VoodooShield/Cyberlock

Cool, thank you, I added these. I will post a new beta sometime later today, so please let me know if any of them are not working.

 

Hmmm, I tried over and over to reproduce this error, but I am not able to. I did notice that the version of Peazip that I downloaded is a little different from the one you are running... for example, the right click context menu is different. I also created a .rar file that was password protected, just like in your video, and I still could not get it to block a command line. So please try it with that file again, and if it is blocking, please let me know. For some reason, winrar blocked a command line while I was testing (c:\windows\system32\rundll32.exe dfdts.dll,dfdgetdefaultpolicyandsmart), so added this... maybe this will fix it? .

It should also tell you in the DeverloperLog.log (C:\ProgramData\VoodooShield), what CL is being blocked, so that might help if this is still an issue. Thank you!

 

Yeah, maybe we can add the blocked commandlines to the cl tab in settings, and have a right click option to allow the CL. This would take quite a bit of work, so we can probably just add something like this in the future. The blocked command lines should be listed in the DeveloperLog, so that should get us by for now. Thank you!

 

Ok, I think this is fixed, but if you see it again, please let me know. I could not reproduce this oddity because I have no idea what triggered it. And hopefully my fix did not break anything on the command lines in general... I think we are ok though .

 

Hey TH, how are you? Yeah, after this release I will have plenty of time to rest .

 

Hey Baldrick, how are you? Yeah, it really is an amazing combo! My clients ask me all the time what the best security software is, and I always tell them about TH's WSA / VS combo. I pretty much tell them that I think it is impossible for anything to slip by these two.

 

Thank you for the help Baldrick!

 

Hi Dan

AM OK...getting near the end of the weekend here so thoughts turning to the working week ahead...but other than that.

Yes, agreed...if WSA doesn't get there first then VS surely will and vice versa...even a mouse would find it difficult to get a f@*t passed these two in combination....

Regards, Baldrick

 

As always...entirely my pleasure to assist as and when possible...

Baldrick

 

ROFL, Now that's a good one Baldrick. Great combo.

 

Hehehe, how funny Baldrick!

Here is the latest version... hopefully I did not mess anything up at the last minute and hopefully I did not forget anything. But if I did, please let me know. This should include ALL of the fixes. Thank you!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.73a beta.exe

 

Thanks Dan, I just downloaded 2.73a

 

2.73a = So far so good.

Yay! The lingering Chrome issue appears to be resolved too. Chrome has been closing every time now on this machine. That was the only 'bug' I was bothered by.

Great work Dan!

 

Version 2.73a beta

Windows 8.1 x86-64 (OEM) Toshiba

OneDrive create share link - Qurik\Bug

When attempt to create a share link within the OneDrive Windows App, VS repeatedly blocks (even though it has been repeatedly allowed by user):

[06-07-2015 20:14:22] [INFO ] - Blocked: c:\windows\system32\bulkoperationhost.exe
[06-07-2015 20:14:33] [INFO ] - Blocked: c:\windows\system32\bulkoperationhost.exe
[06-07-2015 20:15:09] [INFO ] - Blocked: c:\windows\system32\bulkoperationhost.exe
[06-07-2015 20:15:25] [INFO ] - Blocked: c:\windows\system32\bulkoperationhost.exe

Best Regards,

HJLBX

 

I think it much preferable to whitelist commandlines as opposed to white-listing cmd.exe or any of the other interpreters.

Also, the ability to whitelist blocked, but legitimate\safe, commandlines will go a long way in alleviating breaks locally by the user.

To do either one requires some way for the user to look-up block events...

The Developer Log is great for the most part - however, in some instances, it only records the .exe blocked - and doesn't include the commandline.

For example, the PeaZip cmd.exe block I reported... I wanted to provide you the exact pipe but could not do so since the Dev Log only shows cmd.exe blocked with no additional details. Same with the taskhostex.exe issue - no commandline string info in DL.

Best Regards,

HJLBX

 

I am back in the snapshot. The process rundll32 loads at startup with this command line - "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

When I terminate this process, that is when it starts the excessive CPU usage problem. Probably, just needs the command line added in VS.

 

Yeah...I am reluctant to get a new setup, whilst this one keeps on ticking. Then I will have to decide whether to go Apple, or get another custom build. Hard choices!

 

Right now there is no way to manually add commandline strings to the CL white-list; it can be done only via the block notification balloon or prompt... so just don't terminate it and add it that way if possible.

Ask Dan, the developer, to add the above string to the internal VS CL database.

 

I wouldn't think of trying to do such a thing...I will wait for Dan to advise.

 

With rundll32 terminated as I mentioned above, and shutting down VS because of the CPU usage problem, I have now restarted VS and it is OK, now.

 

I have had to shut down 2.73 as it is slowing down the system. In particular typing.

I am using PagePlus X7 and entering text I have to wait for each character to be placed before I can type the next one.

I have been wondering for some time why sometimes spaces are insterted in words and maybe it was VS causing this is well.

 

Hi Dan just to let you know I still keep getting this pop-up on every boot up and click Yes every time with v2.73a as with v2.73 also on a clean install and after the first reboot it's in Smart Mode and it should be in Training Mode!

Thanks,

Daniel

 

Great to hear, thank you!

 

Cool, thank you for letting me know. Yeah, I sure this is an easy fix. BTW, do you have the "Automatically allow specific critical Windows processes" option enabled or disabled?

 

Yeah, maybe I can add the blocks to the user log, huh? I tried to reproduce the block with PeaZip, but for some reason it is not blocking it on my computer. Does this happen for every file? Like if you create a new password protected .rar file with PeaZip, then decompress it, do you get the error? Or is it just with certain files?