VoodooShield discussion

Status
Not open for further replies.

madirish

Level 1
Sep 13, 2017
14
@danb ... bug or quirk... I set User Log to display "full screen" (I think that's the term). Then I cleared the User Log. BUT... after clearing the log I can't "X" out from VS. The blank User Log screen won't go away. I have to stop service and then kill VS via task manager.

Same issue with Command Lines at full screen

Did this 3x, so it seems repeatable. Can anyone duplicate?

I did not try this with white list, but I expect same behavior as User Log & Command Lines.
I can confirm expanded user log,clear user log and try to 'X' out and can't.Have to use same method to kill VS and restart.
 
Last edited:
  • Like
Reactions: codswollip

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Was this the Eorian post you were referring to. Unfortunately I just installed 4.09b and it is still having the same issues. What's more I'm using a different computer, (still the same specs) and I'm on a totally different wireless network, same provider, comcast. Also, previous computer was baron of other software but this one had dozens of bloatware which I promptly removed, (registry is still very large). By the way, using the free version smart mode along side Crystal Security disabled, along with WD windows 7 version and WFW, UAC off. Another thing, I mentioned that at shutdown the programs manager, thanks plat1098, is warning that a program is keeping windows from shutting down properly, now their is a second warning and this one does show the program, it says Task Host Window, not sure that's a big help. My unprofessional gut feeling is the coding of your desktop gadget is causing the shutdown issue. No idea on the startup.
Also Dan if you're going to continue the banter with Umbra here in the forum good but at least admit to yourself that you actually enjoy it, likewise to Umbra. Nothing wrong with that. Nothing wrong with lively debate but.

Enjoy Halloween all.
Cool, thank you guys for posting these bugs... it looks like I have my work cut out for me over the next couple of days. I was hoping to be able to release 4.10 by tomorrow... but now it is not looking like it might be a couple of days from now.

I am actually done with the "banter"... I am not a fan of conflict. But at the same time, it is not cool when people knowingly post info that is simply not true. Like when someone says something like "Artificial Intelligence does not yet exist". This is simply not true... ask any data scientist that is going to work to tomorrow to work on their Ai project, they will tell you. Now, if someone says "Artificial General Intelligence does not yet exist", then I would agree 100% with that statement, and know that they researched the topic enough to make a valid point. We are all here to learn, and no one has all the answers, but I believe it is important for people to research the topic, perform the tests, stick to the main point of the discussion, and do their best to discover and convey the truth.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I'm having repeated registrations whenever I reboot or even logout as user and login again with v4.09beta. Did not see this with earlier betas. How'd you fix it? Or is there a new version I missed? Thanks!
I am going to go through all of the posts again and see if I can figure out what is causing this. If you guys have an idea, please let me know! I use the exact same software and registration method you guys use on all of my computers, and I have not had this issue once since the beta test started. But once we figure out what is causing this issue, it should be a very easy fix... sorry it is taking so long to narrow it down. Thank you!
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
A lot of people have used the VoodooShield+Comodo Firewall combo without problem. I am one of them,
You only need both if you are paranoid security geek who likes lots of prompts and enjoys troubleshooting issues.

+1 (y) & with cf@cruelsister I'm very rarely seeing a prompt. Someone unknown just emailed me a suspect file. it scanned clean at VT, but I was still suspicious, so I tried a VS scan to run it in cuckoo, and gee VS crashed on this file! :sick: BUT ran the same file aok in cf container to see what it was, and then I wiped it. I did what I know is "bad behaviour" (download and open a suspect email attachment) but sometimes I want to "play" :whistle:
 
  • Like
Reactions: shmu26

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I am going to go through all of the posts again and see if I can figure out what is causing this. If you guys have an idea, please let me know! I use the exact same software and registration method you guys use on all of my computers, and I have not had this issue once since the beta test started. But once we figure out what is causing this issue, it should be a very easy fix... sorry it is taking so long to narrow it down. Thank you!

No worries, thanks!!
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I see the prompt to choose what mode Voodoshield is supposed to run every time I log in with 4.09b. That being said I rarely log in. I put my computer to sleep. But it does get a lil inconvenient when you are switching users. Why not remember my last setting?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@danb ... bug or quirk... I set User Log to display "full screen" (I think that's the term). Then I cleared the User Log. BUT... after clearing the log I can't "X" out from VS. The blank User Log screen won't go away. I have to stop service and then kill VS via task manager.

Same issue with Command Lines at full screen

Did this 3x, so it seems repeatable. Can anyone duplicate?

I did not try this with white list, but I expect same behavior as User Log & Command Lines.
+1
Also, it did not actually show full screen, it was still minimized.
 
  • Like
Reactions: codswollip

gorblimey

Level 2
Verified
Aug 30, 2017
99
Any chance you cleared User Log? When you do that, the Threat Count remains unchanged.

Come to think of it... I clean installed 4.09, but didn't realise there was stuff in AppData that should have been cleaned out from 3.59, and set 4.09 to All Users. Then I found apps slow to start, and small hangs on shut down, hunting for clues on this I found ZAM and M B A M services running when both had been set to Free (on demand). Uninstall 4.09, disable auto-start for the malware services and ZAM.exe, then clean out Program Data and reinstall 4.09. And change it to All Users. Also I never checked through the Registry :eek:

So it it is entirely possible that VS could have found a threat count from somewhere.

And I now know that neither ZAM nor M B A M were interfering with app start times. It was indeed a long shot, but OTOH...
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I wanted to mention (from wilders)… if someone is reinstalling Windows, it is always a good idea to install all of your drivers and programs first, then install VS. This is true with all deny-by-default products.

Basically, when you are moving into a new house, you do not unlock the door, bring the couch in, lock the door, put the couch where it goes, then unlock the door and then lock the door, then go to the truck to get the beer fridge, then unlock the door, then lock the door, then bring in the beer fridge, then lock the door, then put the beer fridges where it goes.

The best thing to do is to keep the door unlocked, bring in the couch and the beer fridge, then lock the door and grab a cold one. And also, you do not need to lock the door all of the time… just lock it when it is necessary. Otherwise, it can be a real PITA.

This will also reduce the number of VoodooAi FP’s significantly. See, a lot of executables will spawn another executable from appdata. The problem is that none of these spawned executables have been added to our training data sets. And keep in mind, a lot of these executables, for example, are not signed and have other features that are not consistent with everyday executables… the kind that are included in our training data sets.

Our models and VoodooAi code (all 3000 lines of it) are in top notch shape… and we are only using around 100,000 - 150,000 samples in our training data sets. Hopefully soon I will be able to add a lot more safe and unsafe samples to our training data sets, and the results will be even better than they are now.

See, I actually wrote an app that displays the latest VoodooAi analysis in real time, so I know how well it is doing for the 99% of all common, everyday samples. It is doing remarkable, and it is only going to improve as we go. Keep in mind, we will ALWAYS want our models to be on the aggressive side. Simply because VS is a deny-by-default app, and if the computer is locked, the file is going to be blocked anyway. Providing file insight is key, even if it is slightly aggressive... it is much better than blocking a file and telling the user they are on their own to figure out if they should allow the file or not.

VoodooAi, and Ai in general, will never be perfect. But then again, do humans make the correct decision 95-99% of the time? (95-99% is the typical Ai efficacy) Not even close… I know I do not. It would actually be quite easy to make a compelling argument that when it comes to decision making, Ai already has the clear advantage over human decision making.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
FYI, the other reason you might be seeing a few more VoodooAi FP's is because a while back, a few people were asking if VoodooAi scanned all child processes of whitelisted items... because they were (rightfully) concerned about packed installers, etc. So I made some changes in VS 4.0 and tightened the scanning. The end result is that there are more FP's. Another side effect is that if someone disables "Automatically allow Program Files", these files will be scanned as well. All of this can be easily changed, and the key is to find the correct balance between security and usability. With VS, we essentially use a "lock-down" approach... basically start by locking the computer down, then slowly refine the logic until it is secure and usable.

I promise, there is a reason for everything ;). It would just take me way too long to explain each reason.
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
It would be nice if the new version got some "clean up white-list-rules button" that deletes rules for programs that are no longer on the pc (like Spyshelter). I like the idea that i don't have to look which of the five browser whitelisted exes is the one that's still existent and the old entry's doesn't fill the white list useless.
Got no time for betatesting so if the version got that feature don't hate me :D
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
It would be nice if the new version got some "clean up white-list-rules button" that deletes rules for programs that are no longer on the pc (like Spyshelter). I like the idea that i don't have to look which of the five browser whitelisted exes is the one that's still existent and the old entry's doesn't fill the white list useless.
Got no time for betatesting so if the version got that feature don't hate me :D
Hehehe, I completely understand if people do not want to run the beta ;).

I only ask if they do want to be part of the beta test, to fully understand that it is a beta, and there are going to be bugs... especially considering the massive changes in VS 4.0, and to take this into consideration when posting about the VoodooShield. Your comments are going to be around for a very long time.

With that out of the way... yeah, I included this feature in the initial release of VS 4.0, and it has been silently doing its thing. Basically, after VS loads, it automatically scans the items on the whitelist to see if they exist or not, and if they do not, it removes them from the whitelist.

Thank you... if you think of any other cool features we should add, please post them!
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
Basically, after VS loads, it automatically scans the items on the whitelist to see if they exist or not, and if they do not, it removes them from the whitelist.
So happy to hear that. Can't wait to see the final version of VS. Thanks for your kind answer :)
 
  • Like
Reactions: Gandalf_The_Grey

boredog

Level 9
Verified
Jul 5, 2016
416
For the having to reregister, I think others are using some program other then CCleaner. Also it appears some of the posts pertain to people that have set passwords. Neither of which I have done. I would sugest these users reset their install to default to see if anything changes. Then go back to undefault settings and notice anything out of the ordinary. Then post whatever changes they made from default.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hehehe, I completely understand if people do not want to run the beta ;).

I only ask if they do want to be part of the beta test, to fully understand that it is a beta, and there are going to be bugs... especially considering the massive changes in VS 4.0, and to take this into consideration when posting about the VoodooShield. Your comments are going to be around for a very long time.

With that out of the way... yeah, I included this feature in the initial release of VS 4.0, and it has been silently doing its thing. Basically, after VS loads, it automatically scans the items on the whitelist to see if they exist or not, and if they do not, it removes them from the whitelist.

Thank you... if you think of any other cool features we should add, please post them!
About automatically deleting non-existent items: The majority of the time, it is a great idea. But if you are like me, then you have some software that spawns a couple processes in a temp folder in appdata, while it is doing its job, and then it deletes them immediately afterwards. So VS alerts me about it next time, even though I already whitelisted it.
What can we do about this?
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
For the having to reregister, I think others are using some program other then CCleaner. Also it appears some of the posts pertain to people that have set passwords. Neither of which I have done. I would sugest these users reset their install to default to see if anything changes. Then go back to undefault settings and notice anything out of the ordinary. Then post whatever changes they made from default.
Thank you boredog... I am hoping this will help get to the bottom of this issue.
 
  • Like
Reactions: simmerskool
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top