VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, I am not sure, I will look at that right now and let you know in a few minutes.
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Is the mail app still running after you close it? Like is it hanging?
     
  3. hjlbx

    hjlbx Guest

    @VoodooShield

    VS already has it covered: Automatically allow Windows Store App installations. Untick = Block by default... correct ?

    That's what I was saying... keep the above setting.

    I already have entire C:\Windows directory write-protected except for Windows updates... that's way above and beyond what I would expect VS to do...

    Might be good project for future...

    Best Regards,

    HJLBX
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    If I open the Mail app, then close it it does appear to close, but I don't know why it starts running on it's own.

    I've just checked and apparently Edge is running now too, though I never opened it.
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    VS only allows a few specific folders in the Windows directory, and they are all "Windows Protected Folders". For example, try to drop an executable to the C:\Windows\System32 directory... it should require Administrator Permission in order to drop the file. As far as I know, pretty much all security software automatically allows the same folders that VS does... they just do not have the option to disable the auto allowing of these files. Which is why I think we should consider removing that option... it should be enabled all of the time. Believe me, I hear this ALL OF THE TIME... reviewer's even bring this "issue" up in reviews, and it is only because we offer as an option to disable this feature... and it is only meant to be disabled a few weeks after using VS (when VS is well trained).

    For XP, it is a different story because it came out before MS added the Windows Protected Folders feature, when they introduced a lot of new security features with Windows Vista (which is the main reason Vista never worked that great). So that is why we mention that on our website... that VS does not offer quite the same level of protection with XP as it does for other OS's. BTW, I am not sure how other security software handles this issue with XP.
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not sure... we have to figure out why it is hanging. If it is running, VS is going to be ON to protect your computer. It is working well on mine so far, but I will keep playing with it to see if I can get it to hang.
     
  7. hjlbx

    hjlbx Guest

    There are malwares that can disable Windows Protected Folders...
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    But the malware has to execute first, right? ;).
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    OK Dan, here's a weird one. With all Web apps closed I open the Mail app and VS does not toggle to On. o_O
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It looks like it is time for another VoodooShield Challenge ;). In all fairness, if that is a weak point, then why did no one bypass VS in the last VoodooShield Challenge when we offered a free iPad mini to anyone who could bypass VS?
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is odd... you are running Windows 10, right? You might want to uncheck the Mail app in Web apps, then click Save and Close, then recheck it and Save and Close again. I have to get going but I will check late tonight or tomorrow to see if you are still having problems. Thank you!
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Done that but I just tried Edge and VS does not toggle to On with it either. :doubt:
     
  13. hjlbx

    hjlbx Guest

    @VoodooShield

    That is not weakness of VS, but Windows... or rather a testament to the fact that malware authors are quite crafty, most definitely persistent and bypasses are an absolute certainty in time...

    Difficult problem, you see... for VS and other security softs to protect Windows with all of its potential infection vectors.

    I currently don't have a malware sample... but if I can track one down I will certainly know to forward it to you.

    Best Regards,

    HJLBX
     
  14. hjlbx

    hjlbx Guest

    All malware needs to do is make changes to the registry settings to get the administrative power to browse system folders and open protected files... this is nothing new. Plus, MS adds security feature, malware author eventually defeats it... and so it goes.

    If you meant for the setting to be allowed after VS is trained why not fix a lot of issues with this message next to setting: RECOMMEND DISABLE ONLY AFTER TRAINING VS (or something to that affect).

    Best Regards,

    HJLBX
     
  15. hjlbx

    hjlbx Guest

    Of course the malware has to execute first, but what if user installs undetected malware in Training or Disabled\Install mode ? In that case, malware executes...

    VS should cover as many potentialities as possible - independent of when or how installed and location on the system... the extent to which should be determined by the user. I am confident of VS' protections with its current settings. The user should be permitted to decide how lax or tight they wish to tweak VS - from secure to virtual fortress.

    In my estimation, removing the setting to alleviate or eliminate bugs is a really bad idea that will get VS nothing but a high-coverage bashing that will probably reduce sales. Believe me when I tell you that I don't like it any more than you do... although it simply irks me - but affects you where it probably hurts the most - your pocket.

    Just food for thought...

    Best Regards,

    HJLBX

    Suggestion: Solve problem via enforced write-protection setting for any folder; enforce write-protection of System32 and System64, but once again, it will require capability for user to create exceptions.

    This is how AppGuard does it... and in some cases the user must create exceptions in order for things to work. It all depends upon installed softs... to me, that seems a plausible solution, but also seems like trading one problem for another. Also, I think this it goes beyond your intended scope of anti-executable (file management) into the purview of folder management...

    Or just maybe it's time for you to wrap VS "as-is" for a while and retain additional features for your road-map. You've accomplished a whole lot over the past 6 months - if I were in your shoes I'd be bedraggled, haggard, weary...

    This is all meant for measured, thoughtful consideration - and not bashing - although I'm absolutely sure some will interpret it that way.

    Best Regards,

    HJLBX
     
    Last edited by a moderator: Aug 1, 2015
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Since I last reported this problem, I have booted twice more into this particular snapshot and have not seen this error. Is it worthwhile updating to the most recent beta with XP, or stay with v2.75? I am just not sure whether problems with XP, that I have previously reported over recent months are improved by updating to the most recent beta.
     
  17. hjlbx

    hjlbx Guest

    @VoodooShield

    BUG

    v. 2.79beta - Using Default Settings

    If the user runs regsvr32.exe with VS OFF or in Training Mode, then "C:\Windows\System32\regsvr32.exe" is added to the VS Command Line white-list.

    Best Regards,

    HJLBX
     
    Last edited by a moderator: Aug 2, 2015
  18. hjlbx

    hjlbx Guest

    @VoodooShield

    v. 2.79beta - Default Settings

    W8.1

    Per your request I reset VS to default settings. Logging does not seem quite right...

    I thought the User Log is to update in real-time when any executable is launches... is this correct ?

    On my specific system the User Log is only updating sometimes... but I am not quite sure if this is a quirk or by design. Need your input...

    Best Regards,

    HJLBX
     
  19. colorado13

    colorado13 Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    117
    Location:
    Orihuela, Spain
    Congratulations!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, very odd. Maybe try to reboot and if that does not work, maybe uninstall and reinstall VS.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Hi Dan,

    I noticed my other machine which I also upgraded to Win10 was not having this issue so I have reinstalled Win10 on the problem machine. Problem solved!

    My guess is that I had activated the Mail app to use my email account + gmail account but when I was asked to accept Google accessing my personal stuff, instead of cancelling I just closed the Window. Later I removed my email account from the Mail app. Perhaps that has something to do with it? I don't know, but with a fresh installation / upgrade things appear to be working as expected on two Win10 machines.

    Cheers!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, if you can find a sample, please let me know! A year or so ago I had a sample that would drop a file to Program Files, but it had to execute first. Since pretty much all malware is spawned from temporary internet files, email client temp files, appdata, programdata, etc, I really think that as long as the file never executes, then the computer is safe.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, the goal is to create the tightest lock when a web app is running and I am definitely open to suggestions, so if we need to change something, we certainly will, but so far VS has stood the test of time.

    BTW, I stand corrected... similar products do have the option to disable the automatic allowing of specific critical windows folders. I honestly never looked to see if they had that option or not, simply because I have been quizzed about it 50-100 times, but have never seen this issue discussed elsewhere ;). I really do think it is safe the way VS currently handles it, but we will keep that option either way.
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    You might as well upgrade, it would not hurt. As soon as we finish the KMD, VS will work A LOT better with XP.
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I will have that fixed for the next version.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.