Question What good is Voodoo shield?

Please provide comments and solutions that are helpful to the author of this topic.

cartaphilus

Level 5
Thread author
Verified
Well-known
Mar 17, 2023
217
Now, this is a loaded question since I've been using VS since 2018 and have been the 3 year lifetime user on multiple of my systems so I know what it does or I kind of do.

The question is: "what good is a voodoo shield to an informed user who " knows better""? Reading the "how I got infected" thread and how robo got infected with a password stealer made me realize that I would have most likely fallen to the same fate. Mainly because "I know better, I did the regular scans and tests and it came out benign so any VS pop up must be a FP" .

I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
Now, this is a loaded question since I've been using VS since 2018 and have been the 3 year lifetime user on multiple of my systems so I know what it does or I kind of do.

The question is: "what good is a voodoo shield to an informed user who " knows better""? Reading the "how I got infected" thread and how robo got infected with a password stealer made me realize that I would have most likely fallen to the same fate. Mainly because "I know better, I did the regular scans and tests and it came out benign so any VS pop up must be a FP" .

I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
I did read Robo's thread at the time but I forget... was he running VS nka CyberLock when he got infected. Not sure how I had VS configured but I never got many VS popups, when I did I looked closely, if popup was due to unsigned file, that I knew was good, I disregarded;, otherwise, I took it seriously and dug deep enough to make an informed decision. I've been using VS since 2012.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I have it set on AutoPilot/Aggressive and get popups mainly for very new software, incl. updates on Windows (much more so while in the Insiders program). Advanced settings deal with inbound/outbound rules for various items like CTF Loader. Haven't gotten into those as I use FirewallHardening. But I think if I didn't, this would have very useful potential for additional protection if one is risky.

I don't download/install very much so there isn't much for CL to kvetch about. In fact, it hardly ever reacts nowadays. Nice to know it's there, though.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,175
I have VS set to aggressive and it basically alerts on every new executable I download and execute. Thus with a feeling of "knowing better" and the fact that an executable passed my main AV and second party scanner like let say HMPro I would have most likely considered a VS alert as "yet another VS popup."

So how could I better configure VS in order to obtain maximum protection without going into " allow complacence?"
You might try Autopilot @ Aggressive mode and disable all notifications and prompts to avoid notification fatigue. Or you might try "Moderate" mode. 🤔
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
If you have good internet surfing practices, and ignore unexpected emails, your default WD protection is more than enough (and should that fail, I'll reimage from the latest daily image).

OTOH, if you like to see protection notifications, and tweak false positives, give it a go (Dan's a stand-up guy). I used VS on and off over five years and found it a distraction without benefit for my use. That said VS is no worse than other "security" applications appearing dramatic videos where apps are presented a deluge of carefully curated malware.baddies.
 
Last edited:
F

ForgottenSeer 100397

@cartaphilus

You can expect a similar experience with all default-deny security. Configuring VoodooShield or any default-deny security for minimum alerts can reduce protection. Default-deny security's core purpose is to alert you about the actions performed by programs.

Install programs with no web apps open for fewer or zero VoodooShield alerts.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top