Telos

Level 18
Verified
Content Creator
could you right click on the icon and then click exit and see if you get the exception I get?
I had that error when I tried to shut down VS just before installing 5.5beta. I don't have it now, though I did close to a clean install, keeping just a few files, but apparently blowing away my registration in the process. All is good now except for tedious WLC results when a popup window appears.
 

Gandalf_The_Grey

Level 24
Verified
New 5.51 beta out:
Hey guys, here is the latest version., we are getting super close but I am sure there will be a few bugs we have to work out. Integrating a complex component like WLC, which is basically a complete realtime scanner in 3-4 weeks is simply not possible without experiencing a few bugs. In all fairness, it is not like we are developing an AutoIt script or something… and whenever we do something ambitious like this, there are going to be issues. But VS would not be nearly as advanced as it is today if we would not have been ambitious and added sophisticated features and mechanisms throughout the years. We could lock the computer and call it a day or rarely update our software, but that is not going to change anything. If you want the world to use your computer lock, you have to make it user-friendly for them.

About the WLC icon… WLC is FULLY implemented into VS. The WLC icon is simply there to let the user know at all times that only known, safe files are running on the endpoint. It is also there for quick access to the WLC tab in VS settings. Either way, the WLC icon is completely optional. In fact, all of WLC options are completely optional. If you only want to allow WLC items, and not have it create firewall rules or alert you with the WLC icon and mini prompt when a new Not Safe item is detected, you can do that. You can configure WLC exactly how you want… it is incredibly flexible and elegant.
Besides any remaining bugs, we will also have to figure out what to do about temp folders. As we all know, malware loves to hide in these folders, and the problem is so do legitimate apps, and a lot of these legitimate apps do not have a Safe file reputation. So the issue is that there will be a few files in temp folders that appear at Not Safe files. WLC will automatically remove these files when they no longer exist, but some temp files hang out longer than they should. The obvious answer is to have VS automatically cleanup the temp folders… this would fix everything, and keep the temp folders sparkling clean all of the time. Can anyone see a disadvantage in doing this?
There are some other usability tweaks we will implement in WLC soon, for now I just wanted to get the implementation up and running. For example, in the user prompt, we will probably remove the VoodooAi result and replace it with the WLC. The whole goal is to reduce VS’s dependence on VT as much as possible, while replacing it with a mechanism that fits VS even better. But we had to get to this point before we even thought about refining the implementation. VT is great, but really VS should only utilize it for instant preliminary results while waiting for the WLC results, assuming the file is a not seen before file. Yes, I agree that when a file has not yet been analyzed by WLC, it takes a while to upload and analyze the file (mainly the upload). But once that hash is in the database, all subsequent lookups / scans will be super quick. Once we release VS to the public, the database will grow massively and there will be even less not seen before files that require the file to be uploaded.
And really, the full WLC feature set are mainly intended for SMB / enterprise, and for security enthusiasts / pros, with the goal of letting admins know on a continual basis that only safe files are executing on their endpoint… all at a glance. But some features of WLC will be super cool for home users as well… especially the ability to automatically allow Safe WLC files. The unwanted VS blocks will be essentially nonexistent.
In 5.51 beta, you will notice that I added Inbound and Outbound columns the WLC tab. Obviously, those are firewall rules, which can be applied or removed at any time… EVEN IF THE ITEM IS SAFE 😉.
Thank you for letting me know about the handful of Windows files false positives (like dismhost)… I will fix those in the cloud in a day or so, and when you reset your whitelist it will be fixed.
BTW, if you installed the 5.50 beta, you will need to uninstall VS then install the 5.51 beta. If you are running the 5.02 or 5.04, you should be able to install over the top with 5.51 beta.
https://voodooshield.com/Download/InstallVoodooShield551beta.exe
SHA-256: e05cb8ac0a89edaade7c3543c4717955c451efb2f953be3874f2bbad8e1cecdb
Please let me know about the remaining bugs and I will start figuring out the usability and start refining the WLC implementation. Thank you guys!
And for the Pro users:
BTW, if VS asks you to register after reboot, please let me know, I am testing the timeout on the internet connection check.

Also, all you have to do is go to VoodooShield Settings / Register tab and click the Confirm Registration button (until I fix it for good in the next version).
 
Last edited:

Gandalf_The_Grey

Level 24
Verified
Another day, another beta:
Hey guys, I am hoping we are almost there. If for some reason the scan is still taking forever, please email me your DeveloperLog.log and DeveloperServiceLog.log from the C:\ProgramData\VoodooShield folder. The initial scan should take less than 10 minutes, and all subsequent scans should take a second or two.

If you were not experiencing issues with 5.51, then you can install over the top. Otherwise, I would uninstall VS, reboot the computer and install 5.52.
I also included an automatic cleanup of the following folders, which runs right before each snapshot scan. I personally think it is a great feature to add to VS anyway, but if there is a reason we should not automatically clean up the temp files, please let me know. BTW, it automatically skips any files that are in use.
C:\Windows\Temp
C:\Users\User\AppData\Local\Temp
Also, I read a suggestion somewhere that was really cool… if you are still having issues with the WLC, please try the standalone version of WLC and let me know how it does. The code is essentially the same at this point, but it is a smart troubleshooting step either way. You can download it here:
https://www.whitelistcloud.com/Download/InstallWhitelistCloud.exe
BTW, there should not be a conflict between the standalone version of WLC and VS, so it should be safe to run them along side each other. Although there is obviously not a reason to do so now, with WLC being fully integrated into VS. I have to admit, I miss the tiny WLC standalone app though .
Please let me know how it goes, thank you guys!
https://voodooshield.com/Download/InstallVoodooShield552beta.exe
SHA-256: dba4fd21024a2bc2686f5ed4e70f1242b5fd24bf66c5ad0987b4cd4ed56abc48
Also, I read a suggestion somewhere that was really cool… if you are still having issues with the WLC, please try the standalone version of WLC and let me know how it does. The code is essentially the same at this point, but it is a smart troubleshooting step either way. You can download it here:
https://www.whitelistcloud.com/Download/InstallWhitelistCloud.exe
That was me on Wilders :D
 

Slyguy

Level 43
Thank you.

I intend to replace the old AppGuard 4.
After this latest version is out of beta, it will be significantly more powerful, in my opinion, than most other solutions of similar functionality out there.

I am really looking forward to the next retail launch of it with WLC integrated along with it's much improved performance and tweaks to see how it holds up in testing. Since VS already does very well in testing, WLC integration is going to put it on a whole new level. I sort of think AppGuard isn't really much of a comparison any longer.
 

Umbra

Level 26
Verified
In fact you can't compare Appguard with VS from the start. Appguard monitors dlls and drivers in addition to executables and has memory containment, which VS even with WLC can't do.
So to me, AG is still a more comprehensive solution, like any HIPS is more comprehensive than Appguard.
Wider the scope, more solid the solution is against various malware attack chains.
In our time, executables aren't only the only malware types.

Also Appguard is SRP, VS still an anti-exe, not the same mechanism to begin with.

The only apps you can compare AG with is Windows SRP/Applocker and other SRP in some corporate suite like Symantec EP, etc..
The only apps you can compare VS with is NVT ExeRadarPro or Secure AP (especially SAP which also use VT like VS).

So unless VS becomes full-fledged SRP and offers some memory protection, which I doubt it will ever happen, there is no comparison, there is no one is better than another. You can only compare what is comparable.

Im surprise you still don't know the difference between them...

But the poster above is right, as a home user, better use VS than AG.
VS is free and oriented for beginners, AG isn't for them, and not saying using an obsolete version like v4 is foolish and that is true for any security software.

Not saying than the main version of Appguard, the Enterprise one, not Solo, is way above that, there is not even a chance any home user solution be compared with. And no home user can't even deploy it properly since it needs its own Windows server like any serious corporate solutions.

So please @Slyguy, know all the facts before stating stuff. It is become annoying and tiring to correct over and over the same things when people talk about what they don't seems to understand despite dozen of explanations...
 
Last edited: