VoodooShield discussion

Discussion in 'VoodooShield' started by Evjl's Rain, Sep 25, 2016.

Thread Status:
Not open for further replies.
  1. paulderdash

    paulderdash Level 3

    Apr 28, 2015
    121
    331
    In the æther ...
  2. gorblimey

    gorblimey Level 2

    Aug 30, 2017
    83
    224
    Eastern Indian Ocean
    Windows 7
    Zemana
    I'm sure markloman knows what he's talking about, as I'm also sure many people have installed A-Es without first scanning their boxes :sick:. Other than that I have no experience, and even less imagination... Oh. Hang on, I've just realised most of us here are running Windows. Now, what was that comment from so long ago? ... Ah. "Why should I pay for Windows? I can get viruses for free on the internet!"

    And yes, I do remember the WannaCry episode... And VS stopping it cold in a highly unethical manner. (FWIW, I don't give a rat's about HOW the threat was stopped, I care ONLY that it was stopped.)
     
  3. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    Nope none (y)
    Unless were looking for boogie men where there are none to be found. Remember that's just one mans opinion,
    and from one that would have you using HMPA rather than VS. Sounds like a "grain of salt" moment if I ever herd one. ;)
     
  4. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,253
    13,513
    Utopia
    IMHO it was a somewhat bombastic comment that was taken a little out of context. He didn't mean to tell us anything we don't already know. All he meant is that you cannot go and indiscriminately whitelist every process that ships with Windows, if you want to run a tight ship.
     
  5. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    I have never talked to Mark, but from what I understand he is a smart dude... I wonder if he would be willing to provide a demonstration and bypass VS. He needs to remember though that although VS whitelists most of the OS components, it does not allow these components to spawn new processes, unless the child process is whitelisted... among other protections. VS is not just simple whitelisting software... there is much more going on under the hood.

    I see his point though... the smaller the whitelist, the better... then again, offering the absolute smallest whitelist / attack surface is what VS is all about ;). I have been saying this for years... massive local whitelists or massive global cloud whitelists are in my opinion not a very good idea.

    Perhaps you guys can talk Mark into trying to have his way with VS, and we will see what he comes up with! He just might change his mind about whitelisting being dead ;).

    BTW, the next version of VS will save the Show / Hide setting on the fly (it is already fixed)... sorry about that. Remember how I removed the saving of settings when VS closes? Well, we have to figure out which ones to save on the fly... each setting is super easy to fix, but just have to wait and see if any others are an issue.

    Thank you guys!
     
    lowdetection, shukla44, hamo and 4 others like this.
  6. danb

    danb From VoodooShield
    Developer

    May 31, 2017
    465
    2,138
    Overland Park, KS
    Windows 8.1
    Sorry, I should have mentioned this sooner... ;)

    VS 3.59... You can log in to the old crappy console by going to: hxxps://voodooshield.com

    VS 4.0... You can log into the new web management console (even though it is not finished) here: hxxps://voodooshield.co

    Then just click on account at the top of the page.

    The first one is .com and the second is .co. This is all temporary... we will move everything to the .com soon. Thank you for mentioning this!
     
    shukla44, hamo, simmerskool and 3 others like this.
  7. Lightning_Brian

    Lightning_Brian Level 7

    Sep 1, 2017
    334
    1,697
    Information Technology
    USA
    Windows 10
    Norton
    @danb You're always on top of things! Great to see such great support. (y)(y) Hats off to you Dan!
     
  8. woodrowbone

    woodrowbone Level 8

    Dec 24, 2011
    356
    559
    Hmm, my mail and password does not work on the .co page either?
    Do you want me to pm you my credentials Dan?

    /W
     
    _CyberGhosT_ likes this.
  9. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    Its working for me this AM:
    VS_Panel.png
     
    shukla44, hamo and woodrowbone like this.
  10. boredog

    boredog Level 8

    Jul 5, 2016
    389
    814
    Retired
    usa
    Windows 10
    Malwarebytes
    I have noticed with the new build, I have no outgoing connections. I used to have two. Anyone else seeing this?
     
  11. Telos

    Telos Level 8

    Jan 29, 2017
    377
    988
    Baana
    Judging by the dwindling comments here over the past few days... I'd surmise VS v4 is ready to leave beta.
     
    hamo likes this.
  12. boredog

    boredog Level 8

    Jul 5, 2016
    389
    814
    Retired
    usa
    Windows 10
    Malwarebytes
    Yes and my lic will expire on 7/1/2018
     
  13. DotNet

    DotNet Level 1

    Sep 4, 2017
    20
    23
    USA
    Windows 10
    #1573 DotNet, Nov 23, 2017
    Last edited: Nov 23, 2017
    Issues with VPN is back. I have Mullvad and VS keeps giving a popup saying anti-exploit detected "c/windows/syswow64/route.exe". I click allow and it pops right back up and never remembers the choice. After clicking allow 10 times in 10 seconds I shut down VS.
    Blocked: c:\windows\syswow64\route.exe | route delete 8000::/1 ::0 if 1 | c:\program files (x86)\mullvad\mullvad.exe
    Process blocked by initial AntiExploit stage: c:\windows\syswow64\route.exe
    [11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Connect 10 threads
    [11-22-2017 09:54:50] [DEBUG] - ->DriverCommunication.ctor
    [11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Enter main loop
    [11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Client disconnected
    [11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Disconnect
    [11-23-2017 07:04:45] [DEBUG] - Thread 0 Failed to stop
    [11-23-2017 07:04:45] [DEBUG] - Thread 1 Failed to stop
    [11-23-2017 07:04:45] [DEBUG] - Thread 2 Failed to stop
    [11-23-2017 07:04:46] [DEBUG] - Thread 3 Failed to stop
    [11-23-2017 07:04:46] [DEBUG] - Thread 4 Failed to stop
    [11-23-2017 07:04:46] [DEBUG] - Thread 5 Failed to stop
    [11-23-2017 07:04:46] [DEBUG] - Thread 6 Failed to stop
    [11-23-2017 07:04:46] [DEBUG] - Thread 7 Failed to stop
    [11-23-2017 07:04:47] [DEBUG] - Thread 8 Failed to stop
    [11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Connect 10 threads
    [11-23-2017 07:04:57] [DEBUG] - ->DriverCommunication.ctor
    [11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Enter main loop
    [11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnect
    [11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Exit main loop
    [11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnected
    [11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Client disconnected

    Never mind, fixed it. Anti-exploit is for webapps and I had Mullvad added as a webapp. Removed it and now no issues.
     
    hamo likes this.
  14. hamo

    hamo Level 8

    Mar 30, 2014
    375
    1,535
    Eng.
    Egypt
    Windows 10
    Same here.
     
    _CyberGhosT_ likes this.
  15. DotNet

    DotNet Level 1

    Sep 4, 2017
    20
    23
    USA
    Windows 10
    Do not add your VPN client or OpenVPN to the list of web apps. Web apps has anti-exploit protection by default. Any web app that changes your network or routes and ports is correctly flagged as a threat.
     
  16. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    No issues here with AirVPN:
    AVPN_Thanksgiving.png
     
    simmerskool and Telos like this.
  17. boredog

    boredog Level 8

    Jul 5, 2016
    389
    814
    Retired
    usa
    Windows 10
    Malwarebytes
    I don't have an issue with AirVPN here either. Oh and I am seeing the two outbound connections again from VS.
     
    _CyberGhosT_, simmerskool and Telos like this.
  18. Telos

    Telos Level 8

    Jan 29, 2017
    377
    988
    Baana
    _CyberGhosT_ and simmerskool like this.
  19. DotNet

    DotNet Level 1

    Sep 4, 2017
    20
    23
    USA
    Windows 10
    Another crash.
    [11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnect
    [11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Exit main loop
    [11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
    [11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
    [11-23-2017 10:11:51] [DEBUG] - Thread 8 Failed to stop
    [11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnected
    [11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Client disconnected
    [11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Connect 10 threads
    [11-23-2017 15:51:43] [DEBUG] - ->DriverCommunication.ctor
    [11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Enter main loop
    [11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Client disconnected
    [11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Disconnect
    [11-24-2017 04:12:25] [DEBUG] - Thread 0 Failed to stop
    [11-24-2017 04:12:25] [DEBUG] - Thread 1 Failed to stop
    [11-24-2017 04:12:25] [DEBUG] - Thread 2 Failed to stop
    [11-24-2017 04:12:26] [DEBUG] - Thread 3 Failed to stop
    [11-24-2017 04:12:26] [DEBUG] - Thread 4 Failed to stop
    [11-24-2017 04:12:26] [DEBUG] - Thread 5 Failed to stop
    [11-24-2017 04:12:26] [DEBUG] - Thread 6 Failed to stop
    [11-24-2017 04:12:26] [DEBUG] - Thread 7 Failed to stop
    [11-24-2017 04:12:27] [DEBUG] - Thread 8 Failed to stop
     
  20. Telos

    Telos Level 8

    Jan 29, 2017
    377
    988
    Baana
    Maybe post your VS logs for this program/time interval.

    Any Event Viewer notifications (Critical/Error/Warning)?
     
Loading...
Similar Threads Forum Date
Q&A Cycling Update VooDooShield VoodooShield Dec 31, 2017
voodooshield and malware without files VoodooShield Dec 21, 2017
VoodooShield Latest VoodooShield Dec 11, 2017