VoodooShield discussion

[codswollip]

The main thing I noticed in my case, is that the shield diseappear, and go top left, instead that down right.

I saw this too. I have no clue what happened.

Regarding the token in the temp folder... with VS running I moved the token to ProgramData. I then opened the VS GUI and "Confirm Registration" and ... the token file was recreated in the temp folder.

Next, I deleted the token from ProgramData and then "Confirm Registration" ... no new token was created in ProgramData.

Maybe this is a 64-bit OS issue... IDK.

Edit1: Back after a reboot. No registration window required, even without a token in ProgramData. Methinks the ProgramData token has no real use on my system (it was not recreated on reboot). Only the temp folder token is necessary.

BTW, after rebooting the shield appeared in the upper left corner.

 

[lowdetection]

VecchioScarpone, what other programs clean that place in your pc? I will keep monitoring.

 

[VecchioScarpone]

VecchioScarpone, what other programs clean that place in your pc? I will keep monitoring.

None.
BTW Can't help with your shield icon issue, not having that.

Edit: I understand W10 does some auto cleaning not sure though if it delete temp files.

 

[lowdetection]

The shield positioning, is releated to the registration, and the db files inside ProgramData, I managed to fix it. Hope in a better management in future.

The token position that matter is in temp.

 

[lowdetection]

@danb the VodooShield issue I mentioned you in msg with VPN, not present in beta 4.0.9

Seems ok with me, the 2 main bugs of the shield and the token are fixed for me.

 

[simmerskool]

Try this @VecchioScarpone

perhaps obvious to others, but comparing
C:\ProgramData\VoodooShield\voodooshield-token.json
to
C:\Users\nnn\AppData\Local\Temp\voodooshield-token.json

the token files are NOT identical although they both have the same size, 115 on my win7. I'm guessing that my token should be unique to me and my pw, but then shouldn't both these tokens be identical unless time-sensitive stamp on them?? Just guessing and thinking out loud

 

[simmerskool]

The main thing I noticed in my case, is that the shield diseappear, and go top left, instead that down right.

What is the main reason the shield go away without me touching any setting?

I see that too!

 

[paulderdash]

The shield also has to be repositioned here, every time I have to re-register.

 

[paulderdash]

No re-registration or shield issues since excluding token from \AppData\Local\Temp in CCleaner.

 

[lowdetection]

If someone has a shield issue, it means the Token was involved. I not have any issue too.

I'm interested now in new features of the v4, like the moving dot inside the VodooShield Icon, that sometime is showed, what's the meaning?

 

[dg17]

Hi David, I see lowdetection has already replied (thank you lowdetection), but I was curious about a few things. I agree that file insight is absolutely vital to the end user, and for executable blocks, VS should provide plenty of file insight. For command line blocks, there is a lot less file insight that VS is able to provide.

So I am curious what is being blocked that is not providing proper file insight? Thank you!


Very cool, thank you!


Thank you for letting me know! I will test with some file cleaning utilities and see what happens. There very well could be a couple of things that are causing the same issue.

Thanks Dan & Lowdetection.

I see what you mean but all that is very technical for the average user. What I thought would be more helpful would be the properties of the file such as the enclosure. Whilst not giving the same level of info it would give the user some idea of where the file came from and could make a judgement of to use it or not. VS is not going to be able to know every file so that giving this info may assist the user.

Hope you understand what I am getting at.
I seem to remember that some program maybe Online Armor or Emisoft gave a hot link to the program in the popup - can't remember the details now.
Regards

David

 

[lowdetection]

I don't know dg17, usually I do this way:
If VodooShield alert me of something I don't know, I look for more information from VodooShield, if I have still doubts I put the file inside PEStudio, if I think is something more I send it to a Sandbox service like Cuckoo Sandbox or VxStream through hybrid-analysis.

This how I do

 

[lowdetection]

Then I move here:

I think what can be added is the direct link to VirusTotal, but the other things of PEStudio are excess of Info, need to remember is mean for general audience I think. I don't know.

 

[codswollip]

I'm interested now in new features of the v4, like the moving dot inside the VodooShield Icon, that sometime is showed, what's the meaning?

IIRC, VS is communicating with its AI server when you see the dots scrolling across the shield.

 

[lowdetection]

Just to report, but it's ok and I understand, having some VodooShield.exe has stopped on startup on 5400 rpm hard-disk, if I have a certain degree of defragmentation, was happening also with late 3.59b3 if I remember right.

Not happening on a SSD.

 

[milas]

@danb,
I'd like to jump in and say that I had to re-register VS at least 3 times after restarting my system yesterday. I did use CCleaner twice yesterday. So I am not sure if that's why I had to re-register. I have VS listed in %Temp% and ProgramData. I also had a 2 year license if that means anything. Running VS on a 64bit system.

My other issue is when starting up my system each morning I get VS saying the "disnhost.exe. does not exist" and will block on 20sec. I am not sure what that is all about?

 

[lowdetection]

@milas for the token try to set exclusion like my screenshot in CCleaner

For dismhost.exe, try to reset whitelist, was common also in 3.5.9, did you do upgrade over previous? I will try clean reinstall.

What I see from your screenshot is the path for dismhost.exe inside \temp always changing \temp\random

If I remember right there were new rules in v4 to avoid this, but not sure.

 

[milas]

@milas for the token try to set exclusion like my screenshot in CCleaner

For dismhost.exe, try to reset whitelist, was common also in 3.5.9, did you do upgrade over previous? I will try clean reinstall.

Thank you, I appreciate the help..

I already did a clean install of 4.0.9b 2 days ago. I'll try the reset as you mentioned and set exclusion in CCleaner.

 

[codswollip]

I already did a clean install of 4.0.9b 2 days ago. I'll try the reset as you mentioned and set exclusion in CCleaner.

Before you reinstall, delete any remnants of VS under ProgramData.

 

[milas]

Before you reinstall, delete any remnants of VS under ProgramData.

I will do that the next time I have to reinstall. So far VS isn't giving me an issue. Thanks!

I'll restart my system and see if I have the same issues just to be sure.

EDITED: Restarted my system after resetting the VS Whitelist all seems ok right now!