VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm just giving the developer feedback. I'm trying to help insure the best product possible. I wanted to know what the other users thought.

    Edited: 3/28 @1:38
     
    Last edited: Mar 28, 2015
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Here is the latest version, I added most of the things that you guys recommended, but there are a couple that we should discuss first. I am running late to an emergency onsite job, but I will catch up a little later. Thank you!

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.31l beta.exe

    BTW, I changed the way that VS allows something when the user clicks the Allow button on the user prompt. Before, it would not save the new whitelist entry if there was already one there with the same path. So now VS checks the path and the hash, and if the entry does not exist, then it adds it. I think it is right, but if not, please let me know! Like, if VS has a hard time allowing something, or if VS allows too much.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just reinstalled build 2.31k. I need to use this build for a little longer before upgrading to see if NOD 32 still crashes. Build 2.31k fixed the bug I reported in 2.31j where VS was unable to add child processes to the whitelist in training mode. I think that resolved most of the problems I was having. I just happened to have several applications that spawned child processes that I use often. I was forced to use training mode because my applications would crash if I tried to allow them by the VS prompt. It's like the applications were expecting the child process to run, and when the child process did not run right away due to being blocked by VS the applications would crash. Now that I can add the child process again to the whitelist using training mode it should be much smoother sailing.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Hiding the Desktop Shield Gadget, and then showing it again causes the progress bar to run. The progress bar continues to run, and will not stop until the user opens and closes the GUI. I have seen this behavior in prior builds.

    Edited: 3/28 @2:07: It does not always happen. It happens randomly. There are other things that triggers the Desktop Shield Gadget progress bar to run without stopping, but I don't remember what else triggers it at the moment. I always just open, and close the GUI to make it stop running.
     
    Last edited: Mar 28, 2015
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    k or l version?

    Thanks,

    TH
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  8. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Dan,
    Running 2.31l beta and I have re-enabled the anti exploit as VS doesn't complain anymore when my browsers initiate my .pdf reader. Great - thank you.
    I still have to have the command line in for my CDROM drive to work, but I can live with that.
    This new beta seems to be running very nicely.

    Thanks and Regards
    Gordon
     
  9. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    I'm still getting weird alerts with numbers in Chrome.
    Dan, have you traced possible cause of this behavior?
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I decided to run a HMP scan, and since it was an old version v2.33 it need to be updated. So, I got flashimg VS warning because I knew it was blocking the running of the update for HMP. I allowed it... but it didn't update, and just proceeded to scan with the old HMP v2.33... Presently, the HMP scan is still running
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    During this scan my which has just completed a short time ago, my system became very sluggish. VS began using much more CPU.... To get a more responsive system, so I could post in this thread, I have for the moment disabled VS.

    ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_04 .gif ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_05 .gif ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_08.gif
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    re: 2.31j
    Having problem with the Alert dialog for Chrome....the string keeps changing....so, I tried to add a Command Line with wildcard...there's no free line...?
    c:\program files (x86)\norton internet security\engine\21.7.0.11\conathst.exe --parent-window=0 chrome-extension://mkfokfffehpeedafpekjeddnmnjhmcmk/ \\.\pipe\chrome.nativemessaging.in.160f7ac22e1e4c75 \\.\pipe\chrome.nativemessaging.out.160f7ac22e1e4c75

    Chrome 2.JPG Chrome.JPG Chrome 3.JPG
    So I tried VS Training. Chrome opens w no Alert. But, VS Snapshot does not appear to be satisfied by Training. Since, setting VS back to Smart prompts the same VS Alert. Do I need a Command Line / with Wildcard.
    Auto allow from Program Files and or Auto allow by Parent check'd still prompts VS Alert
    Update ~ same with 2.31l ~ How may I add a Command Line string with Wildcard
     
    Last edited: Mar 29, 2015
  13. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    After a reboot, I relaunched HMP, and it has updated to build 240, and appears to be running OK...
    ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_09.gif ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_12.gif
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Oops...system went sluggish all of a sudden, but I managed to get the screenshot showing VS suddenly using excessive CPU...

    ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_13.gif
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    It was only short term, the spike in CPU for VS...HMP scan just finished, as I am posting this.

    ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_14.gif ScreenShot_HMP_v3.7.9 Build 240_auto update from build 233_15.gif
     
  16. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Tarnak,
    I'm running the latest VS beta 2.31l and yesterday I updated HMP too to build 240 and VS blocked the update - so I allowed it, then closed HMP and updated again and it all went fine.
    I've just done a full scan with HMP, and VS CPU stayed at 0%, HMP 1%, system idle 99%. (I'm on Win 7 - I believe you have XP.)
    The only interesting thing from here was HMP uploaded both Voodooshield exe's for analysis - both passed of course.

    Regards
    Gordon
     
  17. alphonso

    alphonso Registered Member

    Joined:
    Mar 22, 2015
    Posts:
    15
    will it be alright running MBAEfree alongside the VS with anti exploit protection on? will it conflict?
     
  18. Piter

    Piter Registered Member

    Joined:
    Oct 9, 2014
    Posts:
    36
    Hi Dan,
    The problem with bulgarian Windows language is fixed.

    Thanks!
     
  19. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    I'm running MBAE Premium with the latest VS beta without conflict on Win 7 x64. When you download and install MBAE make sure you disable VS. Then enable VS.
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I rebooted in Shadow Mode with Shadow Defender 1.4.0.578, and VS 2.31k switched from Always On Mode to Training Mode at boot. I'm positive I was in Always On Mode before enabling Shadow Mode. I think there is a conflict with VS, and Shadow Defender. I have experienced other behavior like most of Program Files applications being blocked after rebooting in Shadow Mode, but that could have been just a coincidence. Dan I think you should use VS with Shadow Defender a few days to see if you run into any issues if it's not too big of an inconvenience. Who knows, you may get hooked on Shadow Defender like many of use have. It's an amazing application! It virtualizes track 0, the mbr, and the hidden boot partition. That's pretty amazing for light virtualization. I use it like many use a full VM to do malware testing out of convenience, and to test VM aware malware that stays dormant when detecting a VM.
     
  21. hjlbx

    hjlbx Guest

    I use Shadow Defender regularly and experience quirky settings changes now-and-then. For example, browser settings will change to default.

    There's no conflict... and you haven't lost your mind either - it's just caused by the virtualization.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I don't ever have any issues with my browser settings changing. Do you use exclusions with SD? I have read post of users having those type of problems several years ago. Many of them later figured out it was caused by exclusions they made in SD. What build of SD are you using? I recently had some very serious problems with VS, and Dan could not reproduce them. VS was blocking almost everything from launching in the program files folders even though I had automatically allow all software from Program Files Folders checked. It got to where I would attempt to launch an application from the program Files Folders, and VS would not prompt me about it until 2 minutes later. I hate that I can't pin point, or reproduce the problem. I have a theory that it could have been caused by a conflict between VS and SD. It's just a shot in the dark though.

    Edited: 3/29 @ 7:46
    Edited again: 3/29 @ 7:50 Sorry!
     
    Last edited: Mar 29, 2015
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm getting ready to upgrade to the latest build unless Dan is getting ready to release another build. That's when all the problem actually started was after upgrading. I just shut down VS, and installed on build over the other to upgrade. I usually just roll my machine back to a time before ever install VS since I do so much testing.
     
  24. hjlbx

    hjlbx Guest

    Hello Cutting_Edgetech,

    Build 1.4.0.578
    I do not use any exclusions or commits while using SD.
    Your issue sounds similar to one experienced with WinPatrol (32 bit) on x64 systems... alerts were delayed or did not appear, thereby blocking actions.
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I installed build 2.31l over 2.31k. The upgrade went smooth. I like how the extra left column was removed from the whitelist, user log, and command lines. It made the GUI look much better. It made better use of the space.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.