uninfected1,
VS Dev's reply -
VoodooAi relies on A LOT more than just the digital signature. Sometimes signing the file makes a big difference with Ai, sometimes it does not... it all depends on the other 40 or so features, and what their values are. Either way, developers should always sign their files because this is a factor in all malware engines.
If you look at UWT website, they clearly state:
NOTE: Some security software may report it as being suspect. This is because the tweaker changes Windows system setting. Rest assured that it is a false-positive. You will have to add it to your exceptions list and allow it, if you trust us.
Ultimate Windows Tweaker 4 for Windows 10
In all fairness, I would suggest that in this case, VoodooAi rendered the correct verdict... even the developer is aware that this particular file "looks" like malware to av engines. Not to mention the fact that the files is not signed. I signed the file and analyzed it again with VoodooAi, and the result was 0.7196... so no matter how you slice it, this file just looks like malware. I would be disappointed in VoodooAi if it called it safe.
I am by no means suggesting that VoodooAi is absolutely perfect... if it were, there would be no reason to have the blacklist, or the VoodooShield application whitelisting component. For effective protection, you really need all three. Simply having a lock without any kind of file insight is pointless for the vast majority of users. The blacklist scan takes care of the known malware, and VoodooAi takes care of the unknown and zero days.
Also, keep in mind, VoodooAi is not quite as accurate with all of the lesser known utilities that computer enthusiast use, simply because they are not as well developed as some of the larger developers, like Microsoft, Adobe, Mozilla, etc. Then again, the vast majority of users do not use these files nearly as much as the products from the larger companies.
Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program. Most malware (something like 99%) are super small in size, because they essentially have only one purpose, so they are less complex and functional than safe programs.
This is just the way Ai works (and always will), and why it is so effective at stopping unknown and zero days... but also why it needs to be combined with a blacklist scanner just to be sure.
FixWin for Windows 10 tested safe with VoodooAi... probably because it is further along in development than an older version of FixWin.
Anyway, I just wanted to give you guys a little better understanding of how VoodooAi works. If you have any questions, please let me know!