- Jan 27, 2018
- 1,435
Hopefully the pissing match is over as I like both of these guys and both of their softs.
I second that mate!Hopefully the pissing match is over as I like both of these guys and both of their softs.
It is a very good setup.
[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe
[07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
[07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...It is a very good setup.
This config would be good even without ConfigureDefender settings, especially for MT members. You can learn much from VS alerts and VS Pro will probably cover most of WD advanced settings except maybe Network Protection. Also, the number of false positives will be slightly smaller.
The ConfigureDefender settings are useful, when you use VS protection only for "out of the blue" events or unsafe applications, and usually bypass the VS alerts (via Allow button) while running your trusted applications.
Hey OS, sorry, I have been busy working on some other stuff and have not had a chance to see what I need to do to fix this issue. As we discussed, the block is caused by the link you provided below, and hopefully I will have a chance to look at it this weekend.@Dan VS is still blocking svchost.exe and WD updates prior to scan in my latest test:
Code:[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe [07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" | [07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
No comment. I appreciate that you read Hard_Configurator thread.So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...
View attachment 244100
Andy, EVERYONE (except maybe a small handful of people), including me, would be highly appreciative if you refrain from keeping the conversation going. Please show everyone that you are a good hedgehog and that you do not "keep negative emotions too long".
View attachment 244101
@JT, you might be right that "Microsoft has no intention of getting rid of AppLocker, which completely incorporates the older SRP", but I do not believe you are... I have not checked because that does not change the fact that SRP runs in user-mode, and honestly I could care less. Then again, if one somehow believes they are immune to enterprise attacks then it is a non-issue either way.
View attachment 244102
Maybe the answer is in the following link, but I am not going to waste time figuring it out.
Application Control for Windows
Application Control restricts which applications users are allowed to run and the code that runs in the system core.docs.microsoft.com
In all fairness, you did post a link to your thread on the VS thread, but yeah, I try to read as many threads as I can and help out when I have time and there is an issue that I happen to be familiar with.No comment. I appreciate that you read Hard_Configurator thread.
No problem. You should probably read more posts from the H_C thread (old post about legacy SRP):...
Either way, thank you, and I genuinely appreciate and admire that you at least acknowledge this is a limitation of SRP instead of blaming the user for not tailoring their product correctly.
Have a great weekend, let’s catch up in 2-4 years, deal?
If it is okay, I would STRONGLY prefer to leave the conversation just as it is.@danb,
I think that you can ask the moderator to delete all posts related to my test and to our discussion. The test results are not important to VS development and other posts only bloat this thread.
We certainly will see, I am guessing sooner than later .Anyway, it is an interesting question, which software will survive longer in current hard time - 3rd party small business product or legacy SRP? For MT members it will not be a problem - they simply choose another application. I wish we both will catch up on our threads in 2-4 years.
No problem.If it is okay, I would STRONGLY prefer to leave the conversation just as it is.
This will be my last post on this subject.@danb,
Why are you interested to keep alive the SRP topics in the VS thread? Is it important for the VS development? There are some other threads where you can post, too.
Thanks. It will be an interesting weekend in Poland due to the presidential election.This will be my last post on this subject.
The main reason is because I took the time to explain a few elements and components of the inner workings of VS, which I rarely do. There is a lot of great info in the posts, and I do not want to spend the time writing the posts if they are just going to be erased.
That, and a lot of times when threads are edited, it is almost impossible to see what really happened. Have a great weekend!
Hopefully Poland has better politicians than the USA, they are terrible here... all of them .Thanks. It will be an interesting weekend in Poland due to the presidential election.
SWH should work well with VS. If you will notice any problem, then I can work on compatibility with VS....
Also, you probably already know this minor bug, but the VM I tested SWH on was Windows 8.1, and it worked but displayed a message that SWH only worked on Windows 10.