Advice Request Voodooshield documentation unclear, Dan please help

Please provide comments and solutions that are helpful to the author of this topic.

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Hey Dan, giving your smart program a run again. (y)

In the free when SMART is ON: :
a) critical windows processes are allowed
b) all programs in programs folders are allowed
c) all programs having the same signature as programs already whitelisted
d) all other will be blocked

I am using SimpleWindowsHardening (blocks all scripts in user folders) and ConfigureDefender with cloud check on HIGH So now I am auto allowing everything in Windows and Programs Files, auto-allowing all signed programs in ProgramData, auto allowing new programs with same signature as already installed programs AND auto allowing new signed programs with AI lower than 33.

1606601987701.png


Any reason why you allow all programs in programs folders and only critical programs in windows folder?
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Very interesting combo with the other apps and VS rules! When I first created the Rules feature, I figured that a lot of people would create tons of various really cool rule sets to basically see how few rules they could use to effectively lock down the system. But most people just run VS in its default settings... I know I do ;).

I would be happy to help, but I am not sure what you are asking.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Not being able to make those rules work is one of the two thing that keeps me away from using this product, to be honest.
I am not sure what you mean... was there a bug in the rules the last time you tried? The Rules feature seems difficult to learn, but once you make a couple of rules, it is super easy to understand. Just remember that the 3 file insight boxes are there to determine whether they will be included in the rule or not.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Thanks @danb for joining in, question I have is with the rules shown in the picture do I

1. Allow all executables in Windows and Program Files, Program Files x(86) folders?
2. Allow signed programs in AppData?
3. Allow all executables signed AND having an AI score equal or lower than 33?
4. Allow all executables on other locations which have the same signature as programs already whitelisted by VS?
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
I am not sure what you mean... was there a bug in the rules the last time you tried? The Rules feature seems difficult to learn, but once you make a couple of rules, it is super easy to understand. Just remember that the 3 file insight boxes are there to determine whether they will be included in the rule or not.

Could be a bug, i don't know. There was only one rule I have set and it was like; auto-allow files that is: signed, verified, VoodoAI < 10 and Virustotal = 0 (in the new version this was changed to Whitelistcloud afaik). But the program was still asking for permission to run files that fits the rule I set.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I see you are running VS 6.06. The bug you mentioned was fixed in 6.06b... I just tested to confirm.

 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I installed 6.06 from your website, updates several times, but did not get 6.06b.

Could you also check adding rules with name and thumbprint. It seems VS always includes thumbprint, so I can't use an signature rule taken from Explorer.exe for Audiodg,exe (as example which both have Microsoft Windows signature)
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Instead of posting this here too...

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top