App Review VoodooShield vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
F

ForgottenSeer 58943

Yeah Autopilot, while effective in most cases, has a weakness. Whitelisting Cloud is really really good. When VS gets it integrated it should be quite interesting. Dan's response below;

Yes, VS has a vulnerability in AutoPilot mode where if all 72 engines and VoodooAi initially returns an Undetected / Safe verdict, it will bypass VS in AutoPilot mode.

This vulnerability was first disclosed by a competitor here: mbr encrypt test short - Streamable, which is what started the wheels in my head turning for WhitelistCloud, which turned out amazing, and will be implemented into VS soon. I sincerely thank the people responsible for the streamable video, you only made VS stronger… as you have done many, many, many times in the past.

Keep in mind that it only takes minutes or hours for the Detected verdicts to appear, at which time VS will block the file. I just wish that our competitor and Juan would have explained this to everyone so they could see the “sleight of hand” they had to utilize to actually get something to bypass VS. Instead they opted for dramatic effect.

If you want to bypass VS this way, simply...

1. Create and executable that encrypts files and has a 0 / 72 detection ratio
2. Make sure you upload it to VT first though, because otherwise VS will block the file
3. Change VS to AutoPilot mode and launch the file.
4. You better hurry up and make the video though because within minutes or hours the detection ratio will no longer be 0 / 72, and VS will block it.

If that is not sleight of hand, I do not know what is.

Juan, can you please recompile the executable, then scan the file with WC, then repeat and post the test again, assuming a Safe verdict is returned from WC?

Attention everyone using VS in AutoPilot mode!!! Please do not execute targeted malware that you create and modify on your machine that initially returns an Undetected verdict for all 72 engines… because it will bypass VS. Or you could always wait a few minutes or an hour, and VS will block it
;)
.

The really funny thing is that I demonstrated a true in the wild bypass VS on AutoPilot and posted it here 4 years ago:

Which was simply to demonstrate that the computer should be locked when it is at risk.

So if you are going to create a bypass for VS, at least make it as impressive as the one I posted 4 years ago. Hehehe.
 

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
590
Interesting.....Never tried VS. I'd always planned to but never got around to it. Sounds like when combined with ConfigureDefender and Firewall Hardening it would provide pretty solid defense.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Interesting.....Never tried VS. I'd always planned to but never got around to it. Sounds like when combined with ConfigureDefender and Firewall Hardening it would provide pretty solid defense.

Very simple, secure setup. The number of VS alerts really varies widely with user, installed apps, VS configuration and other factors like installing a lot of software to trial. Autopilot set to Aggressive posture (only one available on free version) using it as above = very secure! (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top