VoodooShield Latest

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Nope. Even stopped the VS service. Redownloaded 5.01 and no change. SmartScreen does not like 5.01.
Also for me, SmartScreen blocks 5.01, but this does not perturb me so much, since I know that SmartScreen takes a few days to whitelist new files from the lesser-known vendors. If it was signed by google or adobe, it would have been whitelisted right away.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
As @oldschool mentioned, I downloaded the update from the VS site. and then executed it. SmartScreen popped, and I chose to pass on the update. The last thing I need to do is to install compromised security software. Since insufficient into existed to determine an FP, I went the conservative route.
So, SmartScreen saved the users from installing the beta version.:giggle:
But, the main thing is that the updater was downloaded/executed by you, so your post cannot be related to my post:
"Dan is wrong when thinking that Windows native SS could block the VoodooShield update. Any update made by VoodooShield does not attach MOTW. " Of course, the developer has to implement updates via application to avoid SmartScreen false positives (developers know it from years).
It is probable, that I misinterpreted Dan's words, and he had in mind not the future VS version with implemented SmartScreen, but the actual situation with 5.01 beta version.
Nope. Even stopped the VS service. Redownloaded 5.01 and no change. SmartScreen does not like 5.01.
SmartScreen cannot stop a service. Did you see the SmartScreen alert for that service?
Anyway, it is impossible because the service binary was not downloaded via the web browser to your disk (it is never recognized as a file from the Internet).
Generally, SmartScreen can block files downloaded from the Internet or files that have attached MOTW in another way (forced SmartScreen). It cannot block application executables which were dropped to disk by installer or updater (also any malware downloader). So, something else blocked the service.

You probably know most of the above. I wrote this for other readers because most readers have a problem with understanding how SmartScreen works. (y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
Installed VoodooShield 5.01 (in ShadowDefender) on Windows 10 ver. 1809 64-bit. The installer is still blocked by SmartScreen, so I chose to bypass it. VS was installed without any problem. I set VS to Autopilot. Tried executing ConfigureDefender. VS allowed executable but prevented it to work (PowerShell commands blocked). No other problems. (y)
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
The installer is still blocked by SmartScreen, so I chose to bypass it. VS was installed without any problem. I set VS to Autopilot.
That shows quite a bit of trust on your part. VS update could have been compromised by a 3rd party. Why bother with SS if we ignore its alerts. How to assess safety? Upload to VT? Other?

Relatedly... How does Run By SmartScreen help us? That would only add more points of confusion (FPs)? Yes?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
VS update could have been compromised by a 3rd party.
Do you think it is worthwhile for an attacker to break into Voodooshield's internal system and offer a fake beta with a digital sig from Voodooshield? If so, we cannot allow any software to run automatic or manual updates, due to concern over update poisoning.
That's a little too paranoid for me...
 

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,149
Just tried to update Voodoshield from 5 to 5.01 ,Kerish Doctor{check installed programs} and according to EDGE the download contains a virus,anyone else get this block?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
VS isn't as popular as CCleaner. It isn't worth it for malicious people to try to mess with it. They have better targets.
Right. It's not worth it just to infect 10 beta testers who are paranoids running multiple security apps and will immediately notify the dev if they see anything suspicious.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
That shows quite a bit of trust on your part. VS update could have been compromised by a 3rd party. Why bother with SS if we ignore its alerts. How to assess safety? Upload to VT? Other?

Relatedly... How does Run By SmartScreen help us? That would only add more points of confusion (FPs)? Yes?
I bypassed SS only to show that it does not stop the VS service (you suspected that SS blocks the service). SS is not useful if one blindly bypasses it. So the average user should simply pass with installing VS beta 5.01, and this would be probably a very wise decision, anyway. Also, SS can be set to block on Windows 10 to force this wise decision. Average users should only install those applications which have a good reputation and are popular. The SS makes it possible.

Could SS be useful for you? That will depend on the applications you want to install. Suppose that you install 50% applications with low prevalence and 50% popular applications. Without SS you have to check in some way 100% installed applications (AV detection + Virus Total, etc.). When using SS the 50% of them will be accepted by SS. So, you have only 50% applications to check.(y)
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,711
Here is the change log for version 5.0 (I believe) : VoodooShield

@shmu26 Notice item #2. Since you had this issue, is there any way you can check on your system?


"What's New:
  • Added compression utilities to the vulnerable process list
  • There was an extremely uncommon silent blocking issue when VS could not determine the absolute path, this is fixed
  • Blocking in Disable / Install Mode should be fixed, if not, please let me know
  • Regional bug when the system time was changed to a different format should be fixed
  • Drag and drop and the right click context "VoodooShield Scan" now supports all file types
  • Logging bug fixed
  • Too many command lines were being added to the list... should be fixed
  • Xcopy was being blocked by batch files
  • "Threats Blocked: x" to be a clickable button that leads you to the UI section that shows your quarantine/blocked was added
  • A lot of other small fixes"
 

amico81

Level 21
Verified
Top Poster
Well-known
Jan 10, 2017
1,061
How strong is the free version of voodooshield compared to the paid-version?


VOODOOSHIELD FREEVOODOOSHIELD PRO
PRICEFree$29.99 / year / computer
COMPUTER LOCK
tick.png
tick.png
MACHINE LEARNING / AI
tick.png
tick.png
MULTI-ENGINE BLACKLIST
tick.png
tick.png
ADVANCED SNAPSHOT
cross.png
tick.png
MULTIPLE SECURITY POSTURES
cross.png
tick.png
UNLIMITED RULES
cross.png
tick.png
ADJUSTABLE USER SETTINGS
cross.png
tick.png
NO NAG SCREENS
cross.png
tick.png
ENTERPRISE FEATURES
cross.png
tick.png
CUSTOMER SUPPORT
cross.png
tick.png
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,711
How strong is the free version of voodooshield compared to the paid-version?

It's the same aggressive deny-by-default as Pro. Free version lacks configurability, UI tweaks and other listed features. Pro version gives you more flexibility in how you run it, e.g. it has Security Postures which let you run it in a less strict mode. Personally, I like the advanced snapshot feature which free doesn't have.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Did your last test show silent blocks?
Nope, all the blocks I noticed were properly logged. The dism block produced an alert, and the other blocks might have happened while I was away from the computer, so I don't know if they produced alerts or not. But they were logged.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top