VoodooShield discussion

[askmark]

Installed 4.04 and no i don't have any default rules. Installed 4.03 and they come back. Reinstall 4.04 and they disappear again. I tried to create a rule in 4.04 but when the wizard finished there was nothing in the rules. Not sure if rules are missing or just not being displayed.

 

[boredog]

Installed 4.04.
I had an unknown file VS gave a popup on. At the time I blocked it. Later I looked up the file and it belongs to Windows Defender.
Went back to user log and tried to whitelist the file and got error. I clicked quite and VS did shut down.

 

[danb]

Installed 4.04 and no i don't have any default rules. Installed 4.03 and they come back. Reinstall 4.04 and they disappear again. I tried to create a rule in 4.04 but when the wizard finished there was nothing in the rules. Not sure if rules are missing or just not being displayed.

Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!

 

[danb]

Installed 4.04.
I had an unknown file VS gave a popup on. At the time I blocked it. Later I looked up the file and it belongs to Windows Defender.
Went back to user log and tried to whitelist the file and got error. I clicked quite and VS did shut down.

This is similar to the conversion bug above, let me see what I can do, thank you!

 

[askmark]

Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!

Yes, that's the exact message. I changed my Region Date and Time Settings from "English (United Kingdom)" to "English (United States)" and I can see the default rules and my custom rules.

Update:
I'm see this message in the DeveloperService.log, if it's helps...

Exception in VoodooShieldWCF_CleanupWhitelist: String was not recognized as a valid DateTime..    at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles)
   at VoodooShieldService.SnapShotStorage.GetAllProcess()
   at VoodooShieldService.VoodooShieldWCF.CleanupWhitelist()

 

[danb]

Yes, that's the exact message. I changed my Region Date and Time Settings from "English (United Kingdom)" to "English (United States)" and I can see the default rules and my custom rules.

Update:
I'm see this message in the DeveloperService.log, if it's helps...

Exception in VoodooShieldWCF_CleanupWhitelist: String was not recognized as a valid DateTime..    at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles)
   at VoodooShieldService.SnapShotStorage.GetAllProcess()
   at VoodooShieldService.VoodooShieldWCF.CleanupWhitelist()

Very cool, thank you, that will help me reproduce the error on my end... it will be a super easy fix. I have always been absolutely terrible with Region / Conversion issues, but if I can reproduce them, they are super easy.

 

[vonvon]

I installed VS 4.04b, fresh install. registration etc... ok
All ok, 2 reboots, all ok
Another complete reboot , register forgotten ... ? I re regist, tomorrow, I will see.
French version of windows 10.

I think I m not good enough to translate all VS in french, but I can help, if necessary.

 

[VecchioScarpone]

Did a clean installation. Started and restarted the computer several time and VS seem quick on its mark, no registration nor autostart issues.
Great CPU reading, remarkably low.
Fingers crossed...

 

[codswollip]

Clean installation. Everytime I open WinRAR I get a pop-up window. Even though I allow the program, the next time I call it up the window is there again. The other odd thing is that the pop-up window freezes initially and does not respond to mouse clicks for several seconds.

I had a similar problem with Q-Dir (a file manager). I had to block it and then whitelist it from the log since allowing it never added to the whitelist. This had the same non-responsive window delay as WinRAR.

Am I doing something wrong here?

 

[ColonelMal]

I installed v.4.0.4b over 4.0.3b but the same problem that I had mentioned in this posting continues. I had to go back to v. 3.59b with which I don't experience the programs freezing.

 

[paulderdash]

Very cool, thank you, that will help me reproduce the error on my end... it will be a super easy fix. I have always been absolutely terrible with Region / Conversion issues, but if I can reproduce them, they are super easy.

I have English (South Africa). FWIW I do see the two default rules (no custom rules created yet). I installed 4.04b over the top of 4.03b.

 

[paulderdash]

Here is 4.04... you should be able to install over the top of 4.03b, but if you run into problems, please uninstall, reboot and reinstall.

http://www.voodooshield.com/Download/beta4/InstallVoodooShield404beta.exe

I believe most of the bugs are fixed, but there will most likely be a few small bugs over the next couple of weeks that we will need to fix.

Thank you guys!

Thank you, Dan!

I know you are not currently active on that forum, but you may want to consider this for a future release, for those who are not comfortable with creating rules?
VoodooShield ?

 

[vonvon]

No registration or autostart issues this morning (in France), everything smoothy.

 

[Gandalf_The_Grey]

Hmmm, very odd. I tried to fix this for non-english users, but it must have broke for english users.

If you look in your DeveloperLog.log, you will probably see something like this : Exception in CurrentData_LoadRulesItems: String was not recognized as a valid DateTime...

The odd thing is that it worked great for me. It is a simple conversion bug, I will figure it out, thank you!

I have the same problem as @askmark on my Dutch (Nederlands) Windows 10. No rules present.
15 errors in the DeveloperLog.log.
If you want I can sent the DeveloperLog,log to you by mail?

 

[codswollip]

Regarding my issue w/WinRAR not going to whitelist... I did another clean install. Here's what I found... when I run in Autopilot, WinRAR opens without incident. When I run in Default, I must always allow WinRAR, and allowing WinRAR does not place it in whitelist - NOR does it show in the User Log.

Relatedly, when I first ran 7zip in Default, I got the pop-up window (again frozen for few seconds; is that an internet connectivity issue? other?) but allowing it added it to the whitelist (notably it DOES also show in the User Log, unlike WinRAR).

I recall a few months ago that there was the concern of launching executables contained in WinRAR. Was something done w/WinRAR AI that prevents WinRAR from being added to the allow list?

 

[boredog]

4.04
Requires registration when booting up in the morning.
Question: Was it decided the culprit was CCleaner deleting the VS file in the users temp folder?And by making that file read only was the workaround for now?

 

[Wolfsbane]

Are

The final site will be https, the same way voodooshield.com is currently. We need to work a few things out before we add the certificate.

The reality is that https is subject to BGP hijacking as well, so the only real concern is if a beta tester running VS goes to a coffee shop with public wifi, and there happens to be a mitm attacker who is interested in logging in to your VoodooShield Management Console to change your VoodooShield settings or edit your whitelist. If you ask me, that is being way paranoid.

Since I do not specialize in web security, if there are other risks that I am unaware of, please let me know, because we will need to shut down the beta test asap until we add the certificate to the server.

Aren't these settings pulled from the server instead of pushed to the client? If you're using salted hashes and authenticating the client then I'm not sure why BGP hijacking is a problem where it concerns end to end encryption. Sending things in the open, i.e. Plaintext http without implementing any modern encryption protocol is asking for trouble.

Not meant as a criticism, only an observation. Since you're not reading my PMs on MT I refer you to the current state of VS web management :

Observatory by Mozilla

The good news is you're aware of the problem. The bad news is there are so many solutions in the market that you'll have to consider whether an IH solution is viable given your experience level.

Personally, I believe you can get by with Let's Encrypt and applying the suggestions at the observatory.

Packaged solutions include the open source Caddy server that you can tailor to your needs.

Unfortunately the VS beta requires a pro key and registration to unlock its customization features so testing is limited. As of the latest beta the rules section broke which seems critical so I'll be moving on for now.

Good luck with your future endeavors

 

[Gandalf_The_Grey]

4.04
Requires registration when booting up in the morning.
Question: Was it decided the culprit was CCleaner deleting the VS file in the users temp folder?And by making that file read only was the workaround for now?

Yes, or adding it as exception (options exclude) in CCleaner. A better solution IMO.

 

[danb]

Are
Aren't these settings pulled from the server instead of pushed to the client? If you're using salted hashes and authenticating the client then I'm not sure why BGP hijacking is a problem where it concerns end to end encryption. Sending things in the open, i.e. Plaintext http without implementing any modern encryption protocol is asking for trouble.

Not meant as a criticism, only an observation. Since you're not reading my PMs on MT I refer you to the current state of VS web management :

Observatory by Mozilla

The good news is you're aware of the problem. The bad news is there are so many solutions in the market that you'll have to consider whether an IH solution is viable given your experience level.

Personally, I believe you can get by with Let's Encrypt and applying the suggestions at the observatory.

Packaged solutions include the open source Caddy server that you can tailor to your needs.

Unfortunately the VS beta requires a pro key and registration to unlock its customization features so testing is limited. As of the latest beta the rules section broke which seems critical so I'll be moving on for now.

Good luck with your future endeavors

I have seen FUD, but this is FUD on a whole new level. I will be brief.

April King — Observatory by Mozilla: Making the Web Safer

We’re All Failing
Just how bad is adoption? Well, the Observatory has been used to scan over 1.3 million websites so far, and 91% of them don’t take advantage of modern security advances. These aren’t tiny sites either; among these 1.3 million websites are some of the most popular websites in the world.

Overall Results
Passing 121,984
Failing 1,212,826
Total Scans 1,334,810

Everyone feel free to scan a few sites on their own...Observatory by Mozilla

You are correct, I am not a web security specialist... my focus is on VS and stopping malware. I do not try to be a know it all... if something does not interest me, or if I am not good at it, then I hire the right person to do the work.

Now, can I please get back to work so I can finish VS 4.0, and so we can also bring our 6 year old website up to current security standards, even though we do not collect and store private information?

 

[danb]

Yes, or adding it as exception (options exclude) in CCleaner. A better solution IMO.

Very cool, thank you for finding that guys! I moved the token to programdata (in 4.05b), where the .db files are stored... the only thing is that everyone will have to register yet again .

Since we are severely running out of connections to the server, people running VS Free will no longer be connected to the server... they really did not need to be in the first place. As a matter of fact, I am trying to talk Alex into not have anyone continuously connected, and just send requests when we need them.

I believe the Region / conversion issues are fixed and will release VS 4.05b soon so we can test to see, thank you!