VoodooShield discussion

[paulderdash]

Well looks like the mods from Wilders banned me again and I won't be going back.

I'm surprised - no warning?

And I know there are a few that come here

There seem to be fewer and fewer there, unfortunately. For VS, best to be here anyway.

 

[RoboMan]

I tried the beta on my fresh installed Windows but a few bugs mentioned here took place, specially the consuming up to 30%. Now using lastest stable version and working great.

@danb do you use VS on your main system?

 

[Peter2150]

OK, after a little break, reinstalled 4.05 beta over 3.59 and again, the registration box. My one little rule evaporated, this was expected, right? Re: snapshot: Is it because it's a little intrusive? Don't care if it stays or goes, it's become so routine lately, lol.



Was it in response to something I said over there? Now I'm all paranoid, boredog, sheesh.

No reason to be paranoid

 

[shmu26]

Thanks for the advise. i have done the training mode and manually whitelist it and still no luck. I use Kaspersky Total Security and Malwarebytes Anti Malware Pro

So that's a tough case, then. I know that KIS communicates with the browser add-on, but it works different on Firefox. I am more familiar with Chrome, where it uses a script that is run by cmd.exe.

Sometimes it helps to disable VS, launch the program, enable VS, and then take a snapshot.
You could try that, but I suspect it won't work, in your case.

Maybe try this method: remove the KIS add-on from your browser. Put VS in training mode. Launch your browser, and let KIS reinstall the add-on. That might just whitelist the whole sequence for you.
Or send an email to Dan, he should be able to fix it for you.

 

[DeepWeb]

Does it support fast-user switching now? I love Voodooshield but it was only working for one account. If I would switch users it wouldn't protect the other account unfortunately :/

 

[_CyberGhosT_]

Does it support fast-user switching now? I love Voodooshield but it was only working for one account. If I would switch users it wouldn't protect the other account unfortunately :/

That sounds like an install "option" issue, either way, try it now its fine, the latest stable can be found here brother,
VoodooShield Stable: VoodooShield™ - The User-Friendly Toggling Computer Lock.
remember during install to select "Install for all users" if your having issues.
If you need any help I would be happy to help just PM me. PeAcE

 

[plat1098]

Getting a sudden cascade of alerts for software I thought I'd whitelisted already. Could the server reconfiguration be the explanation? Whew, what an undertaking. Somebody is way overdue for a relaxing vacation on a secluded beach with numerous cold drinks in the cooler, right? :barefoot:

VoodooShield discussion

 

[Sunshine-boy]

Security 101: The Rise of Fileless Threats that Abuse PowerShell - Security News - Trend Micro USA
Can vs block this?I wanna know

 

[danb]

Getting a sudden cascade of alerts for software I thought I'd whitelisted already. Could the server reconfiguration be the explanation? Whew, what an undertaking. Somebody is way overdue for a relaxing vacation on a secluded beach with numerous cold drinks in the cooler, right? :barefoot:

VoodooShield discussion

Yeah, I had a weird cascade yesterday... no worries, the beta is young .

 

[danb]

Security 101: The Rise of Fileless Threats that Abuse PowerShell - Security News - Trend Micro USA
Can vs block this?I wanna know

Should not be a problem at all. VS even blocks a lot (or all, cannot say for sure) of the kernel mode attacks that other products are blind to.

 

[gorblimey]

the latest stable can be found here brother

v3.59 does indeed "install for all users" as standard, there is no specific install setting that I remember, but it does not allow per-user settings which is a shame. On a Guest account I would not want the user to even see VS, while some other users should never be allowed to fiddle with settings. I do understand setting this level of user-friendliness is not as easy as it may seem, but if VS is to become mainstream it must be done.

 

[bjm_]

Hello,
Has Local Sandbox been fully implemented. I've had a few Prompts where I've selected Sandbox....just to see what happens (yes: I've read User Guide March 2016). And there was nothing to see...?
Has Remote Sandbox been fully implement. I've had a few Prompts where I've selected Cuckoo...just to see what happens (yes: watch Cuckoo sandbox analysis is checked). And there was nothing to see...?
Thanks v3.59

 

[codswollip]

Has Remote Sandbox been fully implement. I've had a few Prompts where I've selected Cuckoo...just to see what happens (yes: watch Cuckoo sandbox analysis is checked). And there was nothing to see...?

Cuckoo takes a few minutes before it displays its results. When you select Cuckoo sandbox, your browser should open and you'll see a message to wait until it completes.

 

[bjm_]

Cuckoo takes a few minutes before it displays its results. When you select Cuckoo sandbox, your browser should open and you'll see a message to wait until it completes.

Hmm, ....try launching a setup installer, for example YTDSetup.exe (16/65) in Smart mode.

1) My observe > launch YTD setup installer > spinning wheel > VS tray Icon blink > spinning wheel > Mini Prompt > Full Prompt > Sandbox > Local > ? nothing ? > User Log reports Sandbox > ? > desktop locked > need machine Restart.
2) My observe > launch YTD setup installer > spinning wheel > VS tray Icon blink > spinning wheel > Mini Prompt > Full Prompt > Sandbox > Cuckoo > ? nothing ? > User Log reports Blocked > ? > desktop locked > need machine Restart.

Yes. I've read User Guide > "Disable mode typically used when your installing new software, but do not want the installer items to be automatically added to the whitelist. The computer is not protected in Disable Protection mode."
I don't care if installer is added to whitelist. I want computer protected. I want Blacklist scan > Allowed > or Full Prompt report > Local Sandbox or Remote Sandbox.

Btw - VoodooShield doesn't render dialog "Do not run installer in Smart mode".
Yes. I've read User Guide > "Software reviewers and pen testers should run VoodooShield in Smart (Default) mode when testing VoodooShield to truly appreciate all of the benefits that our proprietary technology has to offer."
v3.59

 

[bjm_]

Cuckoo takes a few minutes before it displays its results. When you select Cuckoo sandbox, your browser should open and you'll see a message to wait until it completes.

Hmm, ....try VoodooShield Scan on setup installer, for example YTDSetup.exe (16/65) in Smart mode.
1) My observe > Scan > Full Prompt > Sandbox > Cuckoo > ? nothing ? > User Log > ? ? ?.
2) My observe > Scan > Full Prompt > Sandbox > Local > ? nothing ? > User Log > Sandbox ?
I've read User Guide > "Software reviewers and pen testers should run VoodooShield in Smart (Default) mode when testing VoodooShield to truly appreciate all of the benefits that our proprietary technology has to offer."
v3.59

 

[boredog]

bjm_

take a peek at my post in this link. Number 30. I dragged the file to the desktop shield icon and choose cookoo.

Expired - Shadow Defender 1.4.0

 

[bjm_]

bjm_
take a peek at my post in this link. Number 30. I dragged the file to the desktop shield icon and choose cookoo.
Expired - Shadow Defender 1.4.0

Yes, I've read & tried http://voodooshield.ddns.net:8080/analysis/9126/
The connection has timed out
The server at voodooshield.ddns.net is taking too long to respond.
Thanks
#940 , #941

 

[codswollip]

Continuing issues with whitelist entries generated by snapshot. This time Notepad++. Each time I double-click a txt file to launch Notepad++ I get the "Allow" notification, even though the executable is in the whitelist.

Workaround: Delete whitelist entry generated by snapshot. Launch Notepad++ and "allow". Notepad++ now appears in whitelist as "User Allowed". Close Notepad++ and relaunch by double-click txt file. Success! No notification window/app launches and loads txt file.

 

[danb]

Dan will the new beta have a fix for the regional issues?

It should be working... but what we really need to do is this...

Karl was not available to meet me at the data center last week to install the new server, but hopefully he will be able to this week.

There are only a handful of bugs remaining in VS 4.0, and we should be able to finalize these by the end of the week. The only bugs that should be difficult are the regional bugs. So if you and a couple of other users who are running a non-english version of windows can run a special version of VS 4.06 in the next day or so, we should be able to fix the regional issues permanently. If so, please email me at support at voodooshield.com, and I will send you a link tomorrow or Tuesday at the latest.

So then hopefully by the time the new server is installed, these issues will be fixed. Then I will fix the other issues and we should be good to go. Thank you guys!

 

[danb]

Continuing issues with whitelist entries generated by snapshot. This time Notepad++. Each time I double-click a txt file to launch Notepad++ I get the "Allow" notification, even though the executable is in the whitelist.

Workaround: Delete whitelist entry generated by snapshot. Launch Notepad++ and "allow". Notepad++ now appears in whitelist as "User Allowed". Close Notepad++ and relaunch by double-click txt file. Success! No notification window/app launches and loads txt file.

Hmmm, this is odd. Have you tried to exit out of VS and delete all of the .db files in C:\ProgramData\VoodooShield, to reset VS?

I really cannot stress this enough... if someone is having an odd issue like this, deleting the .db files should fix the issue. I have made several changes to the databases since VS 4.00, and odd bugs like this will occur if the databases are not quite correct.

Since VS 4.00, I have been resetting my .db files each time, and I still have had zero bugs or exceptions. Once VS 4.0 is finalized, we will not need to delete the .db files anymore . Thank you!