VoodooShield discussion

[erreale]

Sorry me in advance for my bad Inglese...

Yesterday I had a problem with VS. I wanted to install an update for NVIDIA Gforce Experience as a set VS in Disable/Install Mode but an error occurred when installing. Thinking about an NVIDIA problem I removed the old program and tried an clean installation of Gforce Experience. Same problem! Then I went completely out of VS and only then the installation was successful. Has anyone had the same problem?

 

[Evjl's Rain]

Sorry me in advance for my bad Inglese...

Yesterday I had a problem with VS. I wanted to install an update for NVIDIA Gforce Experience as a set VS in Disable/Install Mode but an error occurred when installing. Thinking about an NVIDIA problem I removed the old program and tried an clean installation of Gforce Experience. Same problem! Then I went completely out of VS and only then the installation was successful. Has anyone had the same problem?

did you disable VS DURING the installation process or BEFORE the installation process
if VS already shows a popup, you allow it, and then you put VS into install mode/disable -> it may show error

 

[erreale]

did you disable VS DURING the installation process or BEFORE the installation process
if VS already shows a popup, you allow it, and then you put VS into install mode/disable -> it may show error

i switched to install mode before of start the installer.

 

[Azure]

Sorry me in advance for my bad Inglese...

Yesterday I had a problem with VS. I wanted to install an update for NVIDIA Gforce Experience as a set VS in Disable/Install Mode but an error occurred when installing. Thinking about an NVIDIA problem I removed the old program and tried an clean installation of Gforce Experience. Same problem! Then I went completely out of VS and only then the installation was successful. Has anyone had the same problem?

You can try getting support at Wilders. The VoodooShield developer is very active there.
VoodooShield ?

I will link your post over there.

 

[Evjl's Rain]

i switched to install mode before of start the installer.

he's right, try to contact VS developer. He can help you to solve the problem or implement a fix in the next version
can you try to use VS in autopilot mode? I think it's more suitable for you can rarely cause problem like other modes

 

[shmu26]

yes, I have seen VS do what you describe. Sometimes it just won't allow a process to run, unless you exit VS completely.

The solution that worked for me was:
1 exit VS
2 install/run software, and leave it running
3 restart VS, and tell it to whitelist everything it can find.

that should fix it!

 

[SHvFl]

i switched to install mode before of start the installer.

Exit VS. Install program. Start VS.

 

[erreale]

You can try getting support at Wilders. The VoodooShield developer is very active there.
VoodooShield ?

I will link your post over there.

Thanks, I saw the post that you opened. I'm not the only one who has had this problem. I hope will be resolved.

 

[TheMalwareMaster]

It is often said that VoodooShield is whitelist based. Few days ago, it blocked chrome installer. Why? Shouldn't it be on the whitelist?

 

[_CyberGhosT_]

If it has not been added, just add it when the popup appears.
some things like that are better added by you

 

[Evjl's Rain]

It is often said that VoodooShield is whitelist based. Few days ago, it blocked chrome installer. Why? Shouldn't it be on the whitelist?

it whitelists the files in your PC and it doesn't have its own pre-made whitelist
also chrome installer is usually unknown to virustotal. I just checked my ChromeSetup.exe, no one has uploaded it to VT (I just uploaded it, first person to do so). That's why it's suspicious to VS

NOW, after I uploaded the file to VT:

 

[TheMalwareMaster]

Does NVT have his own whitelist?

 

[_CyberGhosT_]

Yeah, same here Rain, I have had to add it in the past.
I am glad VS does not auto add some things

 

[TheMalwareMaster]

Yeah, same here Rain, I have had to add it in the past.
I am glad VS does not auto add some things

Basically, you have to first upload it manually on virustotal.com , otherwise it will be marked as unknown?

 

[Evjl's Rain]

Basically, you have to first upload it manually on virustotal.com , otherwise it will be marked as unknown?

I think it's for preventing 0-day malwares, in case they have not yet been uploaded to VT for analysis. They should be marked as unknown

I may contact VS dev., ask him if he can add a short list of some 100% trustful vendors like microsoft and google so this may prevent unnecessary popups like my first screenshot. However, malwares can fake the signatures and VS may allow it, who knows

 

[TheMalwareMaster]

I think it's for preventing 0-day malwares, in case they have not yet been uploaded to VT for analysis. They should be marked as unknown

I may contact VS dev., ask him if he can add a short list of some 100% trustful vendors like microsoft and google so this may prevent unnecessary popups like my first screenshot. However, malwares can fake the signatures and VS may allow it, who knows

A good mesure of prevention. It's good as it is now

 

[KGBagent47]

I completely uninstalled zemana antilogger as it caused battery drain for my laptop using geek uninstaller. I also noticed ZAM service was still there but I got rid of it, now nothing related to zamana is running on my laptop except the portable version. I dont know why I still get freezing bug. perhaps because I use sleep function a lot

I think long term use of Sleep mode does contribute to the occasional freeze. A weekly restart is probably not a bad idea.

 

[shmu26]

a lot of times, those installer files are downloaded into temp folders, which is a suspicious location. So VS will ignore the usual parent/child permissions, and treat the files suspiciously, until virus total gives them a clean bill of health.

About NVT ERP: it has a short list of trusted vendors. This list is customizable.
If you are looking for a program that will help you decide whether or not to trust a file, VS has the advantage over ERP.

 

[shmu26]

oops, I forgot to mention that in this specific case, NVT ERP actually behaves more smoothly. This is because Google is on the default list of trusted vendors, so Chrome updates go without a hitch.

 

[TheMalwareMaster]

About VS and command lines: Why VoodooShield is not set on Autopilot mode to allow all command lines coming from trusted installers? It's really annoying to click allow each time. That would be useful also for beginners, who don't usually interact with the product (if they don't click allow, their installation will stuck at a certain point). About disabling VS when installing a new product... That's not secure at all forbeginners, who could disable the software thinking to install a program, instead it was malware... They should be able to fully use their machine without turning off the product