- Mar 29, 2018
- 7,107
2.9.
@ticklemefeet - Unless I'm misunderstanding, I read his stuff as allowing the choice of security profile but most of the rest is the same. Query the dev. And @ COU you can find out more with his posts there.
VoodooShield Latest
- Thread starter vtqhtr413
- Start date
2.9.
@ticklemefeet - Unless I'm misunderstanding, I read his stuff as allowing the choice of security profile but most of the rest is the same. Query the dev. And @ COU you can find out more with his posts there.
Yes I am a member there, thanks. Been a Beta tester for some years.
- Mar 29, 2018
- 7,107
Seems silent is very relaxed and should only be used for a few days and also without popups i went with relaxed mode for now.
I've found relaxed to still have some protection, interestingly.. It still seems to snag a lot and protect your appdata folder locations and other things. I haven't dug into it too much yet, but even relaxed was somewhat protective on a test box.
Dan has 4.31 out, and reworked the right click menu to be quite lovely. Also you can now double click the VS icon, which used to drive me insane that you couldn't. This is shaping up to be even more glorious than I expected.
VoodooShield v4 STABLE Thread
Relaxed is pretty cool - let it build that whitelist. After 4 hours my sons whitelist ballooned up to 432 items. After a few more hours I will flip him over to Aggressive and he should be good to go.
Dan has 4.31 out, and reworked the right click menu to be quite lovely. Also you can now double click the VS icon, which used to drive me insane that you couldn't. This is shaping up to be even more glorious than I expected.
VoodooShield v4 STABLE Thread
Relaxed is pretty cool - let it build that whitelist. After 4 hours my sons whitelist ballooned up to 432 items. After a few more hours I will flip him over to Aggressive and he should be good to go.
- Aug 17, 2017
- 1,489
From Calendar of Updates: June 14 2018
Quote from a member
Hi Dan,
What do you think about this?
The best antivirus software in 2018 based on three security tests
Dan's response
Yeah, we missed one... AVLab tested VS in AutoPilot mode. If VS would have been ON during the test, it certainly would have blocked that file. It is kinda funny... AVLab emailed everyone the test results and they explained to me that they tested VS on AutoPilot mode because our User Guide says "Antivirus testing labs should run VoodooShield in AutoPilot mode when testing VoodooShield with traditional antivirus methodologies, since this mode emulates as closely as possible traditional antivirus." And that is perfectly cool with me... it just further demonstrates that the computer should be locked when it is at risk
.
AutoPilot mode is an allow-by-default mode, and if we are going to be tested along side other allow-by-default products, it is only fair that VS is tested in AutoPilot mode, otherwise we are not comparing apples to apples. Besides, if they were to have tested VS in Smart or Always ON mode, it would have been boring and we would not have learned anything new. Now, if someone was going to perform a deny-by-default product test, Smart Mode or Always ON would make more sense.
What is interesting is this... when VS is on AutoPilot, it will block any and all blacklist unknowns automatically (without question), and it will also block any file that has 5+ detections from the 65+ engines. And actually, 5 is not an absolute number because it also depends on VS's false positive detection feature. If even a single blacklist detection is found in an engine that VS believes to not be a false positive, it will be blocked. Also, VoodooAi missed the file as well, because when VS is on AutoPilot, if the VoodooAi result is greater than 50, it will be automatically blocked.
There will always be bypasses in non-locking, allow-by-default products, there is no way around it. Locking the computer full time is not the answer either. And sandboxing is great for security geeks, but not so great for the other 99%... for a lot of reasons that I have talked about before.
In other words, install your favorite effective AV product and also lock your computer when it is at risk with VoodooShield
.
From Dan at VoodooShield: June 17 2018
Here is 4.33... pretty much everything should be fixed except an issue with ivpn which I will work on tonight, and a weird script block in a C:\Intel folder (I think the script is changing or something).
There are not really any new features in this version... just mainly bug fixes and gui refinements.
https://www.voodooshield.com/Download/InstallVoodooShield433.exe
SHA256: 84cc9e60a8ab5d764ccb30bd59ac8fbe7d76c6879f45c57bc7dc8a3fd9a4ef24
Thank you guys, talk to you soon!
Quote from a member
Hi Dan,
What do you think about this?
The best antivirus software in 2018 based on three security tests
Dan's response
Yeah, we missed one... AVLab tested VS in AutoPilot mode. If VS would have been ON during the test, it certainly would have blocked that file. It is kinda funny... AVLab emailed everyone the test results and they explained to me that they tested VS on AutoPilot mode because our User Guide says "Antivirus testing labs should run VoodooShield in AutoPilot mode when testing VoodooShield with traditional antivirus methodologies, since this mode emulates as closely as possible traditional antivirus." And that is perfectly cool with me... it just further demonstrates that the computer should be locked when it is at risk
AutoPilot mode is an allow-by-default mode, and if we are going to be tested along side other allow-by-default products, it is only fair that VS is tested in AutoPilot mode, otherwise we are not comparing apples to apples. Besides, if they were to have tested VS in Smart or Always ON mode, it would have been boring and we would not have learned anything new. Now, if someone was going to perform a deny-by-default product test, Smart Mode or Always ON would make more sense.
What is interesting is this... when VS is on AutoPilot, it will block any and all blacklist unknowns automatically (without question), and it will also block any file that has 5+ detections from the 65+ engines. And actually, 5 is not an absolute number because it also depends on VS's false positive detection feature. If even a single blacklist detection is found in an engine that VS believes to not be a false positive, it will be blocked. Also, VoodooAi missed the file as well, because when VS is on AutoPilot, if the VoodooAi result is greater than 50, it will be automatically blocked.
There will always be bypasses in non-locking, allow-by-default products, there is no way around it. Locking the computer full time is not the answer either. And sandboxing is great for security geeks, but not so great for the other 99%... for a lot of reasons that I have talked about before.
In other words, install your favorite effective AV product and also lock your computer when it is at risk with VoodooShield
From Dan at VoodooShield: June 17 2018
Here is 4.33... pretty much everything should be fixed except an issue with ivpn which I will work on tonight, and a weird script block in a C:\Intel folder (I think the script is changing or something).
There are not really any new features in this version... just mainly bug fixes and gui refinements.
https://www.voodooshield.com/Download/InstallVoodooShield433.exe
SHA256: 84cc9e60a8ab5d764ccb30bd59ac8fbe7d76c6879f45c57bc7dc8a3fd9a4ef24
Thank you guys, talk to you soon!
- Jul 3, 2015
- 8,153
I think Dan is saying that the sample missed by Voodooshield autopilot had a low, but above zero, detection level on VirusTotal.From Calendar of Updates: June 14 2018
Quote from a member
Hi Dan,
What do you think about this?
The best antivirus software in 2018 based on three security tests
Dan's response
Yeah, we missed one... AVLab tested VS in AutoPilot mode. If VS would have been ON during the test, it certainly would have blocked that file. It is kinda funny... AVLab emailed everyone the test results and they explained to me that they tested VS on AutoPilot mode because our User Guide says "Antivirus testing labs should run VoodooShield in AutoPilot mode when testing VoodooShield with traditional antivirus methodologies, since this mode emulates as closely as possible traditional antivirus." And that is perfectly cool with me... it just further demonstrates that the computer should be locked when it is at risk.
AutoPilot mode is an allow-by-default mode, and if we are going to be tested along side other allow-by-default products, it is only fair that VS is tested in AutoPilot mode, otherwise we are not comparing apples to apples. Besides, if they were to have tested VS in Smart or Always ON mode, it would have been boring and we would not have learned anything new. Now, if someone was going to perform a deny-by-default product test, Smart Mode or Always ON would make more sense.
What is interesting is this... when VS is on AutoPilot, it will block any and all blacklist unknowns automatically (without question), and it will also block any file that has 5+ detections from the 65+ engines. And actually, 5 is not an absolute number because it also depends on VS's false positive detection feature. If even a single blacklist detection is found in an engine that VS believes to not be a false positive, it will be blocked. Also, VoodooAi missed the file as well, because when VS is on AutoPilot, if the VoodooAi result is greater than 50, it will be automatically blocked.
There will always be bypasses in non-locking, allow-by-default products, there is no way around it. Locking the computer full time is not the answer either. And sandboxing is great for security geeks, but not so great for the other 99%... for a lot of reasons that I have talked about before.
In other words, install your favorite effective AV product and also lock your computer when it is at risk with VoodooShield.
From Dan at VoodooShield: June 17 2018
Here is 4.33... pretty much everything should be fixed except an issue with ivpn which I will work on tonight, and a weird script block in a C:\Intel folder (I think the script is changing or something).
There are not really any new features in this version... just mainly bug fixes and gui refinements.
https://www.voodooshield.com/Download/InstallVoodooShield433.exe
SHA256: 84cc9e60a8ab5d764ccb30bd59ac8fbe7d76c6879f45c57bc7dc8a3fd9a4ef24
Thank you guys, talk to you soon!
If fully undetected, it would be blocked, and if a high detection level (or flagged by a very reliable vendor) then it also would be blocked. But it scored under the threshold, and it looked safe when analysed by Ai.
So the weakness of autopilot is not with totally fresh malware, but rather with semi-fresh malware.
QUESTION: What additional restrictions does "Smart" mode add? Digital signature?
Last edited:
- May 29, 2018
- 2,606
There are still some right click issues.
1. Right clicking on tray icon, window only stays open for three seconds.
2. Right clicking on either the tray or desktop icon then clicking on the top mode changes the mode. In my case I have it set to smart mode. and it switches to either auto-pilot or always on mode.
1. Right clicking on tray icon, window only stays open for three seconds.
2. Right clicking on either the tray or desktop icon then clicking on the top mode changes the mode. In my case I have it set to smart mode. and it switches to either auto-pilot or always on mode.
- Mar 29, 2018
- 7,107
Thanks for the post. No issues here. I keep it in "Always On" mode, of course.
- Aug 2, 2015
- 4,286
- Mar 29, 2018
- 7,107
Just did. It's only you. Unless we were breaking up, then it's me!
ok I will reboot and see if it changes.
I uninstalled Voodoo and reinstalled. Now right clicking on desktop icon works and stays in smart mode but right clicking on tray icon , the mode changes.
I uninstalled Voodoo and reinstalled. Now right clicking on desktop icon works and stays in smart mode but right clicking on tray icon , the mode changes.
- May 29, 2018
- 2,606
Is there any point to run voodooshield with software like comodo firewall?
Since you can exe. file and check it like with virustotal, its still extra layer of security?
Since you can exe. file and check it like with virustotal, its still extra layer of security?
- Jul 3, 2015
- 8,153
The main advantage will be the firewall itself. You can also hope that each program will cover for any glitches and inadequacies that might exist in the other.
Where have you been hiding, Ghostie? It's not the same here without you
I looked again in Voodoo rules, and it seems that even AutoPilot requires a digital sig. So I am a bit puzzled why Smart mode would have sniffed out that malware sample missed by Autopilot. What additional checks does Smart mode do?
Another question, while I am at it: some safe installers generate a prompt that says "acceptable", and other safe installers generate no prompt at all -- they just launch. Why is that?
I am in Always ON/Aggressive.
- Jul 3, 2015
- 8,153
To answer my own questions, it seems that it works like this:
AutoPilot will automatically allow any file that passes a relatively lenient inspection.
Smart mode/Aggressive will prompt -- with a recommendation saying "acceptable" -- for any file that passes a relatively strict inspection. And if that file is on the Voodooshield whitelist, there will be no prompt, it will be automatically allowed.
My big problem is when VS doesn't have internet connection, for whatever reason. It keeps prompting again and again for files that I have already whitelisted. This is so very annoying that I uninstalled VS.
- Mar 17, 2016
- 457
Anyone having problem with VS after Win10 update... just recently updated windows now VS doesn't start its service.
- May 29, 2018
- 2,606
Working fine latest build. If you did upgrade from previous version 7/8.1 to windows 10 you have to do clean install after.
But like updating to latest build 1803, there shouldnt be problem
- Aug 17, 2017
- 1,489
Source: VoodooShield v4 STABLE Thread
Dan posted this 6/23
Hey everyone... sorry, I have been wrapped up trying to figure out a very odd bug with the new self protection feature. In 4.29-4.33, if certain calls were made to the VoodooShieldService from VS, like if the user is trying to reset their whitelist or take an advanced snapshot, then VS would act up. It turns out, that we over protected VS and VoodooShieldService, and one of the Windows processes need to access it too. Anyway, now that we know what the issue is, our kernel developer will be able to fix it in a jiffy... but it is going to take a couple of days. So this version does not have self protection, but it will be fully implemented and fixed in the next version.
BTW, I noticed that sometimes when the user would right click to exit VS, it would spawn again, so I changed how VS starts with the service. I think it is fully fixed, but I will keep and eye on it, and if you guys notice anything odd, please let me know.
Also, in the silent security posture, VS will now flash if it blocks something silently... it will still not display a prompt though.
In the meantime, here is 4.34 with even more little refinements and enhancements. I am almost finished refining and enhancing VS, then I am going to...
1. Implement some really cool ideas on the moderate, relaxed and silent security postures. They are currently quite basic and not super protective... but there are tons of things I can do to make them even more secure and user-friendly.
2. Retrain VoodooAi. I have not retrained VoodooAi for 7-8 months because I have been busy with VS 4.0. But now that it is ready, it is time to focus on VoodooAi a little. I forgot the exact numbers, but I believe the current models where trained on training data sets of around 100,000 or so samples. We will now be able to include most or all of the blocked and scanned samples from the last 7-8 months that are now in the VoodooAi database... and there are tons of them... I am guessing around 1.5 million or so new, unique samples. These are not the number of VS blocks... these are the number of new, unique files that VS has encountered on the endpoints it is protecting, when a file is blocked or manually scanned.
VoodooAi's has the ability to be amazingly accurate and precise, but the end result is only as good as the training data sets... so I am excited to see the results once we include these samples during training. Then again, I have always been extremely happy with VoodooAi's results. If you download the top 100 files from download.com or softpedia and run them against VS / VoodooAi, you will quickly see my point. I actually downloaded all 100 samples a while back from download.com if anyone wants them
. Anyway, the whole point of VoodooAi is to determine whether a file is safe or unsafe... it is not necessarily designed to determine the maliciousness of a file. So when you combine the blacklist scan with VoodooAi, it makes for a rather great combo. And besides, it is good to be different... that is what VS is all about
.
3. Modernize the gui and possibly the desktop shield gadget / logo with the help of a graphic designer.
4. Anything else you guys can think of... I have some ideas too that I will run by you soon.
https://www.voodooshield.com/Download/InstallVoodooShield434.exe
SHA256: c071256eef0ccb4bcb73dd08ca0ae9a8ab6d396538eaf962f2f932b64e2da795
Thank you guys, I will catch up soon!!!
BTW, I forgot to mention... hopefully the Check Update and other prompts will show on top of the VoodooShield Settings window... if not, there are a couple of other things I can do. It is just kind of difficult because the desktop shield gadget is TopMost, and the settings form is TopMost, then the prompts are TopMost... see where that can be tricky?
.
Dan posted this 6/23
Hey everyone... sorry, I have been wrapped up trying to figure out a very odd bug with the new self protection feature. In 4.29-4.33, if certain calls were made to the VoodooShieldService from VS, like if the user is trying to reset their whitelist or take an advanced snapshot, then VS would act up. It turns out, that we over protected VS and VoodooShieldService, and one of the Windows processes need to access it too. Anyway, now that we know what the issue is, our kernel developer will be able to fix it in a jiffy... but it is going to take a couple of days. So this version does not have self protection, but it will be fully implemented and fixed in the next version.
BTW, I noticed that sometimes when the user would right click to exit VS, it would spawn again, so I changed how VS starts with the service. I think it is fully fixed, but I will keep and eye on it, and if you guys notice anything odd, please let me know.
Also, in the silent security posture, VS will now flash if it blocks something silently... it will still not display a prompt though.
In the meantime, here is 4.34 with even more little refinements and enhancements. I am almost finished refining and enhancing VS, then I am going to...
1. Implement some really cool ideas on the moderate, relaxed and silent security postures. They are currently quite basic and not super protective... but there are tons of things I can do to make them even more secure and user-friendly.
2. Retrain VoodooAi. I have not retrained VoodooAi for 7-8 months because I have been busy with VS 4.0. But now that it is ready, it is time to focus on VoodooAi a little. I forgot the exact numbers, but I believe the current models where trained on training data sets of around 100,000 or so samples. We will now be able to include most or all of the blocked and scanned samples from the last 7-8 months that are now in the VoodooAi database... and there are tons of them... I am guessing around 1.5 million or so new, unique samples. These are not the number of VS blocks... these are the number of new, unique files that VS has encountered on the endpoints it is protecting, when a file is blocked or manually scanned.
VoodooAi's has the ability to be amazingly accurate and precise, but the end result is only as good as the training data sets... so I am excited to see the results once we include these samples during training. Then again, I have always been extremely happy with VoodooAi's results. If you download the top 100 files from download.com or softpedia and run them against VS / VoodooAi, you will quickly see my point. I actually downloaded all 100 samples a while back from download.com if anyone wants them
3. Modernize the gui and possibly the desktop shield gadget / logo with the help of a graphic designer.
4. Anything else you guys can think of... I have some ideas too that I will run by you soon.
https://www.voodooshield.com/Download/InstallVoodooShield434.exe
SHA256: c071256eef0ccb4bcb73dd08ca0ae9a8ab6d396538eaf962f2f932b64e2da795
Thank you guys, I will catch up soon!!!
BTW, I forgot to mention... hopefully the Check Update and other prompts will show on top of the VoodooShield Settings window... if not, there are a couple of other things I can do. It is just kind of difficult because the desktop shield gadget is TopMost, and the settings form is TopMost, then the prompts are TopMost... see where that can be tricky?
