It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 31, 2017
- 42
Great video, superb. 
Easiest explanation:
No process spawn = no anti-executable involvement.
Can't be explained more straight forward than that!!
Easiest explanation:
No process spawn = no anti-executable involvement.
Can't be explained more straight forward than that!!
- May 31, 2017
- 1,719
Hehehe, I wouldn't be doing any back slapping yetGreat video, superb.
Easiest explanation:
No process spawn = no anti-executable involvement.
Can't be explained more straight forward than that!!
.WannaCry Exploit Could Infect Windows 10
Stay tuned!
- Dec 23, 2014
- 8,497
Can VoodooShield in Autopilot mode (used in video) block rundll32.exe?
In Dan's video test, VoodooShield was set to Always On.
In Dan's video test, VoodooShield was set to Always On.
- May 31, 2017
- 1,719
Yeah, but it is a little more relaxed on what it will allow when on AutoPilot, although it is still quite secure when on AutoPilot.
See, VS uses a special algorithm that compares strings, and if there is a "close enough" match, then VS will auto allow it. It is hard to explain without giving away any trade secrets... but I can tell you, on no uncertain terms, that there is a lot more going on under the hood than anyone would ever expect.
If you put VS on AutoPilot and run the following command line, VS will block it. I reserved this one Rundll32 command line for testing (I did not hardwire this one in).
Rundll32 Shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder
See, VS uses a special algorithm that compares strings, and if there is a "close enough" match, then VS will auto allow it. It is hard to explain without giving away any trade secrets... but I can tell you, on no uncertain terms, that there is a lot more going on under the hood than anyone would ever expect.
If you put VS on AutoPilot and run the following command line, VS will block it. I reserved this one Rundll32 command line for testing (I did not hardwire this one in
).Rundll32 Shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder
- Aug 2, 2015
- 4,286
That's good to know, DeepArmor delves into the "Strings" as well. I often use it in concert with VS.
I am now wondering Dan if I should be running DA with VS or not ?
- May 31, 2017
- 1,719
Yeah, and they probably extract the strings from the PE as well, as a feature for their ML/Ai. It is interesting stuff
.Sure, if they run great together, I would keep them both. I am not sure how many models they use, but I am guessing probably 3, so you would then have 6 ML/Ai models protecting you... and that is pretty cool!
- Aug 2, 2015
- 4,286
Yeah I haven't noticed any issues at all and I got in early with the DA beta so I have had them side by side for some time now.Yeah, and they probably extract the strings from the PE as well, as a feature for their ML/Ai. It is interesting stuff
Sure, if they run great together, I would keep them both. I am not sure how many models they use, but I am guessing probably 3, so you would then have 6 ML/Ai models protecting you... and that is pretty cool!
Thanks for the input I will leave it "as is"
- May 22, 2017
- 251
In the link Dan just posted himself
https://www.wilderssecurity.com/thr...infect-windows-10.394550/page-11#post-2687554
Zoltan states that the same thing happened when he tested it in White-Listing Mode.
- May 31, 2017
- 1,719
Yep... start reading at that point, scroll down, and stay tuned
.
- Dec 23, 2014
- 8,497
- May 22, 2017
- 251
You know as much as me at this point, Zoltan would need asked over at the other forum. It would either be Always On or the default Smart Mode.
Dan said yes, so if the dev said it himself, should be true.
Similar threads
- Microsoft Threat Intelligence
- Microsoft Defender
