Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Latest
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 867240" data-attributes="member: 82776"><p>[USER=62850]@danb[/USER] I have not used your program, so I have a question. A member was so kind to post some pictures of the User Interface.</p><p></p><p>[ATTACH=full]235140[/ATTACH]</p><p></p><p>WIth the default deny and allow from Program Files, most neatly installed programs would always run (it is a pity that Microsoft installs Windows Defender in ProgramData), so only programs executing from user folders could be blocked in theory.</p><p></p><p>For signed programs will update nicely with the "Autimatically allow items that match a digital signature in the whitelist snapshot" rule. Assuming the snapshot also looks at ProgramData and Users (sub folders), this rule would also allow programs outside Windows and Program Files to update nicely.</p><p></p><p>The beauty of building a user specific local signature based whitelist is that the risk of signed malware is minimal (95% of the malware is unsigned). The allow by signature only applies to vendors which are already trusted and installed. This greatly reduces risk of 5% signed malware not being recognized. </p><p></p><p>Does the cloud whitelist contain hashes of (unsigned) programs recognized by the AI-engine as probably malware, but are considered clean by Cuckoo sandbox or Virus Total checkup? Another purpose for the cloud whitelist could be to collect a large data base of trusted vendors by signature. The problem with this approach is that when you also allow trusted vendors by signature, the when to stop adding trusted vendors.</p><p></p><p>So what is in the cloud whitelist? Unsigned programs, signatures of trusted vendors, and/or .....?</p></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 867240, member: 82776"] [USER=62850]@danb[/USER] I have not used your program, so I have a question. A member was so kind to post some pictures of the User Interface. [ATTACH type="full" alt="1584805798714.png"]235140[/ATTACH] WIth the default deny and allow from Program Files, most neatly installed programs would always run (it is a pity that Microsoft installs Windows Defender in ProgramData), so only programs executing from user folders could be blocked in theory. For signed programs will update nicely with the "Autimatically allow items that match a digital signature in the whitelist snapshot" rule. Assuming the snapshot also looks at ProgramData and Users (sub folders), this rule would also allow programs outside Windows and Program Files to update nicely. The beauty of building a user specific local signature based whitelist is that the risk of signed malware is minimal (95% of the malware is unsigned). The allow by signature only applies to vendors which are already trusted and installed. This greatly reduces risk of 5% signed malware not being recognized. Does the cloud whitelist contain hashes of (unsigned) programs recognized by the AI-engine as probably malware, but are considered clean by Cuckoo sandbox or Virus Total checkup? Another purpose for the cloud whitelist could be to collect a large data base of trusted vendors by signature. The problem with this approach is that when you also allow trusted vendors by signature, the when to stop adding trusted vendors. So what is in the cloud whitelist? Unsigned programs, signatures of trusted vendors, and/or .....? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
