Deprecated VoodooShield releases (Older versions)

Status
Not open for further replies.

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,884
Hopefully the pissing match is over as I like both of these guys and both of their softs.
I second that mate!
VS + Configure Defender and Firewall Hardening is what I am rocking since some time and they play really well together (y)
So @Andy Ful and @danb please shake hands guys as we all play in the same team and share the same principles.
Stay safe and have a nice weekend! :emoji_beer:
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
I second that mate!
VS + Configure Defender and Firewall Hardening is what I am rocking since some time and they play really well together (y)
So @Andy Ful and @danb please shake hands guys as we all play in the same team and share the same principles.
Stay safe and have a nice weekend! :emoji_beer:
It is a very good setup.
This config would be good even without ConfigureDefender settings, especially for MT members. You can learn much from VS alerts and VS Pro will probably cover most of WD advanced settings except maybe Network Protection. Also, the number of false positives will be slightly smaller.
The ConfigureDefender settings are useful, when you use VS protection only for "out of the blue" events or unsafe applications, and usually bypass the VS alerts (via Allow button) while running your trusted applications.
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,710
@Dan VS is still blocking svchost.exe and WD updates prior to scan in my latest test:

Code:
[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe
[07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
[07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |

Edit: Tested with same result on W10 1909 & 2004.
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
It is a very good setup.
This config would be good even without ConfigureDefender settings, especially for MT members. You can learn much from VS alerts and VS Pro will probably cover most of WD advanced settings except maybe Network Protection. Also, the number of false positives will be slightly smaller.
The ConfigureDefender settings are useful, when you use VS protection only for "out of the blue" events or unsafe applications, and usually bypass the VS alerts (via Allow button) while running your trusted applications.
So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...

Bypass.PNG


Andy, EVERYONE (except maybe a small handful of people), including me, would be highly appreciative if you refrain from keeping the conversation going. Please show everyone that you are a good hedgehog and that you do not "keep negative emotions too long".

Andy.PNG


@JT, you might be right that "Microsoft has no intention of getting rid of AppLocker, which completely incorporates the older SRP", but I do not believe you are... I have not checked because that does not change the fact that SRP runs in user-mode, and honestly I could care less. Then again, if one somehow believes they are immune to enterprise attacks then it is a non-issue either way.

JT.PNG


Maybe the answer is in the following link, but I am not going to waste time figuring it out.

 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@Dan VS is still blocking svchost.exe and WD updates prior to scan in my latest test:

Code:
[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe
[07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
[07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
Hey OS, sorry, I have been busy working on some other stuff and have not had a chance to see what I need to do to fix this issue. As we discussed, the block is caused by the link you provided below, and hopefully I will have a chance to look at it this weekend.


For the other users, as long as you do not use the link above, VS should not block Windows Defender updates.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...

View attachment 244100

Andy, EVERYONE (except maybe a small handful of people), including me, would be highly appreciative if you refrain from keeping the conversation going. Please show everyone that you are a good hedgehog and that you do not "keep negative emotions too long".

View attachment 244101

@JT, you might be right that "Microsoft has no intention of getting rid of AppLocker, which completely incorporates the older SRP", but I do not believe you are... I have not checked because that does not change the fact that SRP runs in user-mode, and honestly I could care less. Then again, if one somehow believes they are immune to enterprise attacks then it is a non-issue either way.

View attachment 244102

Maybe the answer is in the following link, but I am not going to waste time figuring it out.

No comment. I appreciate that you read Hard_Configurator thread. :)(y)
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
No comment. I appreciate that you read Hard_Configurator thread. :)(y)
In all fairness, you did post a link to your thread on the VS thread, but yeah, I try to read as many threads as I can and help out when I have time and there is an issue that I happen to be familiar with.

Either way, thank you, and I genuinely appreciate and admire that you at least acknowledge this is a limitation of SRP instead of blaming the user for not tailoring their product correctly.

Have a great weekend, let’s catch up in 2-4 years, deal?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
@danb,
I think that you can ask the moderator to delete all posts related to my test and to our discussion. The test results are not important to VS development and other posts only bloat this thread. (y)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
...
Either way, thank you, and I genuinely appreciate and admire that you at least acknowledge this is a limitation of SRP instead of blaming the user for not tailoring their product correctly.

Have a great weekend, let’s catch up in 2-4 years, deal?
No problem. You should probably read more posts from the H_C thread (old post about legacy SRP):
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-804884
But, it does not hurt to recall this from time to time.

Anyway, it is an interesting question, which software will survive longer in current hard time - 3rd party small business product or legacy SRP? For MT members it will not be a problem - they simply choose another application. I wish we both will catch up on our threads in 2-4 years. :unsure:
 
Last edited:
  • Like
Reactions: Protomartyr

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb,
I think that you can ask the moderator to delete all posts related to my test and to our discussion. The test results are not important to VS development and other posts only bloat this thread. (y)
If it is okay, I would STRONGLY prefer to leave the conversation just as it is.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Anyway, it is an interesting question, which software will survive longer in current hard time - 3rd party small business product or legacy SRP? For MT members it will not be a problem - they simply choose another application. I wish we both will catch up on our threads in 2-4 years. :unsure:
We certainly will see, I am guessing sooner than later ;).
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
@danb,
Why are you interested to keep alive the SRP topics in the VS thread? Is it important for the VS development? There are some other threads where you can post, too.:unsure:
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb,
Why are you interested to keep alive the SRP topics in the VS thread? Is it important for the VS development? There are some other threads where you can post, too.:unsure:
This will be my last post on this subject.

The main reason is because I took the time to explain a few elements and components of the inner workings of VS, which I rarely do. There is a lot of great info in the posts, and I do not want to spend the time writing the posts if they are just going to be erased.

That, and a lot of times when threads are edited, it is almost impossible to see what really happened. Have a great weekend!
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
This will be my last post on this subject.

The main reason is because I took the time to explain a few elements and components of the inner workings of VS, which I rarely do. There is a lot of great info in the posts, and I do not want to spend the time writing the posts if they are just going to be erased.

That, and a lot of times when threads are edited, it is almost impossible to see what really happened. Have a great weekend!
Thanks. It will be an interesting weekend in Poland due to the presidential election.(y):)
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Thanks. It will be an interesting weekend in Poland due to the presidential election.(y):)
Hopefully Poland has better politicians than the USA, they are terrible here... all of them ;).

BTW, I downloaded SWH and it is super cool! And actually, a SWH + VS would be an amazing super lightweight "bulletproof" combo that would make a heck of a lot of sense to a lot of people. I won't go into details why I think it is a great combo because I think most MT users will understand why it is. For now I just tested SWH on a VM, but I am thinking of combining it with VS on my actual computers. If this combo happens to become popular on MT, just remember I get the credit for thinking of the combo, hehehe ;).

Also, you probably already know this minor bug, but the VM I tested SWH on was Windows 8.1, and it worked but displayed a message that SWH only worked on Windows 10.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
...
Also, you probably already know this minor bug, but the VM I tested SWH on was Windows 8.1, and it worked but displayed a message that SWH only worked on Windows 10.
SWH should work well with VS. If you will notice any problem, then I can work on compatibility with VS.
SWH should work well on Windows 8+, but I have to rethink if this is a good idea. (y)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top