VoodooShield discussion

Status
Not open for further replies.

DotNet

Level 1
Verified
Sep 4, 2017
34
Issues with VPN is back. I have Mullvad and VS keeps giving a popup saying anti-exploit detected "c/windows/syswow64/route.exe". I click allow and it pops right back up and never remembers the choice. After clicking allow 10 times in 10 seconds I shut down VS.
Blocked: c:\windows\syswow64\route.exe | route delete 8000::/1 ::0 if 1 | c:\program files (x86)\mullvad\mullvad.exe
Process blocked by initial AntiExploit stage: c:\windows\syswow64\route.exe
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-22-2017 09:54:50] [DEBUG] - ->DriverCommunication.ctor
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:04:45] [DEBUG] - Thread 0 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 1 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 2 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 3 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 4 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 5 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 6 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 7 Failed to stop
[11-23-2017 07:04:47] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 07:04:57] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Client disconnected

Never mind, fixed it. Anti-exploit is for webapps and I had Mullvad added as a webapp. Removed it and now no issues.
 
Last edited:
  • Like
Reactions: hamo

hamo

Level 10
Verified
Well-known
Mar 30, 2014
468
Issues with VPN is back. I have Mullvad and VS keeps giving a popup saying anti-exploit detected "c/windows/syswow64/route.exe". I click allow and it pops right back up and never remembers the choice. After clicking allow 10 times in 10 seconds I shut down VS.
Blocked: c:\windows\syswow64\route.exe | route delete 8000::/1 ::0 if 1 | c:\program files (x86)\mullvad\mullvad.exe
Process blocked by initial AntiExploit stage: c:\windows\syswow64\route.exe
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-22-2017 09:54:50] [DEBUG] - ->DriverCommunication.ctor
[11-22-2017 09:54:50] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 07:04:45] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:04:45] [DEBUG] - Thread 0 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 1 Failed to stop
[11-23-2017 07:04:45] [DEBUG] - Thread 2 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 3 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 4 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 5 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 6 Failed to stop
[11-23-2017 07:04:46] [DEBUG] - Thread 7 Failed to stop
[11-23-2017 07:04:47] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 07:04:57] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 07:04:57] [DEBUG] - DriverCommunicationService::Enter main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 07:10:10] [DEBUG] - DriverCommunicationService::Client disconnected

Same here.
 
  • Like
Reactions: _CyberGhosT_

DotNet

Level 1
Verified
Sep 4, 2017
34
Do not add your VPN client or OpenVPN to the list of web apps. Web apps has anti-exploit protection by default. Any web app that changes your network or routes and ports is correctly flagged as a threat.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
No issues here with AirVPN:
AVPN_Thanksgiving.png
 

DotNet

Level 1
Verified
Sep 4, 2017
34
Another crash.
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnect
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Exit main loop
[11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
[11-23-2017 10:11:51] [ERROR] - Wait For response error 0x00000000
[11-23-2017 10:11:51] [DEBUG] - Thread 8 Failed to stop
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Disconnected
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService::Client disconnected
[11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Connect 10 threads
[11-23-2017 15:51:43] [DEBUG] - ->DriverCommunication.ctor
[11-23-2017 15:51:43] [DEBUG] - DriverCommunicationService::Enter main loop
[11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Client disconnected
[11-24-2017 04:12:25] [DEBUG] - DriverCommunicationService::Disconnect
[11-24-2017 04:12:25] [DEBUG] - Thread 0 Failed to stop
[11-24-2017 04:12:25] [DEBUG] - Thread 1 Failed to stop
[11-24-2017 04:12:25] [DEBUG] - Thread 2 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 3 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 4 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 5 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 6 Failed to stop
[11-24-2017 04:12:26] [DEBUG] - Thread 7 Failed to stop
[11-24-2017 04:12:27] [DEBUG] - Thread 8 Failed to stop
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Another crash.
[11-23-2017 10:11:51] [DEBUG] - DriverCommunicationService: Disconnect
...
Maybe post your VS logs for this program/time interval.

Any Event Viewer notifications (Critical/Error/Warning)?
 

DotNet

Level 1
Verified
Sep 4, 2017
34
The event viewer had DHCP errors related to Mullvad. I already deleted all the logs & clean installed VS. If it occurs again I will post more details.
 

boredog

Level 9
Verified
Jul 5, 2016
416
This morning after updating to the latest insider build and rebooting, VS crashed. All I had to do is restart it but my firewall log looked strange. Showed 6 connections for VS.

ScreenHunter_83 Nov. 24 08.33.jpg
ScreenHunter_84 Nov. 24 08.37.jpg
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Sorry I have been away ;). I am still reviewing what bugs are left in our error reporting system, and it looks like we are getting close... and I truly appreciate your guys help working through the beta with me... now that was not so bad was it ;).

The next few weeks, I am going to be busy with business stuff, but I will also be fixing any remaining bugs in 4.0... so I probably will not be able to post much for 3-4 weeks.

Hopefully soon every device will automatically lock when it is at risk ;).

Thank you guys, talk to you soon!
 

ColonelMal

Level 3
Verified
Well-known
Jul 5, 2017
109
In the last few hours there is a recurence of a problem that I had with previous builds of version 4. Currently I am running 4.12b.
The problem is that one program, Directory Opus, freezes and I have to exit Voodooshield in order to make it work again. This was solved at some point after I installed a later beta.
The particular program is shown in the Whitelist both as a Snapshot and as Auto Allowed.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
In the last few hours there is a recurence of a problem that I had with previous builds of version 4. Currently I am running 4.12b.
The problem is that one program, Directory Opus, freezes and I have to exit Voodooshield in order to make it work again. This was solved at some point after I installed a later beta.
The particular program is shown in the Whitelist both as a Snapshot and as Auto Allowed.
Hmmm, odd... what is the path of Directory Opus?
 

ColonelMal

Level 3
Verified
Well-known
Jul 5, 2017
109
Hmmm, odd... what is the path of Directory Opus?
The paths shown in the Whitelist are "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" and "C:\Program Files\GPSoftware\Directory Opus\dopus.exe"

To add to my previous observation, if I recall the problem was solved at the other time after you fixed something on your server. May be a coincidence?

EDIT: I last reported the problem solved in September, in this posting in VoodooShield discussion
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
The paths shown in the Whitelist are "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" and "C:\Program Files\GPSoftware\Directory Opus\dopus.exe"

To add to my previous observation, if I recall the problem was solved at the other time after you fixed something on your server. May be a coincidence?
It's hard to say... can you please post a link so I can download Opus, and any instructions that might help to reproduce the error? Thank you!
 

ColonelMal

Level 3
Verified
Well-known
Jul 5, 2017
109
The download page is here. I have the pro edition.

EDIT: The error occurs after I use DOPUS, switch to my browser (Firefox) and then return to DOPUS. It's possible that it could happen with other programs or sequences, but the one I described is definite and recurring. I guess one may have to find out what happened after version 4.05b when it was resolved, and of course why it has suddenly reappeared. It may be worth noting that I haven't installed anything (unless it was done in the background) before the reappearance of the issue..
 
Last edited:

Rainwalker

Level 1
Sep 7, 2017
22
Dan, I am still having the problem talked about in post #1501. I am now running v. 4.12b. I will continue to do so with the hope the problem will be seen by you. That problem now has something to do with TypeInitialization. I understand you will be gone for awhile so I will hang in there.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Thank you guys! I will look at these two issues and hope to have them fixed in the next few days.

At some point we will offer VS in other languages... possible sooner than later. A lot of things are up in the air right now, but I hope to be able to offer this soon.

Thanks again!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top