified
Jul 5, 2016
416
4.04
Requires registration when booting up in the morning.
Question: Was it decided the culprit was CCleaner deleting the VS file in the users temp folder?And by making that file read only was the workaround for now?
 
Last edited:
  • Like
Reactions: simmerskool

Wolfsbane

Level 1
Sep 6, 2017
5
Are
The final site will be https, the same way voodooshield.com is currently. We need to work a few things out before we add the certificate.

The reality is that https is subject to BGP hijacking as well, so the only real concern is if a beta tester running VS goes to a coffee shop with public wifi, and there happens to be a mitm attacker who is interested in logging in to your VoodooShield Management Console to change your VoodooShield settings or edit your whitelist. If you ask me, that is being way paranoid.

Since I do not specialize in web security, if there are other risks that I am unaware of, please let me know, because we will need to shut down the beta test asap until we add the certificate to the server.
Aren't these settings pulled from the server instead of pushed to the client? If you're using salted hashes and authenticating the client then I'm not sure why BGP hijacking is a problem where it concerns end to end encryption. Sending things in the open, i.e. Plaintext http without implementing any modern encryption protocol is asking for trouble.

Not meant as a criticism, only an observation. Since you're not reading my PMs on MT I refer you to the current state of VS web management :

Observatory by Mozilla

The good news is you're aware of the problem. The bad news is there are so many solutions in the market that you'll have to consider whether an IH solution is viable given your experience level.

Personally, I believe you can get by with Let's Encrypt and applying the suggestions at the observatory.

Packaged solutions include the open source Caddy server that you can tailor to your needs.

Unfortunately the VS beta requires a pro key and registration to unlock its customization features so testing is limited. As of the latest beta the rules section broke which seems critical so I'll be moving on for now.

Good luck with your future endeavors
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
4.04
Requires registration when booting up in the morning.
Question: Was it decided the culprit was CCleaner deleting the VS file in the users temp folder?And by making that file read only was the workaround for now?
Yes, or adding it as exception (options exclude) in CCleaner. A better solution IMO.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Are
Aren't these settings pulled from the server instead of pushed to the client? If you're using salted hashes and authenticating the client then I'm not sure why BGP hijacking is a problem where it concerns end to end encryption. Sending things in the open, i.e. Plaintext http without implementing any modern encryption protocol is asking for trouble.

Not meant as a criticism, only an observation. Since you're not reading my PMs on MT I refer you to the current state of VS web management :

Observatory by Mozilla

The good news is you're aware of the problem. The bad news is there are so many solutions in the market that you'll have to consider whether an IH solution is viable given your experience level.

Personally, I believe you can get by with Let's Encrypt and applying the suggestions at the observatory.

Packaged solutions include the open source Caddy server that you can tailor to your needs.

Unfortunately the VS beta requires a pro key and registration to unlock its customization features so testing is limited. As of the latest beta the rules section broke which seems critical so I'll be moving on for now.

Good luck with your future endeavors
I have seen FUD, but this is FUD on a whole new level. I will be brief.

April King — Observatory by Mozilla: Making the Web Safer

We’re All Failing
Just how bad is adoption? Well, the Observatory has been used to scan over 1.3 million websites so far, and 91% of them don’t take advantage of modern security advances. These aren’t tiny sites either; among these 1.3 million websites are some of the most popular websites in the world.

Overall Results
Passing 121,984
Failing 1,212,826
Total Scans 1,334,810

Everyone feel free to scan a few sites on their own...Observatory by Mozilla

You are correct, I am not a web security specialist... my focus is on VS and stopping malware. I do not try to be a know it all... if something does not interest me, or if I am not good at it, then I hire the right person to do the work.

Now, can I please get back to work so I can finish VS 4.0, and so we can also bring our 6 year old website up to current security standards, even though we do not collect and store private information?
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Yes, or adding it as exception (options exclude) in CCleaner. A better solution IMO.
Very cool, thank you for finding that guys! I moved the token to programdata (in 4.05b), where the .db files are stored... the only thing is that everyone will have to register yet again ;).

Since we are severely running out of connections to the server, people running VS Free will no longer be connected to the server... they really did not need to be in the first place. As a matter of fact, I am trying to talk Alex into not have anyone continuously connected, and just send requests when we need them.

I believe the Region / conversion issues are fixed and will release VS 4.05b soon so we can test to see, thank you!
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top