- May 29, 2018
- 2,728
@danb have you removed nag screen from free version of voodooshield? Last time i tried it i did not get it at all, if so why?
- Status
Hello Danb ,sorry for the mixup ,I have the free version .Thks for the help .
- May 31, 2017
- 1,742
Well, the Friday nag screen did not increase sales on Friday, and actually sales on Friday are much lower than every other day of the week, hehehe. It was just upsetting people, so I removed it. The prompt that you see when you click on VoodooShield Settings pretty much has to stay because it lets the user know why the settings are greyed out.
We are doing several other giveaways, but we can do a quick 2-3 day giveaway on MT where everyone who posts to the thread gets a 2 year VS Pro license. If you guys want to do this, just let @Exterminator know, I think he is the one who still organizes the giveaways, right?
That makes sense... hopefully we can do a giveaway soon and everyone will have a license again.
Last edited:
- Dec 23, 2014
- 8,604
@danb
I tried to fool VS by running the file which looks like non-executable (via shortcut with innocent command-line). The VS did a good job of blocking it.
But, I am not sure if the user would not be fooled by the information in the VS alert about the file ping .png. Although VS properly recognized it as executable, the user can only see that it is a picture (it is recognized as a picture in Explorer). Maybe adding some information about spoofing the EXE file extension would help.
I tried to fool VS by running the file which looks like non-executable (via shortcut with innocent command-line). The VS did a good job of blocking it.
But, I am not sure if the user would not be fooled by the information in the VS alert about the file ping .png. Although VS properly recognized it as executable, the user can only see that it is a picture (it is recognized as a picture in Explorer). Maybe adding some information about spoofing the EXE file extension would help.
Last edited:
- Dec 23, 2014
- 8,604
Maybe there is no need to change the info from the previous post. Using the space before dot somehow bypassed the command-line checking. Running the file "ping .png" is not blocked by command-line alert like in the case of "ping.png":
So you can simply include this trick in your command-line blocking.
So you can simply include this trick in your command-line blocking.
- May 31, 2017
- 1,742
Thank you Andy! VS actually uses a string metric known as Levenshtein Distance to compare command lines. So I am guessing that after you manually allowed the first command line, VS auto allowed the modified command line because the Levenshtein Distance was within spec.
Levenshtein distance - Wikipedia
Having said that, you bring up a great point. We already have an amazing method for detecting hidden extensions, and that would be another great file insight metric to add to VS's main user prompt. On the first block you posted, if you click the Details button and scroll down to the bottom, the hidden extension attribute should be listed properly. The only question is... what all of the file insights should we predominantly show on the initial user prompt? We want to keep everything as simple as possible, but also give the end user enough file insight to make an informed decision.
Either way, it is something to think about. Thanks again for your help!
- Dec 23, 2014
- 8,604
@danb
You're welcome.
For the ping .png VS displayed the alert: "VoodooShield Blocked an Unknown File!"
For the ping.png VS displayed the alert: "VoodooShield Blocked a Commandline!"
No info about a hidden extension. The command-line executes the file "ping .png" with a real extension (.png).
You're welcome.
For the ping .png VS displayed the alert: "VoodooShield Blocked an Unknown File!"
For the ping.png VS displayed the alert: "VoodooShield Blocked a Commandline!"
No info about a hidden extension. The command-line executes the file "ping .png" with a real extension (.png).
- Dec 23, 2014
- 8,604
If I use one of the NirSoft tools as a ping .png, then it looks in Sysinternals Process Explorer as follows:
Last edited:
- May 31, 2017
- 1,742
@Andy Ful, please email me the PoC so we can be on the same page, in the same way I privately emailed you for the 2 PoC's that I found for you. I do not have time for a silly guessing game. I am still guessing that you forgot to delete the command line you initially whitelisted, and that is why the results are not as you expected. But once we are on the same page, it will make sense... it always does. As I always say... BOTH parties MUST run the (same) test / PoC in order to hold an intelligent conversation about a certain issue. Thanks again!
Last edited:
- Feb 7, 2014
- 1,540
I'm glad you made that remark about getting on the same page regarding issues surrounding V.S but what you're asking of him is just, but what about the issues i ask you about where V.S blocks internet download manager when where a download has completed with I.D.M and i proceed to open download folders with i.d.m v.s blocks it, you never fixed or replied to me about it. Next v.s also blocks windows defender related stuff and windows related stuff which is important to the operating system i find this crippling for new people and time consuming for advance users.
IT just isn't right and I love this software.
IT just isn't right and I love this software.
Attachments
- Feb 7, 2014
- 1,540
Now before any person ask, If I let v.s run in autopilot mode for months yes I also try making it learn things it just refuse to leave windows defender platform updates alone, sometimes they install, sometimes after 2 months i get a random block of windows stuff, can it plz leave the essential stuff belonging to windows alone, that's all I ask.
Last edited:
- Dec 23, 2014
- 8,604
@danb,
It is not a big deal for VoodooShield, because only the command-line checking is bypassed, and the executable is still blocked. Only an inexperienced user can be fooled by allowing the alert. So, there is a trick:
If you will use the full path to ping .PNG (like c:\z\ping. png) then this will be blocked correctly as a command-line.
If I use ping .txt instead of ping .png, then it is also blocked as command-line.
It seems that the extension .png is somewhat special because I tried several extensions (.txt, .abc, .jpg, etc.) and all were blocked by command-line.
I did not whitelist anything:
It is not a big deal for VoodooShield, because only the command-line checking is bypassed, and the executable is still blocked. Only an inexperienced user can be fooled by allowing the alert. So, there is a trick:
- Create the shortcut and use the command-line below (remember about the space before the dot):
cmd /c "ping .PNG" - Remove the default folder path (C:\Windows\system32).
- Rename the EXE file to ping .PNG
- Put the shortcut and the ping .PNG into the same folder and run the shortcut.
If you will use the full path to ping .PNG (like c:\z\ping. png) then this will be blocked correctly as a command-line.
If I use ping .txt instead of ping .png, then it is also blocked as command-line.
It seems that the extension .png is somewhat special because I tried several extensions (.txt, .abc, .jpg, etc.) and all were blocked by command-line.
I did not whitelist anything:
Last edited:
- May 31, 2017
- 1,742
How did you contact me about IDM? Please let me know so I can see where that issue stands.
In default settings, VS should not block anything related to Windows or Windows Updates. I run VS with default settings on 3 different Windows 10 computers and monitor the blocks very closely and have not experienced this issue for a very a long time. If you are having an odd Windows block, it is probably due to a custom setting, such as Custom Folders configuration, or a rule, or some odd combination. Since there are millions + of possible combinations for settings, it is not possible for me to test them all.
- Feb 7, 2014
- 1,540
- May 31, 2017
- 1,742
Well, I tried all 3 ways (full path, with space (in same folder), without space (in same folder)) and I got 3 command line blocks, so it seems to be working correctly for me. Here are the files I used to test (the full path one is the same as the one with the space... I just moved it to the C drive).@danb,
It is not a big deal for VoodooShield, because only the command-line checking is bypassed, and the executable is still blocked. Only an inexperienced user can be fooled by allowing the alert. So, there is a trick:
If you will use the full path to ping .PNG (like c:\z\ping. png) then this will be blocked correctly as a command-line.
- Create the shortcut and use the command-line below (remember about the space before the dot):
cmd /c "ping .PNG"- Rename the EXE file to ping .PNG
- Put the shortcut and the ping .PNG into the same folder and run the shortcut.
If I use ping .txt instead of ping .png, then it is also blocked as command-line.
It seems that the extension .png is somewhat special because I tried several extensions (.txt, .abc, .jpg, etc.) and all were blocked by command-line.
AndyPoC.zip
drive.google.com
If you can find an error in the files I uploaded then it will probably all make sense. Otherwise, it is probably something that you are not getting quite right when testing VS.
Long story short, I bet you are not deleting the initial command line you manually allowed, or some other error like that.
Attachments
Last edited:
- Feb 7, 2014
- 1,540
My pc is all natural no additives or preservatives so forget about custom stuff, it's natural. Next different people go through different experiences so because you didn't came across it doesn't mean it don't exist, reporting it to you is a sure form of existence, don't it? So plz look into it, I also sent you proof.
Last edited:
- May 31, 2017
- 1,742
Oh, I remember now, thank you. In our conversation, I said "If you are not running the 5.64 beta, please let me know how it does with IDM... there is a chance that it is fixed in this version."
If our conversation did not continue beyond that, then I assumed the issue was fixed. These download managers are difficult to get just right (and truly secure at the same time)... for a lot of reasons.
Do you run VS with any setting that is not default?
If our conversation did not continue beyond that, then I assumed the issue was fixed. These download managers are difficult to get just right (and truly secure at the same time)... for a lot of reasons.
Do you run VS with any setting that is not default?
- Feb 7, 2014
- 1,540
I ran it in autopilot first for 3 months then always on. Next i have long updated since and still get random blocks and no the conversation didn't end there, that was the beginning.
- May 31, 2017
- 1,742
I will have to look at the entire conversation to know for sure. But just keep in mind that if an app runs executables from AppData (or some other favorite malware hiding spot), and has a barrage of random command lines, is not signed, and has 20 other attributes that are indistinguishable from malware, then that app is simply not going to work with VS without blocks, and the reason why is because there is no possible way to get it to work safely with VS, without creating a vulnerability in VS. Download managers are the only "legitimate" apps that I have seen pull stuff like this. If it is possible for me to get them to work with VS, then I bend over backwards trying to do so, unless it means we have to create a vulnerability to get it to work.
Have you tried to create a rule?
- Feb 7, 2014
- 1,540
Yes i have for i.d.m other wise it gets block, but for starters you have to understand that people have programs they bought with there hard earned money that must work as should or the product that's cause the disturbance must go seniority rules when it comes to my pc so the product that's misbehaving will most likely go, and that is the correct order of troubleshooting.
If for yrs i have programs that I use don't bring errors or conflicts buy a new soft and it's causing a lot of problems for others common sense will dictate that the last 1 in should be the first 1 out if no salvation is met.
Last edited:
- Status
Similar threads
- Question
