VoodooShield/Cyberlock

Good to hear. Yeah, it was the new anti-exploit feature that was causing the issue... I had to do some stuff with Google Extensions. I knew there would be several issues if I added this feature, but I think it was important to add. And overall, it was a lot less painless than I imagined it would be.

Yeah, if VS is OFF in Smart Mode, we prompt the user if the non-whitelisted exe is in the user space. The whole idea being that deny by default should only be used when the computer is running a web app, and is therefor at risk.

VS toggles because in my opinion, it is every bit as important to safely allow the good stuff as it is to block the bad stuff. Not only is it a pain for the user to block too many good items, but I think it can be dangerous since they become accustomed to clicking "Allow" constantly. If you reset your whitelist and try VS in Smart Mode VS Always ON mode, you will see a HUGE difference in the good items that were blocked. Also, if VS can safely allow a lot of the good stuff automatically, why block anything that is safe? That is... why would you EVER lock a computer when it is not at risk? You can use Always ON if you want, and some people prefer Always ON, but that is why we have both options.

 

I know, I am trying to decide which path to take on the KMD. It is a very long story, but I will do everything I can do to get the KMD going asap.

 

m is working very well also!

Daniel

 

Oops... I forgot to mention Power_Shell_ISE... please add to "Do Not Whitelist."

I didn't check VS to see if it includes both the System32 and SysWOW64 paths for all interpreters.

I'm seeing malicious scripts more frequently using SysWOW64 interpreters (wscript.exe, cscript.exe, some cmd.exe, and of course, java.exe) for hidden downloads. Sneaky bastards.

Maybe on build 2.31m the cmd.exe block notice while using PeaZip is resolved; I will try again... FYI, with 2.31k it's just a notice of a block, but it does not break PeaZip.

Yeah, I agree with your point on cmd.exe when using an at-risk app...

AppGuard denies calls to cmd.exe for any files located outside of System and Program File directories, plus other restrictions placed on cmd.exe... that's a bit of a rigmarole that I'm not sure you'd want to bother with.

I second Siketa's suggestion for the ability to edit the command-line per accepted AL rules.

 

I'm the only account on this computer running as admin. (Win 7 x 64). Starting windows after the Welcome Screen I'm automatically logged in. The apps including VS launch in the taskbar within about 15 seconds. At this point I still don't have internet connection VS is red in the taskbar. I get the "VS is not able to connect" about 20 seconds later (no internet connection at this time). About 30 seconds more I'll get internet connection but since I got the "VS is not able to connect" I have to hit the OK in the "VS is not able to connect" and relaunch it in the short cut I made in the taskbar. To be safe I need 30 - 40 seconds extension from the time VS launches (looking for internet connection) in the taskbar to when my computer connections to the internet.

 

Cool, yeah, ISE is part of the feature that I added... I just combined the two. If you think I should separate them, please let me know, if possible, I would like to keep them combined. BTW, I used to have both of the Power Shell items mixed in with the cmd.exe.

Yeah system32 and syswow64 both should be good to go, but if you find something, please let me know. I know what you mean, they are getting very sneaky.

Please let me know on the zip programs. If you can get VS to block a cmd, just please let me know what steps to take to reproduce this, and it will be an easy fix.

I thought about allowing cmd for system and program files, and I will probably add that at some point.

Yeah, I can make it so the user can manually edit the Command Lines. There really should not be any reason to ever edit them manually, but I can add that at some point anyway. See, VS uses a special algorithm that compares the blocked command line to the command lines in the list in settings, and a big list of hardwired command lines. If the algorithm determines that the command lines match close enough, then it is allowed. I guess you could say it is kind of like an auto wildcard feature, and it is highly accurate. I did not write the algorithm, but I am extremely impressed how accurate it is, and I think it would be incredibly hard to spoof, compared to using standard wildcards. So basically, the command line feature is fully automatic, and the user should never have to edit any of them. As a matter of fact, editing a command line might change whether the algorithm allows something or not. But like I was saying, we can add it anyway, but I am going to wait until all of the bugs are worked out before I add any more features, but I think we are very close. Thank you!

 

Cool, thank you for letting me know. Can you please post a screenshot of the message, or email me one (support@voodooshield.com)? It sounds like this will be an easy fix once I see it.

 

https://www.wilderssecurity.com/threads/voodooshield.313706/page-261#post-2475249

 

Sorry I missed that! Can you please right click on Computer and choose Manage. Then go to the Event Viewer, then Windows Logs, then Application. There should be logs on VoodooShieldService and why it did not start. If you can post or email me those, it should tell us exactly what is wrong. I am guessing that another security software is blocking the service. What other security software do you run? Thank you!

 

I sent everything to you by email.
Running WSA Complete, Adguard, MBAE.

 

I did notice that. Keep PS and PSI combined... very few VS users even know about either one.

No actual block, just a notice of a block.

Eh... I'm kinda ambivalent about it - as typical VS user very rarely, if ever, needs/uses it. I use the console, but I'm not normal. If I need it, then I can de-blacklist it as needed. Afterall, the console is used for admin\trouble-shooting activities - far-down on the risk scale. Run a few utilities, then re-blacklist. Everything I need is there... I just asked, but its probably best left as it is.

I meant allowing wild-cards as the last line items - in those rare cases where the last CL item causes an issue: for example, \* - or - \*.tmp

Some (enough) users are going to mess VS all up with full CL edit - and needlessly flood your in-box.

Feature-wise you're almost as about as far as you can go without problems; I'd prefer only essential security and usability improvements - with a focus on refinement and polishing of the already great features that are already present.

Geeks will turn VS into an indecipherable, unmanageable mess with all their feature requests.

With the right combo of basic features that work really well... that's the best solution.

I think you're already there.

 

Sounds great, thank you. Mainly I just need the VoodooShieldService events from the Event Viewer and possibly the two .log files from the C:\ProgramData\VoodooShield. Please email me at dan@voodooshield.com. BTW, older versions of MBAE and VS did not work well together, but they do now. So you might try to update MBAE to see if that makes a difference. Also, I think CET mentioned to me that he had some kind of issue with WSA and VS, although a lot of people use this combo, and they always seem to work really well together. But maybe he can let us know if he has seen some kind of issue in the past.

 

VS 2.31m:
Although "Keep the desktop shield gadget always on top of other windows" option is unchecked, VS shield is still shown above them.
Yes, I pressed "Save & Close" button.

 

VS 2.31m Free:
I have just turned on my PC at work and got this message.
Had to reboot in order to get VS started.
Also received it with previous beta versions...

 

Suggestion:
"Hide the desktop shield gadget when another program is full screen" option should be enabled by default.
Something like "Game mode".

What do you think?

 

Hi Dan,
Installed 2.31m beta over the top and is running very smoothly.
Just one point - the button for resetting the threats detected to zero which was in utilities in version 2.31l, seems to be missing in 2.31m.

Thanks
Gordon

 

Okay...makes sense. Guess, I haven't felt the difference between Always On and Smart because I run Smart after reset then at some point opt for Always On. From that starting point. Always On prompt Alerts (with my VS settings) so, VS Always On seemed to behave the same as Smart Mode. Now, I understand ... after reset....VS Always On will keep me busy... and I erroneously envisioned Always On as the "Lock". No Alerts... just default block all not in snapshot. I envisioned Always On as snapshot "Lock". No more whitelisting when set to Always On...as, Always on = "Computer Lock" in my mind. My bad...looking for that Computer Lock...I invented a Lock based upon facts not in evidence. So, Always On = heightened state of Alert. When I opted from Smart to Always On. I imagined I was "locking" my Computer.

 

"Restore Default Settings" button is in Utility tab. That's fine.
But I see no reason for it in About tab too.
Instead you could put the button or link to your website there...makes more sense.

What do you think?

 

Personally think that it is fine as it is.

 

I will keep looking out for it, and when it arrives, it should make a difference to me, with my [problems in] XP system.

 

I was comparing it to other products...usually this option is under Settings.
About tab/window often gives info about version, web and developer.

 

trying to fine tune security apps on xp. Things got a little congested and murky so I made some changes and went back from 2.31m_beta to 2.30. Also running mbae 1.05 (not 1.06RC) and I think vs & mbae are playing well together, but I've bounced back and forth a few times between sbie 4.16 & 3.76 ... If I want sbie to work with mbae folks report gotta use 3.76 on xp, but other apps play better with sbie 4.16, etc. I think vs 2.31m was perhaps conflicting with Online Armor 7, and /or apps mentioned. got hard to tell Who's on first... I dunno. Need to figure out a few things here before I try the next vs_beta. I did get vs 2.30 to autostart correctly 2x in a row on xp. I know you know that's been a stickler.

 

Can not install MBAE with VS in Smart mode....
First I get .exe alert that I allow.
Then, VS prompts about .tmp file (see attachment).
I also allow it but then nothing happens.
This repeats each time installer is launched.

Is this ok? I know VS should be disabled to solve this but still....
F is RAM Disk.

 

VS 2.31m in Smart or Training mode.
After making few left clicks with mouse on the shield (move the tip of the pointer few pixels each time), baloon notification gets a glitch.

 

Hmmmm.....
BurnAware is whitelisted as it was installed prior to VS.
I tried to launch it to check for updates and got an alert.
Closed it on X to see what will happen.
It was blocked.

The same can be seen from Log for TuneUp Utilities executable.