- Mar 29, 2018
- 7,111
FYI - this is with WD high settings. But still, your point is well taken.
VoodooShield Latest
- Thread starter vtqhtr413
- Start date
FYI - this is with WD high settings. But still, your point is well taken.
The FP has been taken care of by MS. Guessing they are using a hash and when a file's hash changes, it is flagged. I think Cylance works similar.
Every single time I get a new insider build Cylance quarantines a file or two.
Every single time I get a new insider build Cylance quarantines a file or two.
- Jul 3, 2015
- 8,153
It happens also with NoVirusThanks products. It's very common for MS to do that.
Wow! Just simply wowzers!! Dan is the man. I'm happy to see so much great progression and fantastic work being put into this great software.
Malwaretipers hooah for continuing to post the latest builds and information here. I really enjoy using this product on my build. Any new builds I complete for people get the free version of VoodooShield and the people in most cases opt for the Pro version not long after, because of how great the product is. Without VoodooShield on a computer the computer itself seems incomplete to me now - I know it sounds funny, but it is true!
I'm truly impressed by this great software!
Dan, keep up the great work my friend!
~Brian
Malwaretipers hooah for continuing to post the latest builds and information here. I really enjoy using this product on my build. Any new builds I complete for people get the free version of VoodooShield and the people in most cases opt for the Pro version not long after, because of how great the product is. Without VoodooShield on a computer the computer itself seems incomplete to me now - I know it sounds funny, but it is true!
I'm truly impressed by this great software!
Dan, keep up the great work my friend!
~Brian
- Mar 29, 2018
- 7,111
Watch out or you'll be accused of "Fanboy-ism"!
I love it too! That's why I upgraded some time ago @shmu26 and other posters - WD still flagging the new build.
EDIT: I just saw this on COU:
Microsoft fixed the false positive... but I had to complete the following to get it to work, the entire report is below. On a side note... I see why people complain about false positives... this is what I would call a "true" false positive. When VoodooAi is a little high, and it still is on occasion, that is not a freaking false positive... you can easily click the allow button. This incident with MS was a true FP, and inbuilt security software should have zero (or a number approaching zero) false positives. Then the user adds what security layers they like. WD has become much more effective over the years, but at the expense of incidences like this. If you want my opinion... I do not think it will be too much longer until all anyone ever needs is WD and VS.
Anyway, thank you for letting me know about the FP!!!
installvoodooshield.exe
Submission ID: 4a061e1a-2d75-4fc3-9d74-e41401ed4b9b
Status: Completed
Submitted by: ***@voodooshield.com
Submitted: Nov 3, 2018 2:49:59 PM
User Opinion: Incorrect detection
Analyst comments:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Jul 3, 2015
- 8,153
An FP is Microsoft's highest crown of honor for a worthy security soft. LOL
LOLDan just posted this lol
"BTW, the false positive was fixed for a couple of hours, but it seems to be back. I resubmitted the file and we will see what happens
."
"BTW, the false positive was fixed for a couple of hours, but it seems to be back. I resubmitted the file and we will see what happens
Dan just posted this lol
"BTW, the false positive was fixed for a couple of hours, but it seems to be back. I resubmitted the file and we will see what happens."
Hmmm interesting, I just downloaded it now and it was fine with WD at high settings, it wasn't flagged. Another member on COU uploaded it to VT and it was not flagged by Microsoft.
If you are talking about Triple Helix, his link to VT shows WD was not included, just Webroot. Please look at it again.
I did and it lists all of the vendors including Microsoft and its not detected by Microsoft.
Here's his link VS Virus Total
Then I don't know what is going on other then what Dan said. Also the VT does not always use the same scanner as we do.
Ya I am not sure, its strange...The only thing I can think of is maybe he was trying a new beta version that he hasn't released yet??
- Mar 29, 2018
- 7,111
Nope! I tried clearing the cache and downloading again to no avail! Version 4.63 and prior were technically beta. 4.64 is what is released on his site. I'm on 1803. Oh well, someone will figure it out!
Nope! I tried clearing the cache and downloading again to no avail! Version 4.63 and prior were technically beta. 4.64 is what is released on his site. I'm on 1803. Oh well, someone will figure it out!
@oldschool just want to clarify, is WD flagging VS as malware for you, or is it saying it's safe? I'm on 1809 and just downloaded it again from his site and it was fine. It is indeed very strange. I do have my BAFS level set to "Block" which has even less tolerance than "highest", so it is indeed strange why its working for some and not others.
Actually a quick question, do you have the new sandboxing feature enabled? I have it disabled.
As you said, Im sure it will be sorted out.
- Mar 29, 2018
- 7,111
From Dan, earlier:
Thank you TH! Yeah, I am not sure which engine is listed on VT for Microsoft... but when you submit a FP to MS, you have to choose from following list of MS security products. At this point the only product we know that has a FP is "Windows Defender Antivirus (Windows 10)" so that is what I chose. Besides, you always hear how the VT results might be different from the endpoint product results, so your guess is as good as mine
.
System Center Endpoint Protection
Windows Defender Antivirus (Windows 10)
Windows Intune
Microsoft DaRT
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Protection for SharePoint
Microsoft Forefront Server Security
Microsoft Security Essentials
Office 365 and Exchange Online Protection
System Center 2012 Endpoint Protection
Windows Defender (Windows
Windows Defender (Windows 7, Windows Vista, or Windows XP)
Windows Server Antimalware
Other
There were massive changes between 4.53 and 4.64. We did not seem to have any issues at all until I updated our download link to 4.64 (in other words... versions prior to 4.64 were never linked on our site). I wonder if that has anything to do with it... especially since if you download VS in Chrome and then scan with WD 10 (fully updated), it does not have a FP. So I am guessing that it is some feature in Edge that has a bug or something... it is hard to say. Either way I am sure they will have it fixed soon. Thank you guys!
Thank you TH! Yeah, I am not sure which engine is listed on VT for Microsoft... but when you submit a FP to MS, you have to choose from following list of MS security products. At this point the only product we know that has a FP is "Windows Defender Antivirus (Windows 10)" so that is what I chose. Besides, you always hear how the VT results might be different from the endpoint product results, so your guess is as good as mine
System Center Endpoint Protection
Windows Defender Antivirus (Windows 10)
Windows Intune
Microsoft DaRT
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Protection for SharePoint
Microsoft Forefront Server Security
Microsoft Security Essentials
Office 365 and Exchange Online Protection
System Center 2012 Endpoint Protection
Windows Defender (Windows
Windows Defender (Windows 7, Windows Vista, or Windows XP)
Windows Server Antimalware
Other
There were massive changes between 4.53 and 4.64. We did not seem to have any issues at all until I updated our download link to 4.64 (in other words... versions prior to 4.64 were never linked on our site). I wonder if that has anything to do with it... especially since if you download VS in Chrome and then scan with WD 10 (fully updated), it does not have a FP. So I am guessing that it is some feature in Edge that has a bug or something... it is hard to say. Either way I am sure they will have it fixed soon. Thank you guys!
- Mar 29, 2018
- 7,111
@oldschool just want to clarify, is WD flagging VS as malware for you, or is it saying it's safe? I'm on 1809 and just downloaded it again from his site and it was fine. It is indeed very strange. I do have my BAFS level set to "Block" which has even less tolerance than "highest", so it is indeed strange why its working for some and not others.
Actually a quick question, do you have the new sandboxing feature enabled? I have it disabled.
As you said, Im sure it will be sorted out.
Flagged as virus. Attempted download with Edge. Yes, new sandboxing enabled but I'm going to disable - if I can remember how.
Flagged as virus. Attempted download with Edge. Yes, new sandboxing enabled but I'm going to disable - if I can remember how.
Interesting I downloaded it through Edge as well lol, ah good old Microsoft
When I disabled it I just deleted it from the "System Variables" list and restarted
- Mar 29, 2018
- 7,111
VS 4.65 available here: VoodooShield v4 STABLE Thread Use a browser other than Edge to download. As of this morning it was still blocking the new version. MS is having a bit of a time fixing this. New version running fine here!
I just downloaded it fine with Edge. However, I am not using WD's real time scan, just on demand and still using Cylance AV for real time.
- Mar 29, 2018
- 7,111
Funny, that's how I got it!. But I believe you could use WD and download with another browser.
