VoodooShield discussion

[codswollip]

Is there are any instructions for how to make this command line with a wildcard? I do keep getting prompted for it every time I start the PC.

I had this issue with a Google's software_reporter. After I "allowed" it on several occasions, I sorted the Command Lines entries so I could find the related entries, and then simplified one of them with wildcards (*) replacing the unique characters with the wildcard. Then I deleted all the other entries from the Command Lines list, and the software reporter tool never raised its head again.

You can only do this with Command Lines entries. The Whitelist is uneditable (other than to delete), despite the fact that its header says "Whitelist Editor".

NOTE: Double click the Command Lines entry to edit it.

 

[shmu26]

And if the command line still stays the same after you edit it and okay it, that is probably because the parts you edited were already being ignored by the VS smart command line function. So it seems to me, from my experience.

 

[Gandalf_The_Grey]

Hi Dan, had 2 dimhost.exe blocks today. Can't whitelist them because of an error:

25-10-2017 8:19 User Blocked dismhost.exe c:\windows\temp\b003a49b-cea2-4f9c-a7aa-1fbb662c27e9\dismhost.exe B8037C46D0DB7A8CEE502407469B0EE3234D3365 c0fc152db24708d0be657d65232d6bd61a22bed4404ffe4337c82fd18bfc59dd c:\windows\temp\b003a49b-cea2-4f9c-a7aa-1fbb662c27e9\dismhost.exe {45723d39-80bc-4f6d-b7f7-5db39eca8b39} 143072 compattelrunner.exe c:\windows\system32\compattelrunner.exe

25-10-2017 8:20 User Blocked dismhost.exe c:\windows\temp\df458b65-11c3-453e-81f2-d85fcff0a3dd\dismhost.exe B8037C46D0DB7A8CEE502407469B0EE3234D3365 c0fc152db24708d0be657d65232d6bd61a22bed4404ffe4337c82fd18bfc59dd c:\windows\temp\df458b65-11c3-453e-81f2-d85fcff0a3dd\dismhost.exe {412624d5-f1e4-40d5-9487-826e313921dd} 143072 compattelrunner.exe c:\windows\system32\compattelrunner.exe

Error:

Zie het einde van dit bericht voor meer informatie over het aanroepen
van JIT-foutopsporing (Just In Time) in plaats van dit dialoogvenster.

************** Tekst van uitzondering **************
System.InvalidCastException: De conversie van tekenreeks naar type Integer is ongeldig. ---> System.FormatException: De indeling van de invoertekenreeks is onjuist.
bij Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat)
bij Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value)
--- Einde van intern uitzonderingsstackpad ---
bij Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value)
bij VoodooShield.Settings.﷐﷨(Object ﷐, EventArgs ﷑)
bij System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
bij System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
bij System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
bij System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
bij System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
bij System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
bij System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
bij System.Windows.Forms.Control.WndProc(Message& m)
bij System.Windows.Forms.ToolStrip.WndProc(Message& m)
bij System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
bij System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

 

[Nocturnalizer]

I had this issue with a Google's software_reporter. After I "allowed" it on several occasions, I sorted the Command Lines entries so I could find the related entries, and then simplified one of them with wildcards (*) replacing the unique characters with the wildcard. Then I deleted all the other entries from the Command Lines list, and the software reporter tool never raised its head again.

You can only do this with Command Lines entries. The Whitelist is uneditable (other than to delete), despite the fact that its header says "Whitelist Editor".

NOTE: Double click the Command Lines entry to edit it.

The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.

 

[shmu26]

The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.

Does the temp directory have the same name every time? Because if you have the licensed version of VS, you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.
After you get that step taken care of, there may or may not be a command line that runs, which you can deal with accordingly.

 

[Nocturnalizer]

Does the temp directory have the same name every time? Because if you have the licensed version of VS, you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.
After you get that step taken care of, there may or may not be a command line that runs, which you can deal with accordingly.

It seems to have the same directory but it generates a differently-named temp file each time, so even trying out the custom folders idea didn't work as it still prompted me to allow 'rubyw.exe' when I signed in and back out of Windows again. I've attached a picture pointing to the instances where that's happening.

 

[codswollip]

you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.

I would consider this only if the temp folder is under the PIA folder structure. If you did this with "C:\Users\<username>\AppData\Local\Temp" (for example) you might be opening the door to malware execution.

 

[shmu26]

I would consider this only if the temp folder is under the PIA folder structure. If you did this with "C:\Users\<username>\AppData\Local\Temp" (for example) you might be opening the door to malware execution.

Right. It is totally foolish to whitelist AppData\Local\Temp. But IMHO a subfolder of it could be whitelisted, in case of need,

 

[shmu26]

It seems to have the same directory but it generates a differently-named temp file each time, so even trying out the custom folders idea didn't work as it still prompted me to allow 'rubyw.exe' when I signed in and back out of Windows again. I've attached a picture pointing to the instances where that's happening.

I think that only Dan can troubleshoot this one.

 

[DotNet]

The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.

This is a known issue & PIA is not going to fix it. Users have tried a few work arounds with varying success. I have a year paid with PIA & switched to Mullvad.
The PIA application needs to be fixed! (Not solved)
Run rubyw.exe from Fixed Location with Personal Firewall
PIA from a fixed location in Windows - Page 3

 

[codswollip]

This is a known issue & PIA is not going to fix it

Off topic, but I endorse AirVPN as an alternative.

FWIW, Windscribe has a lifetime offer out now for under $40 USD.
On Sale! - Windscribe Pro: Lifetime Subscription- $39.20

I'm thinking about this (I have a free 50GB/mo acct which is fine for most of my activity), but I really like AirVPN despite its costs (5 EU/month)

 

[_CyberGhosT_]

Off topic, but I endorse AirVPN as an alternative.

My solution as well

 

[Nocturnalizer]

This is a known issue & PIA is not going to fix it. Users have tried a few work arounds with varying success. I have a year paid with PIA & switched to Mullvad.
The PIA application needs to be fixed! (Not solved)
Run rubyw.exe from Fixed Location with Personal Firewall
PIA from a fixed location in Windows - Page 3

That's a shame, as I just bought a 2-year subscription to PIA... which might explain why it's always on sale, now that I think about it! I might look into AirVPN and cut my losses. It sounds like this isn't going to be an easy issue to fix since it's on PIA's side and I'd rather use VS than have issues with a VPN I don't use that often anyway.

 

[faircot]

That's a shame, as I just bought a 2-year subscription to PIA... which might explain why it's always on sale, now that I think about it! I might look into AirVPN and cut my losses. It sounds like this isn't going to be an easy issue to fix since it's on PIA's side and I'd rather use VS than have issues with a VPN I don't use that often anyway.

Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!

 

[Nocturnalizer]

Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!

If it's safe then I might well do that, just so I'm not out of pocket on it. Should have done some more research before I bought the subscription really!

 

[Nocturnalizer]

Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!

I checked out the page you linked me to in greater detail and it turns out that in the comments someone came up with a way of creating a desktop shortcut that gets past this issue, although you do have to recreate it every time a new version of PIA comes out. I was able to create that, pin it to my taskbar and remove PIA from starting up with Windows. That seems to have bypassed the issue completely now, which is great. I definitely won't be renewing once my subscription is up.

 

[VecchioScarpone]

Dan, for the record:
Random registration request on average once a day. No snapshots request after registration, only change to my setting is that it show the icon shield instead of hide as per my settings.

 

[danb]

As most of you guys know… I am a full time IT consultant, and I also perform pretty much every task that is required to keep VoodooShield up and running. We have experienced unprecedented growth the last few months, and I no longer able to keep up with everything. So I have been looking into a few different options, such as raising a little money and going full time with VS, and hire a few people full time as well.

Another option is to expand our marketing campaign a little more, and if all goes well, we will not have to raise any money and I will still be able to go full time with VS. There are other options as well that I am considering.

I see there are a few bugs that I still need to work out and several emails, posts and pms I need to respond to… but there are simply not enough hours in the day, but I am going to get to them asap, sorry for the delay.

 

[plat1098]

As most of you guys know… I am a full time IT consultant, and I also perform pretty much every task that is required to keep VoodooShield up and running. We have experienced unprecedented growth the last few months, and I no longer able to keep up with everything.

No! I for one did not know, only thinking VS was your full-time thing. OK! You have my support for what it's worth, you know that hopefully--my Tower of Babble-on status at times notwithstanding. Thank you for the updated info!

 

[VecchioScarpone]

Dan. I"m aware of your schedule and commitments. Sorry I overdid it by reporting the same issue.