VoodooShield/Cyberlock

Hey Baldrick, thank you for letting me know! VS should prompt you now when it blocks a rundll32, and you should be able to allow it if you want. Is VS alerting you when it blocks a rundll32? Did you get the above info from the developer log? There is a chance that VS is just logging this info incorrectly, and really all it means is that VS is analyzing the rundll32 to see if it should run it or not. But please let me know on the above questions, and I will look into it! Thanks again!

 

Hi Dan

Thanks for the quick response. Got the information from the 'View Log' option in the right click context menu. Not a single prompt when it blocks either rundll32 or regsvr32.

Have now installed v2.41 and will see if I can replicate this...will let you know.

Regards, Baldrick

 

Sure, thank you! Duh, I should have realized that . Ok, cool, I will keep an eye on it and play around with it some more, it will be an easy fix.

 

No problem, Dan...with all the work that you are doing at the moment it is quite easy to miss little nuances like that...v2.41 installed and I am going to run a battery of checks around the sort of activities that I think wehere behind the messages...will see if I can get this to happen again.

Regards, Baldrick

 

I tried that, same message appears

 

Hi Dan

I think that the issue is that VS is trying for too short a period to check the registration. I have noticed the same issue and generally this occurs if my network connection is slow in connecting with the internet. I just click OK, and then double click the VS shortcut and everything starts up OK...But I really think that it is due to a timeout when checking registration.

Hope that helps?

Regards, Baldrick

 

I had another issue with 2.40 in that when I looked at my photos folder it initially loaded the preview icons then stalled any others being shown. Exiting VS solved it.

Now have 2.41 installed. This was a clean install again - is this necessary or will over the top do?

The app problem has disappeared for now, also the photo preview but this is after a reboot. I had been using few other programs involving photos - don't know if that makes any difference.

Can't remember if you added self protection to this build - if you did it doesn't work.

Once I have killed VS it will not start up again. It is shown running in background apps but is not protecting anything. Only way to restart it is to reboot.

 

I had that a few days ago and all I did was open Task Manager and end the one or 2 VS processes for me there was just one, and I clicked VS from the Desktop and it started again.

TH

 

I almost forgot about VoodooShield, testing it right now

 

Can someone direct me to the thread that shows how to make Voodooshield and shadowDefender work together?

THanks

 

They should work together without any custom configurations. Are you having a conflict between the two?

 

Hi Dan

Hope that you are well?

OK, update; running v2.41 and VS is now religiously blocking a number of files that start on the path "C:\Windows\System32\"...here is a further, small example of what I am seeing:

02/08/2014 10:39:38Blockedrundll32.exec:\windows\system32\rundll32.exef5691b8f200e3196e6808e932630e862...............................................
02/08/2014 10:30:29Blockedcscript.exec:\windows\system32\cscript.exe8350f39f98d9dba69254a979ede8d48c................................................

but also it seems to be also blocking some specific application where I have recorded the path under the Custom tab in Settings specifically to make sure that these apps are NOT blocked/interfered with, etc, as per example below:

02/08/2014 10:45:14Blockedaxtmimagebrowser.exec:\program files\axtm\axtmimagebrowser.exe698311d2431e9654ac8c5ee8a3dead.............................................

So I am not really sure what is going on with this version of the beta or whether I have a problem with my system, or my settings are incorrect (but then again, a part from the Custom tab I have changed none of the defaults)?

Am at a bit of a loss to know where to go now.

OS is Win7 Home 64bit SP1...if that helps?

Regards


Baldrick

 

Does the Beta update versions by clicking the update button? Mine shows 2.39

 

Don't believe that this functionality is working yet, as far as I know.

 

Correct you must use the Download links from Dan VoodooShield! http://www.voodooshield.com/freeoffer/Install VoodooShield.2.41 beta.exe

TH

 

Thanks Dan.

Testing VoodooShield 2.41 Beta now.

 

Hi Dan

Am really stumped by this one...as only certain files in "C:\Windows\System32\" seem to be affected, whilst others run fine...and I cannot see a pattern or what would differentiate between files on the same path...but there you have it...might weird...to me at least:

02/08/2014 14:33:36Blockedrundll32.exec:\windows\system32\rundll32.exef5691b8f200e3196e6808e93...............................................
02/08/2014 14:33:37Blockedrundll32.exec:\windows\system32\rundll32.exef5691b8f200e3196e6808e93...............................................
02/08/2014 14:33:37Blockedrundll32.exec:\windows\system32\rundll32.exef5691b8f200e3196e6808e93...............................................
03/08/2014 00:11:09Allowedsndvol.exec:\windows\system32\sndvol.exea632ef1a1490d31d76f13997ee5...............................................
03/08/2014 09:58:07Blockedregsvr32.exec:\windows\system32\regsvr32.execa24aef558647274d019dfb4..............................................
03/08/2014 10:17:07Allowedschtasks.exec:\windows\system32\schtasks.exe6dce7d58ebb0d705fcb41793..............................................
03/08/2014 11:14:24Allowedcontrol.exec:\windows\system32\control.exe43fdb43cef2a3219c06d002b56d0.............................................

are just a sample. And unfortunately I also seem to be getting the thing happening re. a number of files that start on the path "C:\Windows\Syswow64\", affecting what seems to be the same files:

03/08/2014 11:14:19Blockedrundll32.exec:\windows\syswow64\rundll32.exe5ad3c37e6f2b9db3ee8b5aeed.............................................

 

Hi Dan, I think that I have found the cause of my issue and I think that it is a bug. I had set up some key apps of mine so that the path of their key folders where set up in 'Custom' under 'Settings'...but I have kept getting issues with blocked files as per above when trying to run them. One in particular is a file browser associated with the main app and I could never open it unless VS so configured was disabled...so whilst otherwise occupied (I won't elaborate further...) I thought...could it be the custom settings? So have removed those...and lo and behold...issue has gone. So I am thinking that there may be a bug as I use the following to identify the path 'C:\Program Files\app folder\' and I noted the warning about using 'C:\' by itself, etc...so just wondering if....?.

Anyway, issue resolved for me at present but will keep testing and looking for the new dawn when VS v2.0 Final breaks cover for good.

Regards


Baldrick

 

Hi Dan

Ignore my previous post...managed to reproduce the blocking of C:\Windows\System32\ files without the 'Custom' settings...so am back to square one as to why I ma having the issue...drat...oh, well back to the thinking place...for another ponder...

Regards


Baldrick

 

What OS are you having issues with? Win 7 x64 here I don't see them.

TH

 

Hi TH

Running on Win7 64Bit here...cannot work out why I would be having issue and you not?

 

Are you adding things to the Web Apps? I just remove the ones I don't use.

 

Same here TH, same here.

 

It gets stranger and stranger...now VS is deciding to check with VirusTotal that a file that is on the whitelist is good to allow?? I thought that if the file was on the whitelist then as far as VS was concerned it should be allowed.

Perhaps I will delete the whitelist and restart it in case there is some corruption or issue preventing the client from accessing the list details

 

Well each new Beta I always do a clean reinstall of VS see if that helps?