Video VoodooShield Free

Source
https://youtu.be/ou7s9F1sl5U
Video created by
Shadowra

Shadowra

Level 5
Sep 2, 2021
234
2,623
Hello everyone, today I present you the Voodooshield software! :)

Attention, it is not an antivirus!
But rather like a customs officer, which can replace the UAC (User Account Control) of Windows.
The particularity of Voodooshield is that it can determine if the file is malicious (thanks to its Machine Learning AI) or suspicious.

In terms of protection, it does the job and will be your antivirus' best friend!

On the other hand, I noticed from time to time some latency time between the launch and the detection, quite strange on a fiber optic connection ! o_O

Recommendable!

RAM Usage : Light
Malware URL test : 9/10 (1 missed)
Fake crack : 1/1 (detected by Voodoo AI)
Dropper :
- Home Malware : 1/1 (Voodoo AI)
- Clutt Blue FileLocker : 1/1 (Voodoo AI Suspicious)
- NanoCore RAT (crypted by me - USG Signature) : 1/1 (Voodoo AI)
Result :
- Hitman Pro : 0
- NPE : 0


Request by @oldschool
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,105
6,480
Thank you @Shadowra for the really cool test, and all of the other really cool tests you perform!

When DefenderUI Pro is ready, I am curious if you could test it as well. Maybe disable MD completely (with DefenderUI of course), and see how it does. It is probably ready to test already, but we are close enough to a stable release that either way is fine, assuming you have the time are are wanting to test it.

BTW, I think 77.exe might be safe ;). I think it is just Putty.exe, which often times finds its way into malware packs for some odd reason.


Thanks again!

BTW, then next version of DefenderUI Pro is almost ready. I added a toggle button for "DefenderUI real-time protection" (and added it to the right click tray icon menu), and the XBox games block is fixed as well, I will post more about it asap.
 

Shadowra

Level 5
Sep 2, 2021
234
2,623
Thank you @Shadowra for the really cool test, and all of the other really cool tests you perform!

When DefenderUI Pro is ready, I am curious if you could test it as well. Maybe disable MD completely (with DefenderUI of course), and see how it does. It is probably ready to test already, but we are close enough to a stable release that either way is fine, assuming you have the time are are wanting to test it.

BTW, I think 77.exe might be safe ;). I think it is just Putty.exe, which often times finds its way into malware packs for some odd reason.


Thanks again!

BTW, then next version of DefenderUI Pro is almost ready. I added a toggle button for "DefenderUI real-time protection" (and added it to the right click tray icon menu), and the XBox games block is fixed as well, I will post more about it asap.

Of course for DefenderUI :D
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,105
6,480
I have seen this also on occasion, though with a low quality broadband connection. Thanks for the test. (y)
Yeah, this usually happens when a specific file has not yet been analyzed by WLC / VoodooAi. But once a specific file has been analyzed once, the cloud lookup should be super fast. In other words, if you are testing a malpack with VS and it is super fast, that means that malpack has probably already been tested ;). Or if it is slow, then you can safely assume that WLC / VoodooAi has never seen the samples before.
 

Blunder

New Member
Feb 9, 2020
3
10
Danb,

I have a question: My internet starts slowly. Why does VS warn at every startup for ig.exe and nissrv.exe, see the picture.
Image 1.jpg

When I click the announcement the appearing bigger window says these are unknown files. It does not help to allow the processes. The same usually happens at the next startup.

Am I hacked, or has Voodooshield a problem here?

ig.exe should be related to Malwarebytes and nissrv.exe to Microsoft defender.

The folder of ig.exe changes. There are huge number of these in the whitelist.

Image 2.jpg


nissrv.exe has these:

1636205016412.png
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,105
6,480
It does not look like you have been hacked based on the info you have provided. Are there any VS settings that have been changed from the default VS settings? And are you running the latest version of VS 6.62?

Can you please post or send me the parent process path to these blocks? Thank you!
 

Blunder

New Member
Feb 9, 2020
3
10
Hi Dan. I haven't changed intentionally anything. Version is 6.62 free.
Perhaps this would not happen if my internet would be up more quickly.....

"Can you please post or send me the parent process path to these blocks? " Do you mean this (notice that i.g.exe and nissrv.exe are sometimes auto allowed, sometimes blocked and sometimes user allowed. I looked through the user log and during last year or so usually ig.exe and nissrv.exe were auto allowed):

Image 22.png


Here are the announcements.

Image d1.png

Image 21.png
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,105
6,480
I see, thank you, yeah, that is the issue (the internet is not active). I might need to include more info on the user prompt when there is not an internet connection.

Either way, you should be able to allow both of theses, thank you!
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,105
6,480
The digital signatures are the same for auto allowed and auto blocked files. Apparently it is not enough to allow a file to run?
View attachment 261772
Correct, because the internet is required for signature verification. VS is pretty conservative and the end user is expecting it to behave like a lock. We could take the easy way out and lower the restrictions, but if we did that, then VS would not be a lock anymore ;).
 
Top