VoodooShield discussion

Status
Not open for further replies.
Joined
Aug 30, 2017
Messages
83
OS
Windows 7
Antivirus
Zemana
The problem with whitelisting OS components is that it doesn't actually help as most attacks initiated from whitelisted binaries, including ransomware. Whitelisting is dead.
Any implications for VS?
I'm sure markloman knows what he's talking about, as I'm also sure many people have installed A-Es without first scanning their boxes :sick:. Other than that I have no experience, and even less imagination... Oh. Hang on, I've just realised most of us here are running Windows. Now, what was that comment from so long ago? ... Ah. "Why should I pay for Windows? I can get viruses for free on the internet!"

And yes, I do remember the WannaCry episode... And VS stopping it cold in a highly unethical manner. (FWIW, I don't give a rat's about HOW the threat was stopped, I care ONLY that it was stopped.)
 

_CyberGhosT_

Level 52
Trusted
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
Comment from HMP.A dev: HitmanPro.Alert BETA

Any implications for VS?
Nope none (y)
Unless were looking for boogie men where there are none to be found. Remember that's just one mans opinion,
and from one that would have you using HMPA rather than VS. Sounds like a "grain of salt" moment if I ever herd one. ;)
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,988
OS
Windows 10
Nope none (y)
Unless were looking for boogie men where there are none to be found. Remember that's just one mans opinion,
and from one that would have you using HMPA rather than VS. Sounds like a "grain of salt" moment if I ever herd one. ;)
IMHO it was a somewhat bombastic comment that was taken a little out of context. He didn't mean to tell us anything we don't already know. All he meant is that you cannot go and indiscriminately whitelist every process that ships with Windows, if you want to run a tight ship.
 

danb

From VoodooShield
Developer
Joined
May 31, 2017
Messages
465
OS
Windows 8.1
Comment from HMP.A dev: HitmanPro.Alert BETA

Any implications for VS?
I have never talked to Mark, but from what I understand he is a smart dude... I wonder if he would be willing to provide a demonstration and bypass VS. He needs to remember though that although VS whitelists most of the OS components, it does not allow these components to spawn new processes, unless the child process is whitelisted... among other protections. VS is not just simple whitelisting software... there is much more going on under the hood.

I see his point though... the smaller the whitelist, the better... then again, offering the absolute smallest whitelist / attack surface is what VS is all about ;). I have been saying this for years... massive local whitelists or massive global cloud whitelists are in my opinion not a very good idea.

Perhaps you guys can talk Mark into trying to have his way with VS, and we will see what he comes up with! He just might change his mind about whitelisting being dead ;).

BTW, the next version of VS will save the Show / Hide setting on the fly (it is already fixed)... sorry about that. Remember how I removed the saving of settings when VS closes? Well, we have to figure out which ones to save on the fly... each setting is super easy to fix, but just have to wait and see if any others are an issue.

Thank you guys!
 

danb

From VoodooShield
Developer
Joined
May 31, 2017
Messages
465
OS
Windows 8.1
If by the online console you mean the login at Voodooshields homepage, that does not work, same there, the mail and/or password is not registered.
It is not a big deal, just wanted to report if it can help in any way, I kind of like the way Dan run this show (y)

/W
Sorry, I should have mentioned this sooner... ;)

VS 3.59... You can log in to the old crappy console by going to: hxxps://voodooshield.com

VS 4.0... You can log into the new web management console (even though it is not finished) here: hxxps://voodooshield.co

Then just click on account at the top of the page.

The first one is .com and the second is .co. This is all temporary... we will move everything to the .com soon. Thank you for mentioning this!
 
Joined
Dec 24, 2011
Messages
368
Sorry, I should have mentioned this sooner... ;)

VS 3.59... You can log in to the old crappy console by going to: hxxps://voodooshield.com

VS 4.0... You can log into the new web management console (even though it is not finished) here: hxxps://voodooshield.co

Then just click on account at the top of the page.

The first one is .com and the second is .co. This is all temporary... we will move everything to the .com soon. Thank you for mentioning this!
Hmm, my mail and password does not work on the .co page either?
Do you want me to pm you my credentials Dan?

/W
 
Likes: _CyberGhosT_
Joined
Jul 5, 2016
Messages
410
OS
Windows 10
Antivirus
Malwarebytes
I have noticed with the new build, I have no outgoing connections. I used to have two. Anyone else seeing this?
 
Joined
Sep 4, 2017
Messages
20
OS
Windows 10
Issues with VPN is back. I have Mullvad and VS keeps giving a popup saying anti-exploit detected "c/windows/syswow64/route.exe". I click allow and it pops right back up and never remembers the choice. After clicking allow 10 times in 10 seconds I shut down VS.
Blocked: c:\windows\syswow64\route.exe | route delete 8000::/1 ::0 if 1 | c:\program files (x86)\mullvad\mullvad.exe
Process blocked by initial AntiExploit stage: c:\windows\syswow64\route.exe
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-22-2017 09:54:50] [DEBUG] - ->DriverCommunication.ctor
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:04:45] [DEBUG] - Thread 0 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 1 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 2 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 3 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 4 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 5 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 6 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 7 Failed to stop
[11-23-2017 07:04:47] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 07:04:57] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Client disconnected

Never mind, fixed it. Anti-exploit is for webapps and I had Mullvad added as a webapp. Removed it and now no issues.
 
Last edited:
Likes: hamo

hamo

Level 9
Joined
Mar 30, 2014
Messages
432
OS
Windows 10
Issues with VPN is back. I have Mullvad and VS keeps giving a popup saying anti-exploit detected "c/windows/syswow64/route.exe". I click allow and it pops right back up and never remembers the choice. After clicking allow 10 times in 10 seconds I shut down VS.
Blocked: c:\windows\syswow64\route.exe | route delete 8000::/1 ::0 if 1 | c:\program files (x86)\mullvad\mullvad.exe
Process blocked by initial AntiExploit stage: c:\windows\syswow64\route.exe
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-22-2017 09:54:50] [DEBUG] - ->DriverCommunication.ctor
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:04:45] [DEBUG] - Thread 0 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 1 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 2 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 3 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 4 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 5 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 6 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 7 Failed to stop
[11-23-2017 07:04:47] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 07:04:57] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Client disconnected
Same here.
 
Likes: _CyberGhosT_
Joined
Sep 4, 2017
Messages
20
OS
Windows 10
Do not add your VPN client or OpenVPN to the list of web apps. Web apps has anti-exploit protection by default. Any web app that changes your network or routes and ports is correctly flagged as a threat.
 
Joined
Sep 4, 2017
Messages
20
OS
Windows 10
Another crash.
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
[11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
[11-23-2017 10:11:51] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 15:51:43] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Enter main loop
[11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Client disconnected
[11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Disconnect
[11-24-2017 04:12:25] [DEBUG] - Thread 0 Failed to stop
[11-24-2017 04:12:25] [DEBUG] - Thread 1 Failed to stop
[11-24-2017 04:12:25] [DEBUG] - Thread 2 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 3 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 4 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 5 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 6 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 7 Failed to stop
[11-24-2017 04:12:27] [DEBUG] - Thread 8 Failed to stop
 
Status
Not open for further replies.

Similar Threads

Similar Threads