uninfected1

Level 10
Verified
Do you mean any/all unsigned are flagged as threat i.e unsafe by VAi?

I have few unsigned And were not flagged as threat i.e unsafe by VAi.
All unsigned I've tried to run VS detects as a threat. If you ran a few unsigned that weren't flagged as a threat that would suggest that I may have been wrong in thinking all unsigned are flagged as threats, but, yes, let me know what your findings are.
 
D

Deleted member 2913

All unsigned I've tried to run VS detects as a threat. If you ran a few unsigned that weren't flagged as a threat that would suggest that I may have been wrong in thinking all unsigned are flagged as threats, but, yes, let me know what your findings are.
Latest VS from Official website - VS 3.33 Beta Free Version
VS Mode - Always ON
Windows 10 64 Pro Anniversary Build Clean Install & Fully Updated
Windows Defender & Windows Firewall

Unsigned Test - VAi
Portable SubtitleEdit - Safe
Portable VidCoder 64 Bits - Be Careful
Installer DataRecoveryExpress - Unsafe
Installer FortCryptoExtension - Safe
Installer WindowsFirewallControl 4.7.2.0 - Safe
Portable DataLifeguardDiagnostics 1.28 WesternDigital - Suspicious
Installer Tally - Safe
Portable DnsJumper - Unsafe

Be Careful & Suspicious Verdict are little sensitive And its to let you know VAi find something suspicious So in settings I check the option to auto-allow files not detected as Unsafe by VAi (I have Pro version).

Attached are the screenshots
 

Attachments

D

Deleted member 2913

uninfected1,

VS Dev's reply -
VoodooAi relies on A LOT more than just the digital signature. Sometimes signing the file makes a big difference with Ai, sometimes it does not... it all depends on the other 40 or so features, and what their values are. Either way, developers should always sign their files because this is a factor in all malware engines.

If you look at UWT website, they clearly state: NOTE: Some security software may report it as being suspect. This is because the tweaker changes Windows system setting. Rest assured that it is a false-positive. You will have to add it to your exceptions list and allow it, if you trust us.

Ultimate Windows Tweaker 4 for Windows 10

In all fairness, I would suggest that in this case, VoodooAi rendered the correct verdict... even the developer is aware that this particular file "looks" like malware to av engines. Not to mention the fact that the files is not signed. I signed the file and analyzed it again with VoodooAi, and the result was 0.7196... so no matter how you slice it, this file just looks like malware. I would be disappointed in VoodooAi if it called it safe.

I am by no means suggesting that VoodooAi is absolutely perfect... if it were, there would be no reason to have the blacklist, or the VoodooShield application whitelisting component. For effective protection, you really need all three. Simply having a lock without any kind of file insight is pointless for the vast majority of users. The blacklist scan takes care of the known malware, and VoodooAi takes care of the unknown and zero days.

Also, keep in mind, VoodooAi is not quite as accurate with all of the lesser known utilities that computer enthusiast use, simply because they are not as well developed as some of the larger developers, like Microsoft, Adobe, Mozilla, etc. Then again, the vast majority of users do not use these files nearly as much as the products from the larger companies.

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program. Most malware (something like 99%) are super small in size, because they essentially have only one purpose, so they are less complex and functional than safe programs.

This is just the way Ai works (and always will), and why it is so effective at stopping unknown and zero days... but also why it needs to be combined with a blacklist scanner just to be sure.

FixWin for Windows 10 tested safe with VoodooAi... probably because it is further along in development than an older version of FixWin.

Anyway, I just wanted to give you guys a little better understanding of how VoodooAi works. If you have any questions, please let me know!
 

ElectricSheep

Level 12
Verified
uninfected1,

VS Dev's reply -
VoodooAi relies on A LOT more than just the digital signature. Sometimes signing the file makes a big difference with Ai, sometimes it does not... it all depends on the other 40 or so features, and what their values are. Either way, developers should always sign their files because this is a factor in all malware engines.

If you look at UWT website, they clearly state: NOTE: Some security software may report it as being suspect. This is because the tweaker changes Windows system setting. Rest assured that it is a false-positive. You will have to add it to your exceptions list and allow it, if you trust us.

Ultimate Windows Tweaker 4 for Windows 10

In all fairness, I would suggest that in this case, VoodooAi rendered the correct verdict... even the developer is aware that this particular file "looks" like malware to av engines. Not to mention the fact that the files is not signed. I signed the file and analyzed it again with VoodooAi, and the result was 0.7196... so no matter how you slice it, this file just looks like malware. I would be disappointed in VoodooAi if it called it safe.

I am by no means suggesting that VoodooAi is absolutely perfect... if it were, there would be no reason to have the blacklist, or the VoodooShield application whitelisting component. For effective protection, you really need all three. Simply having a lock without any kind of file insight is pointless for the vast majority of users. The blacklist scan takes care of the known malware, and VoodooAi takes care of the unknown and zero days.

Also, keep in mind, VoodooAi is not quite as accurate with all of the lesser known utilities that computer enthusiast use, simply because they are not as well developed as some of the larger developers, like Microsoft, Adobe, Mozilla, etc. Then again, the vast majority of users do not use these files nearly as much as the products from the larger companies.

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program. Most malware (something like 99%) are super small in size, because they essentially have only one purpose, so they are less complex and functional than safe programs.

This is just the way Ai works (and always will), and why it is so effective at stopping unknown and zero days... but also why it needs to be combined with a blacklist scanner just to be sure.

FixWin for Windows 10 tested safe with VoodooAi... probably because it is further along in development than an older version of FixWin.

Anyway, I just wanted to give you guys a little better understanding of how VoodooAi works. If you have any questions, please let me know!
Very informative!:D I just learned something new there as I'm no coder or anything like that! Thanks for the post:cool:
 

uninfected1

Level 10
Verified
uninfected1,

Here is a great example. If I develop a simple app that is essentially one line of code, and all it does as display a message box, VoodooAi will probably think that it resembles malware much closer than it resembles a well developed, useful application, that has many functions and many lines of code... simply because it does resemble malware more than it does a safe program.
Thanks a lot for looking into this. What you say is correct. This is exactly the kind of program VS flags up as a threat, simple apps often developed by forum members. One such example is one I regularly use to manage restore points, QRM Plus Manager, developed by a member of The Windows Club. Another example from Bleeping Computer, SecurityCheck, neither of them signed. I have allowed both as I am sufficiently satisfied they are not a threat.

PS - I'm using the free version of VS so lack the configurability you have with paid version.
 
Top