Q&A Will VoodooShield work offline?

Discussion in 'VoodooShield' started by BearHug, Jun 12, 2017.

  1. BearHug

    BearHug Level 3

    Jun 9, 2017
    128
    386
    Student
    Mumbai
    Windows 10
    Avast
    #1 BearHug, Jun 12, 2017
    Last edited by a moderator: Jun 12, 2017
    I'm thinking of using Voodooshield but I want to know that will it work offline mean when I'm not connected to internet?

    @danb
     
  2. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    1. Default blocking of all files/command lines including exploit attempts (lockdown based on settings): online + offline
    2. VoodooAI threat score: online only
    3. Blacklist scan (multi-engine): online only
    4. Sandbox (local): online + offline
    5. Sandbox (Cuckoo): online only
    Basically, default denying of executed files is ON for both network conditions, further dependent on your mode: Autopilot, Always ON, Smart Mode.
     
  3. floalma

    floalma Level 2

    Apr 5, 2015
    77
    84
    Windows 10
    Could you please compare the Smart Mode with Always ON Mode ?
    What's the main differences ?
     
    Deletedmessiah and BearHug like this.
  4. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    Let the Guide be of some worth -
    Understand from the extract above - how and when it updates its whitelist and acts. ON/OFF has much to do with building & using the whitelist of files encountered.
    One thing I'll add is that in Smart Mode too, if you have no web apps open (hence VDS is OFF with a Red Icon), alerting & blocking of new executed files does occur by design!
    Only in Disable/Install mode does it not alert about anything (and no updating of whitelist is done).
    All that you will fully understand by experimenting a bit with the modes.
     
    Deletedmessiah, BearHug and floalma like this.
  5. floalma

    floalma Level 2

    Apr 5, 2015
    77
    84
    Windows 10
    @Parsh
    You said: "One thing I'll add is that in Smart Mode too, if you have no web apps open (hence VDS is OFF with a Red Icon), alerting & blocking of executed files does occur by design!"

    Yes; but always working with the updated whitelist.
     
  6. mekelek

    mekelek Level 21

    Feb 24, 2017
    1,012
    4,410
    Hungary
    Windows 10
    Kaspersky
    Smart Mode enables it when there is something going on(protected App is running, something is executing, etc), Always On keeps it enabled all the time.
     
    Deletedmessiah and BearHug like this.
  7. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    That's why I used the word "new" ;)
    It will use the updated whitelist during that mode; and regarding the new files, it will be alerting about/blocking them. This can be a point of confusion for some beginners as to whether it will block new files it encounters when VDS is OFF (Red Icon) or not. OFF and Disabled mode are different concepts as used.
     
    Deletedmessiah, floalma and BearHug like this.
  8. BearHug

    BearHug Level 3

    Jun 9, 2017
    128
    386
    Student
    Mumbai
    Windows 10
    Avast
    Will it show that whether it is a Virus or not?
     
  9. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    Depends on the threat score and multi-engine scan, though it does not mention a file as "virus" specifically (and that is logical for the purpose of the program).
    VDS is not built specifically to detect only viruses. It is an anti-exe solution that also provides threat score (VoodooAI) for a file + multi-engine malware scan.

    If a virus is encountered (and the malware launch location/attack vector is covered as per the settings), it will be blocked like any other file, the multi AV-engines are very likely to detect it as virus & the VoodooAI should also display a high threat score.
    In regular cases, most important sources of virus(what you call them) are covered and an intuitive alert should follow like:
    Screenshot (1014).png
    Basically, it will block virus just like any other file and show threat score, multi-engine detections that will help you to know that the file is malicious (eg. a virus).
     
  10. Online - You get alerts with blacklist scan & VAi verdict.
    Offline - You get alerts "connect to internet for cloud analysis" with options allow/block.
     
    Deletedmessiah and BearHug like this.
  11. floalma

    floalma Level 2

    Apr 5, 2015
    77
    84
    Windows 10
    The Blacklist scan with the multi-engine scan is it from Voodoo or from others well known AV ?
     
    BearHug likes this.
  12. BearHug

    BearHug Level 3

    Jun 9, 2017
    128
    386
    Student
    Mumbai
    Windows 10
    Avast
    Offline?
     
  13. #13 acemnr suvwxz, Jun 12, 2017
    Last edited by a moderator: Jun 12, 2017
    shhh;) its.. VirusTotal:oops:
     
    floalma, BearHug, Umbra and 3 others like this.
  14. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    As I mentioned in post #2, VoodooAI and Multi-engine scan (Virustotal) both need an internet connection. However, default blocking of files occurs irrespective of the network status.

    VDS is not an AV, neither it has any malware definitions. The concept is entirely different. It's for the users who want to block any files from running, by default, and also have a whitelist that gets updated as needed.
    For convenience and for getting an insight on the file's nature, VoodooAI + Multiengine results + sandbox are provided so that you can be sure whether to allow or block the file(s) or commandlines that VDS encounters on your system.
     
  15. BearHug

    BearHug Level 3

    Jun 9, 2017
    128
    386
    Student
    Mumbai
    Windows 10
    Avast
    Thanks!
     
    Parsh likes this.
Loading...
Similar Threads Forum Date
Q&A SRP vs VoodooShield General Security Discussions Today at 1:24 AM
Q&A Cycling Update VooDooShield VoodooShield Dec 31, 2017
voodooshield and malware without files VoodooShield Dec 21, 2017