Deprecated VoodooShield releases (Older versions)

Status
Not open for further replies.

blueblackwow65

Level 23
Verified
Well-known
Dec 19, 2012
1,243
Hi, just to make sure, are you clicking the Save & Close button at the bottom right after making changes to settings?

If that is not the issue, please send your C:\ProgramData\VoodooShield\DeveloperLog.log to support at voodooshield.com.

Also, I am aware of the other bug you are talking about, it should be a simple fix, thank you!
Hello Danb ,sorry for the mixup ,I have the free version .Thks for the help .
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb have you removed nag screen from free version of voodooshield? Last time i tried it i did not get it at all, if so why?
Well, the Friday nag screen did not increase sales on Friday, and actually sales on Friday are much lower than every other day of the week, hehehe. It was just upsetting people, so I removed it. The prompt that you see when you click on VoodooShield Settings pretty much has to stay because it lets the user know why the settings are greyed out.

We are doing several other giveaways, but we can do a quick 2-3 day giveaway on MT where everyone who posts to the thread gets a 2 year VS Pro license. If you guys want to do this, just let @Exterminator know, I think he is the one who still organizes the giveaways, right?

Hello Danb ,sorry for the mixup ,I have the free version .Thks for the help .
That makes sense... hopefully we can do a giveaway soon and everyone will have a license again.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@danb
I tried to fool VS by running the file which looks like non-executable (via shortcut with innocent command-line). The VS did a good job of blocking it.

vs1.png


But, I am not sure if the user would not be fooled by the information in the VS alert about the file ping .png. Although VS properly recognized it as executable, the user can only see that it is a picture (it is recognized as a picture in Explorer). Maybe adding some information about spoofing the EXE file extension would help.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Maybe there is no need to change the info from the previous post. Using the space before dot somehow bypassed the command-line checking. Running the file "ping .png" is not blocked by command-line alert like in the case of "ping.png":

vs2.png


So you can simply include this trick in your command-line blocking.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Maybe there is no need to change the info from the previous post. Using the space before dot somehow bypassed the command-line checking. Running the file "ping .png" is not blocked by command-line alert like in the case of "ping.png":

View attachment 243971

So you can simply include this trick in your command-line blocking.
Thank you Andy! VS actually uses a string metric known as Levenshtein Distance to compare command lines. So I am guessing that after you manually allowed the first command line, VS auto allowed the modified command line because the Levenshtein Distance was within spec.


Having said that, you bring up a great point. We already have an amazing method for detecting hidden extensions, and that would be another great file insight metric to add to VS's main user prompt. On the first block you posted, if you click the Details button and scroll down to the bottom, the hidden extension attribute should be listed properly. The only question is... what all of the file insights should we predominantly show on the initial user prompt? We want to keep everything as simple as possible, but also give the end user enough file insight to make an informed decision.

Either way, it is something to think about. Thanks again for your help!
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@danb
You're welcome.
For the ping .png VS displayed the alert: "VoodooShield Blocked an Unknown File!"
For the ping.png VS displayed the alert: "VoodooShield Blocked a Commandline!"

vs3.png


No info about a hidden extension. The command-line executes the file "ping .png" with a real extension (.png).
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@Andy Ful, please email me the PoC so we can be on the same page, in the same way I privately emailed you for the 2 PoC's that I found for you. I do not have time for a silly guessing game. I am still guessing that you forgot to delete the command line you initially whitelisted, and that is why the results are not as you expected. But once we are on the same page, it will make sense... it always does. As I always say... BOTH parties MUST run the (same) test / PoC in order to hold an intelligent conversation about a certain issue. Thanks again!
 
Last edited:

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
I'm glad you made that remark about getting on the same page regarding issues surrounding V.S but what you're asking of him is just, but what about the issues i ask you about where V.S blocks internet download manager when where a download has completed with I.D.M and i proceed to open download folders with i.d.m v.s blocks it, you never fixed or replied to me about it. Next v.s also blocks windows defender related stuff and windows related stuff which is important to the operating system i find this crippling for new people and time consuming for advance users.
IT just isn't right and I love this software.
 

Attachments

  • 1.PNG
    1.PNG
    6.6 KB · Views: 183
  • 2.PNG
    2.PNG
    35.3 KB · Views: 204

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Now before any person ask, If I let v.s run in autopilot mode for months yes I also try making it learn things it just refuse to leave windows defender platform updates alone, sometimes they install, sometimes after 2 months i get a random block of windows stuff, can it plz leave the essential stuff belonging to windows alone, that's all I ask.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@danb,
It is not a big deal for VoodooShield, because only the command-line checking is bypassed, and the executable is still blocked. Only an inexperienced user can be fooled by allowing the alert. So, there is a trick:
  1. Create the shortcut and use the command-line below (remember about the space before the dot):
    cmd /c "ping .PNG"
  2. Remove the default folder path (C:\Windows\system32).
  3. Rename the EXE file to ping .PNG
  4. Put the shortcut and the ping .PNG into the same folder and run the shortcut.
vs10.png


If you will use the full path to ping .PNG (like c:\z\ping. png) then this will be blocked correctly as a command-line.(y)
If I use ping .txt instead of ping .png, then it is also blocked as command-line.:unsure:
It seems that the extension .png is somewhat special because I tried several extensions (.txt, .abc, .jpg, etc.) and all were blocked by command-line.
I did not whitelist anything:

vs5.png
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I'm glad you made that remark about getting on the same page regarding issues surrounding V.S but what you're asking of him is just, but what about the issues i ask you about where V.S blocks internet download manager when where a download has completed with I.D.M and i proceed to open download folders with i.d.m v.s blocks it, you never fixed or replied to me about it. Next v.s also blocks windows defender related stuff and windows related stuff which is important to the operating system i find this crippling for new people and time consuming for advance users.
IT just isn't right and I love this software.
How did you contact me about IDM? Please let me know so I can see where that issue stands.

In default settings, VS should not block anything related to Windows or Windows Updates. I run VS with default settings on 3 different Windows 10 computers and monitor the blocks very closely and have not experienced this issue for a very a long time. If you are having an odd Windows block, it is probably due to a custom setting, such as Custom Folders configuration, or a rule, or some odd combination. Since there are millions + of possible combinations for settings, it is not possible for me to test them all.
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
How did you contact me about IDM? Please let me know so I can see where that issue stands.

In default settings, VS should not block anything related to Windows or Windows Updates. I run VS with default settings on 3 different Windows 10 computers and monitor the blocks very closely and have not experienced this issue for a very a long time. If you are having an odd Windows block, it is probably due to a custom setting, such as Custom Folders configuration, or a rule, or some odd combination. Since there are millions + of possible combinations for settings, it is not possible for me to test them all.
 

Attachments

  • 1.PNG
    1.PNG
    127.9 KB · Views: 201
  • 2.PNG
    2.PNG
    87.3 KB · Views: 198

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
@danb,
It is not a big deal for VoodooShield, because only the command-line checking is bypassed, and the executable is still blocked. Only an inexperienced user can be fooled by allowing the alert. So, there is a trick:
  1. Create the shortcut and use the command-line below (remember about the space before the dot):
    cmd /c "ping .PNG"
  2. Rename the EXE file to ping .PNG
  3. Put the shortcut and the ping .PNG into the same folder and run the shortcut.
If you will use the full path to ping .PNG (like c:\z\ping. png) then this will be blocked correctly as a command-line.(y)
If I use ping .txt instead of ping .png, then it is also blocked as command-line.:unsure:
It seems that the extension .png is somewhat special because I tried several extensions (.txt, .abc, .jpg, etc.) and all were blocked by command-line.
Well, I tried all 3 ways (full path, with space (in same folder), without space (in same folder)) and I got 3 command line blocks, so it seems to be working correctly for me. Here are the files I used to test (the full path one is the same as the one with the space... I just moved it to the C drive).


If you can find an error in the files I uploaded then it will probably all make sense. Otherwise, it is probably something that you are not getting quite right when testing VS.
Long story short, I bet you are not deleting the initial command line you manually allowed, or some other error like that.
 

Attachments

  • Full path.PNG
    Full path.PNG
    16.3 KB · Views: 206
  • With Space.PNG
    With Space.PNG
    16.1 KB · Views: 177
  • Without Space.PNG
    Without Space.PNG
    16.1 KB · Views: 178
Last edited:

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
My pc is all natural no additives or preservatives so forget about custom stuff, it's natural. Next different people go through different experiences so because you didn't came across it doesn't mean it don't exist, reporting it to you is a sure form of existence, don't it? So plz look into it, I also sent you proof.
 
Last edited:
  • Like
Reactions: oldschool

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Oh, I remember now, thank you. In our conversation, I said "If you are not running the 5.64 beta, please let me know how it does with IDM... there is a chance that it is fixed in this version."

If our conversation did not continue beyond that, then I assumed the issue was fixed. These download managers are difficult to get just right (and truly secure at the same time)... for a lot of reasons.

Do you run VS with any setting that is not default?
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Oh, I remember now, thank you. In our conversation, I said "If you are not running the 5.64 beta, please let me know how it does with IDM... there is a chance that it is fixed in this version."

If our conversation did not continue beyond that, then I assumed the issue was fixed. These download managers are difficult to get just right (and truly secure at the same time)... for a lot of reasons.

Do you run VS with any setting that is not default?

I ran it in autopilot first for 3 months then always on. Next i have long updated since and still get random blocks and no the conversation didn't end there, that was the beginning.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I ran it in autopilot first for 3 months then always on. Next i have long updated since and still get random blocks and no the conversation didn't end there, that was the beginning.
I will have to look at the entire conversation to know for sure. But just keep in mind that if an app runs executables from AppData (or some other favorite malware hiding spot), and has a barrage of random command lines, is not signed, and has 20 other attributes that are indistinguishable from malware, then that app is simply not going to work with VS without blocks, and the reason why is because there is no possible way to get it to work safely with VS, without creating a vulnerability in VS. Download managers are the only "legitimate" apps that I have seen pull stuff like this. If it is possible for me to get them to work with VS, then I bend over backwards trying to do so, unless it means we have to create a vulnerability to get it to work.

Have you tried to create a rule?
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
I will have to look at the entire conversation to know for sure. But just keep in mind that if an app runs executables from AppData (or some other favorite malware hiding spot), and has a barrage of random command lines, is not signed, and has 20 other attributes that are indistinguishable from malware, then that app is simply not going to work with VS without blocks, and the reason why is because there is no possible way to get it to work safely with VS, without creating a vulnerability in VS. Download managers are the only "legitimate" apps that I have seen pull stuff like this. If it is possible for me to get them to work with VS, then I bend over backwards trying to do so, unless it means we have to create a vulnerability to get it to work.

Have you tried to create a rule?

Yes i have for i.d.m other wise it gets block, but for starters you have to understand that people have programs they bought with there hard earned money that must work as should or the product that's cause the disturbance must go seniority rules when it comes to my pc so the product that's misbehaving will most likely go, and that is the correct order of troubleshooting.
If for yrs i have programs that I use don't bring errors or conflicts buy a new soft and it's causing a lot of problems for others common sense will dictate that the last 1 in should be the first 1 out if no salvation is met.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top