VoodooShield discussion

[danb]

Dan, good job! Can you release the final version on the website when you finished?

Thank you... we are almost there! Sure, in a week or two we will be finished and I will upload the final version for the public to download.

Here is 4.06. Most or all of the regional / conversion issues should be fixed, along with several other fixes.

If you run into ANY problems at all, please exit out of VS and delete all of the .db files in the c:\programdata\voodooshield folder.

There were a couple of bugs that were posted on this thread that I could not reproduce on my end. So if you still experiencing a specific bug, please post extremely detailed step by step instructions on how I can reproduce the bug on my end.

www.voodooshield.co/Download/beta4/InstallVoodooShield406beta.exe

Thank you guys!

 

[Gandalf_The_Grey]

Thank you... we are almost there! Sure, in a week or two we will be finished and I will upload the final version for the public to download.

Here is 4.06. Most or all of the regional / conversion issues should be fixed, along with several other fixes.

If you run into ANY problems at all, please exit out of VS and delete all of the .db files in the c:\programdata\voodooshield folder.

There were a couple of bugs that were posted on this thread that I could not reproduce on my end. So if you still experiencing a specific bug, please post extremely detailed step by step instructions on how I can reproduce the bug on my end.

www.voodooshield.co/Download/beta4/InstallVoodooShield406beta.exe

Thank you guys!

Hi Dan. So far so good. Only 1 error in the DeveloperLog.log:

[10-08-2017 21:52:49] [ERROR] - Exception in Utilities_VerifyDigitalSignature: Lengte kan niet minder dan nul zijn.
Parameternaam: length. bij System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
bij VoodooShield.Utilities.GetDigitalSignature(String processPath)

A question: If I have my documents etc on drive D do I need to enable Custom Folders for maximum protection?

 

[VecchioScarpone]

Installed 4.06 over the top. Smooth as...

 

[Mr.Gump]

BitDefender blocked part of the install

 

[_CyberGhosT_]

BitDefender blocked part of the install

Clean up that install before doing anything, stop the BD services, install VS, then restart the BD services you had to stop.
Way back I had to do this, I am surprised that that method is still needed. Shame on BD

 

[codswollip]

v4.06...
Clipdiary loads with Windows. It is whitelisted by Snapshot. But each time I boot up I have to allow it. This was a clean install.

FWIW, I had to disable Kaspersky Total Security (similar to Kaspersky Internet Security) to get the install to complete without a gazillion warnings.

 

[plat1098]

Yep, Sandboxie issues here. Does anyone know a sure way to exclude VS from Sbie? Otherwise, next time I have to un/reinstall something, I'll exit Sbie, just like I do VS.

 

[codswollip]

It seems as though apps white-listed by snapshot don't behave if they are auto-started with windows. I have clipdiary (mentioned above), btvstack, a Samsung SSD program (and another I just forgot) that have to be allowed with each bootup. I deleted their snapshot whitelist entries, manually launched the apps and allowed each, and now when I reboot, all is quiet.

I had a similar issue with Q-Dir. I mapped Q-Dir to launch from a hardware button on my pc. The first time I used the hardware button I had to allow Q-Dir. Yet I noticed that although the hardware button launched without further notifications, when I launched Q-Dir manually from its shortcut I always got a VS notification. So I deleted its whitelist entry and instead of launching initially from the hardware button, I used the file shortcut. Then allowed. Now Q-Dir launches without notification from either its shortcut or the hardware button.

So my "lesson learned" seems to be this... whenever there is a problem with repeated notifications, delete the whitelist entry, then launch manually and allow the app. That has solved 5 out of 5 repeat notification problems I have with v4.06 so far.

EDIT1: Add WinRAR, 7Zip, and NitroPro to the bunch. If the app opens without notification, launching it by an associated file (rar, zip, pdf) begins the notification issues... all these were snapshot whitelisted. Delete the snapshot entry and recreate it manually by launching the app from its shortcut link.

 

[codswollip]

Yep, Sandboxie issues here. Does anyone know a sure way to exclude VS from Sbie?

What issue are you having? I have Sandboxie but I'm probably not smart enough to see the problem.

 

[plat1098]

What issue are you having? I have Sandboxie but I'm probably not smart enough to see the problem.

Just started using it, it's a learning curve somewhat. The VS installation "failed" and Sbie showed a message but I forgot to snip. Yet VS finished and started properly. I don't think VS should be running sandboxed, right? I'll figure it out; just have to remember to exit out of Sbie next time unless there's an easier way.

Edit: shutdown continues to be a drag @danb.

 

[codswollip]

Same here. All related to DNS flushing for the most part. I have 4 command lines whitelisted, but the popups continue.

"cmd.exe" /c net stop dnscache
"cmd.exe" /c net start dnscache
"cmd.exe" /c ipconfig /flushdns
"cmd.exe" /c ipconfig /registerdns

I'm going to try training mode and see if that helps.

Quoting my post from v4.05. No change for v 4.06 for AirVPN client. 4 notifications to start, 4 notifications to quit. These appear under "Command Lines" but don't seem to be considered.

The odd thing was that I made a VPN connection right after installing VS and got no notifications. Now several reboots later, the notifications persist.

 

[shmu26]

Just started using it, it's a learning curve somewhat. The VS installation "failed" and Sbie showed a message but I forgot to snip. Yet VS finished and started properly. I don't think VS should be running sandboxed, right? I'll figure it out; just have to remember to exit out of Sbie next time unless there's an easier way.

I have seen SBIE interfere with installs. I don't rightly know why. Usually, it doesn't.
SBIE and VS play well together.
As for running VS in sandbox, no, you don't want to do that.
You want to run your browsers and maybe other web-facing applications in sandbox. There is a lot to say about this subject, but this is not the right thread for it.

 

[DotNet]

Quoting my post from v4.05. No change for v 4.06 for AirVPN client. 4 notifications to start, 4 notifications to quit. These appear under "Command Lines" but don't seem to be considered.

The odd thing was that I made a VPN connection right after installing VS and got no notifications. Now several reboots later, the notifications persist.

Create a custom Allow rule for My Computer when On,Off, or Autopilot, untick the box for digital signature & blacklist, leave the Ai settings as is. This solved all Command line issues for my VPN & other software. Works now like 3.59.
credit to Raka Daku who started a thread on custom rules

 

[madirish]

Un-inatalled 4.0.5b completley rebooted and installed 4.0.6b,registered rebooted every thing good.Had to remake chromium browser rule and everything running fine-Palemoon,Thunderbird all running SandBoxIE great! Good job danb

 

[codswollip]

Create a custom Allow rule for My Computer when On,Off, or Autopilot, untick the box for digital signature & blacklist, leave the Ai settings as is.

That rule seems a bit heavy-handed to apply across My Computer. Instead, I applied that rule to the AirVPN folder alone with no good result.Thanks anyways.

Clarification: When I start AirVPN client with "Network Lock", there are actually 8 notifications going in (4 cmd.exe, 4 DNS related) plus several notifications exiting. Too chatty for me.

Attached is a clean start Developer Log for AirVPN startup/shutdown (shutdown begins at 11:46). No custom rule is in place.

 

[codswollip]

So my "lesson learned" seems to be this... whenever there is a problem with repeated notifications, delete the whitelist entry, then launch manually and allow the app. That has solved 5 out of 5 repeat notification problems I have with v4.06 so far.

This proved to be false. After manually adding NitroPro to the whitelist, I am now back to having to allow each pdf file I double click. I'm out of ideas.

[10-09-2017 14:56:58] [INFO ] - Process allowed by User Clicking Allow or Install: d:\program files\nitro\pro 10\nitropdf.exe
[10-09-2017 15:00:41] [INFO ] - Blocked: d:\program files\nitro\pro 10\nitropdf.exe | "d:\program files\nitro\pro 10\nitropdf.exe" "f:\users\abcxyz\documents\transfer request.pdf" | d:\program files\everything\everything.exe

Note: PDF was launched from Everything search app.

 

[shmu26]

This proved to be false. After manually adding NitroPro to the whitelist, I am now back to having to allow each pdf file I double click. I'm out of ideas.

How about editing the command line, by putting an asterisk in place of the file name and/or random characters?
If you play around with editing the command line with wild cards, you will probably hit on the right formula. I have done this with VS 4. I haven't tried it on VS 5, but IMHO it is definitely worth a try. If it works, send Dan your successful command line string.

Some patterns of random/changing characters are automatically recognized by VS, and are thus ignored. VS is pretty smart with command lines, but is not yet an Albert Einstein.

EDIT: I assume you already know what I am about to write, but I will write it anyways, in case others don't know.
If you want to edit a command line with wild cards, there are two very useful characters.
? represents any single character. For instance, ?:\ will be the path for any partition, whether it is C:, D:, or Z:.
* represents any number of characters. For instance, ?:\*.pdf will be the path for any PDF file on your computer.

 

[codswollip]

Note: PDF was launched from Everything search app.

OK... I'm getting an idea here... Just had another notification. This time I downloaded a "7z" file using Chrome. When the download completed I launched it from Chrome...BOOM... Notification. Closed that out and launched the same file from Explorer... NO NOTIFICATION. Back to Chrome again... BOOM... Notification.

@danb Apparently, VS doesn't like me launching programs from other programs (Chrome, Thunderbird, Everything, XYplorer... all confirmed. Others?).

That seems to be the common source of my notification problems for programs already whitelisted.

 

[danb]

Hi Dan. So far so good. Only 1 error in the DeveloperLog.log:
A question: If I have my documents etc on drive D do I need to enable Custom Folders for maximum protection?

Very cool, thank you guys for letting me know! Yeah, the logs are looking great. There are quite a few blocks that I can work on, but other than that, I think we are getting close.

I do not think you need to add your documents from the D drive to Custom Folders. Basically, throw a test executable in that folder and see if VS reacts the way you want it to in whatever modes you run it in. If it does not react the way you want it to, then you can adjust Custom Folders, or better yet, write a rule for that folder.

 

[danb]

BitDefender blocked part of the install

Thank you for letting me know... I would probably disable all security software when installing VS.