Question What good is Voodoo shield?

Please provide comments and solutions that are helpful to the author of this topic.

cartaphilus

cartaphilus

Level 5
Thread author
Mar 17, 2023
202
Now, this is a loaded question since I've been using VS since 2018 and have been the 3 year lifetime user on multiple of my systems so I know what it does or I kind of do.

The question is: "what good is a voodoo shield to an informed user who " knows better""? Reading the "how I got infected" thread and how robo got infected with a password stealer made me realize that I would have most likely fallen to the same fate. Mainly because "I know better, I did the regular scans and tests and it came out benign so any VS pop up must be a FP" .

I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
 
  • Like
Reactions: oldschool, vtqhtr413 and simmerskool
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
cartaphilus said:
Now, this is a loaded question since I've been using VS since 2018 and have been the 3 year lifetime user on multiple of my systems so I know what it does or I kind of do.

The question is: "what good is a voodoo shield to an informed user who " knows better""? Reading the "how I got infected" thread and how robo got infected with a password stealer made me realize that I would have most likely fallen to the same fate. Mainly because "I know better, I did the regular scans and tests and it came out benign so any VS pop up must be a FP" .

I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
Click to expand...
I did read Robo's thread at the time but I forget... was he running VS nka CyberLock when he got infected. Not sure how I had VS configured but I never got many VS popups, when I did I looked closely, if popup was due to unsigned file, that I knew was good, I disregarded;, otherwise, I took it seriously and dug deep enough to make an informed decision. I've been using VS since 2012.
 
  • Like
  • Thanks
Reactions: Cats-4_Owners-2, cartaphilus, plat and 1 other person
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I have it set on AutoPilot/Aggressive and get popups mainly for very new software, incl. updates on Windows (much more so while in the Insiders program). Advanced settings deal with inbound/outbound rules for various items like CTF Loader. Haven't gotten into those as I use FirewallHardening. But I think if I didn't, this would have very useful potential for additional protection if one is risky.

I don't download/install very much so there isn't much for CL to kvetch about. In fact, it hardly ever reacts nowadays. Nice to know it's there, though.
 
  • Like
  • Applause
Reactions: Cats-4_Owners-2, simmerskool, vtqhtr413 and 1 other person
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,114
cartaphilus said:
I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
Click to expand...
You might try Autopilot @ Aggressive mode and disable all notifications and prompts to avoid notification fatigue. Or you might try "Moderate" mode. 🤔
 
  • Like
Reactions: Tiny, cartaphilus, Dave Russo and 2 others
codswollip

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
If you have good internet surfing practices, and ignore unexpected emails, your default WD protection is more than enough (and should that fail, I'll reimage from the latest daily image).

OTOH, if you like to see protection notifications, and tweak false positives, give it a go (Dan's a stand-up guy). I used VS on and off over five years and found it a distraction without benefit for my use. That said VS is no worse than other "security" applications appearing dramatic videos where apps are presented a deluge of carefully curated malware.baddies.
 
Last edited:
  • Like
Reactions: plat, Dave Russo, Jonny Quest and 2 others
F

ForgottenSeer 100397

@cartaphilus

You can expect a similar experience with all default-deny security. Configuring VoodooShield or any default-deny security for minimum alerts can reduce protection. Default-deny security's core purpose is to alert you about the actions performed by programs.

Install programs with no web apps open for fewer or zero VoodooShield alerts.
 
  • Like
Reactions: plat, cartaphilus and Dave Russo

Similar threads

Xeno1234
    • Like
    • Wow
Question Is Kaspersky good at Detecting Rootkits?
Replies
6
Views
1,102
Kaspersky
Jengo
Jengo
Virus1x
    • Like
Advice Request Voodoo Shield Bizzare Behavior
Replies
10
Views
1,457
VoodooShield
blueblackwow65
B
C
    • Like
  • Question
Question How to judge a file is safe or not in Virustotal?
Replies
28
Views
1,169
General Security Discussions
Practical Response
Practical Response

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top