VoodooShield/Cyberlock

OK thanks, so basically it will run apps with limited rights. I do wonder if that will cause any problems on Win 7/8.

EDIT: My bad, "low integrity" is something else than "untrusted integrity", so perhaps most apps will be able to at least run, interesting idea: http://msdn.microsoft.com/en-us/library/bb625960.aspx

 

Good to hear Dan...we are still here...waiting patiently to test the next, greater version of VS v2.0...just bring it on.

 

Yeah, the other sandboxing method we tried was pretty cool, but it only worked with .net programs, which is still the vast majority of programs, but for obvious reasons, that was not going to work for us. I really think this method will work really well. But whenever 2.0 is released, we can look into alternatives and develop it a little further, or find an even better method. We really do not need sandboxing, and we are not trying to turn VS into a swiss army knife, but it was not too difficult to add, and who knows, it might turn out to be even more useful than we thought. Thank you!

 

Sounds good, thank you Baldrick! Actually, I emailed our new developer today and asked him to translate the code that I finished this morning if he had time. I already got an email back saying that it was finished! So after I eat, grab a quick nap and take Molly for a walk, I am going to try it. He said it only took him 20 minutes... which is really cool because it probably would have taken me 2-3 days!!! He is the developer who is going to be starting on the KMD soon, which will probably take a little while... I am guessing a month or 2. Then again, the methods are so incredibly similar (in my opinion) to the code that he just worked on, so who knows, it might not take him all that long. He has fixed several things recently and has done a great job.

Both methods are great, but I am excited to see how each one plays with traditional antivirus. There may be no difference at all, but I still like the idea of running the cpn, along with the kmd of the traditional AV software, since most of the security developers use the kmd. Anyway... we are almost there!

 

Sorry for the delay, but I think all of the bugs are worked out! This version is not quite as well tested for XP as it was for Vista and above, but from what I can tell, it is good to go. Also, VS is also ready to implement the kernel mode driver as soon as it is ready, with just a few minor modifications (as far as I can tell). I think the KMD version will be ready in about a month from now. Please let me know what you guys think! Thank you!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.63 beta.exe

 

I got this during the install:

---------------------------
Error
---------------------------
Error writing to registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunRegSetValueEx failed; code 5.Access is denied.Click Retry to try again, Ignore to proceed anyway, or Abort to cancel installation.
---------------------------
Abort Retry Ignore
---------------------------

Then I rebooted to complete installation:

 

...and lastly.

 

It is OK ...I signed up under two email addressess, originally. One is license is expired, and the other is current.

 

Cheers, Dan

Will uninstall/clean install shortly and look to give this some wellie over the weekend.

Regards, Baldrick

 

Hi Tarnak,

That is cool that you figured out the registration issue. Is everything else working? I see you have several security products running... can you please try to disable all of them while installing VS? I was just talking to someone in the security field about this the other day. Somewhere along the line in the last few years, pretty much everyone (including myself), quit disabling their security software when installing new software. Luckily for VS, when the user clicks VS's Install button, it turns off.

Just curious, do you mind giving me a list of security software you are currently running? I would like to test and see which ones are blocking VS.


Thank you,

Dan

 

Cool, thank you!

 

Installed fine on a VM with EAM 9.

 

Sorry Dan

Having major issues firing up any browsers that is not IE or FF, most likely due to where I have located the portable versions:

12/09/2014 17:14:22Blockedmaxthonportable.exec:\browsers\maxthonportable\maxthonportable.exeff4c6a762b1ea5c3c02515c2210753e045288a143b9d84feabf2acad3fdcb4e4
12/09/2014 17:14:18Blockedrundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 17:14:17Blockedoperachromeportable.exec:\browsers\operaportable\operachromeportable.exec70710777bc3d322ffc5823b0c8a355eb21136366adbaab3c69a464bc2c0773e
12/09/2014 17:14:09Blockedslimjet.exec:\browsers\slimjet\slimjet.exe71ebbc45cc24efb074a0e5957419f82a480da41e19cc05e5f384480709ef2c9d
12/09/2014 17:13:55Blockedrundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 17:13:20Blockedrundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 17:13:19Blockedchrome.exec:\browsers\googlechromeportable\app\chrome-bin\chrome.exe216f58801714173558d82782d94f3b684e2f625f0318ad34b7ecdc43db3b9219
12/09/2014 17:12:28Blockedrundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 17:12:27Blockedchrome.exec:\browsers\googlechromeportable\app\chrome-bin\chrome.exe216f58801714173558d82782d94f3b684e2f625f0318ad34b7ecdc43db3b9219
12/09/2014 17:11:05Blockedgooglechromeportable.exec:\browsers\googlechromeportable\googlechromeportable.exe50b62fa4105747b1bc48a24be5d370cfdae22bd10b0d4a5cd8e5aa4fde28fc92

Am seeing the above and have tried training/snapshoting again but nothing seems to help.

Any thoughts as to what I am doing incorrectly?

Regards, Baldrick

 

Did it silently block them without giving you an option to allow them? Did the VS tray icon indicate VS was blocking them when you was trying to launch your browsers?

 

E-mail sent a short while ago.

 

Hi CE

Nope, with default settings as installed with VS, all that happens is that the desktop shield flashes repeatedly and blocks. Have changed the settings and now it prompts and offers options but repeatedly and for everything.

 

Does it ask if you want to allow applications other than the portable browsers you mentioned? If you click allow does it allow the application, or does it block it anyways?

 

Nah, at the moment it just seems to be the browsers...but I will try a few other apps and see what gives... weird behavior.

 

Ok, thanks! I'm working on something at the moment, but I will see how it works on my machine when i'm finished.

 

And now I am getting sporadic popup messages as follows:



And culprit seems to be....

12/09/2014 19:05:41Blockedrundll32.exec:\windows\sysnative\rundll32.exe


Hmmmmmmmmmmmm!

 

It's working fine here Win 7 x64 but I had one Block on a second reboot as it went into smart mode on it's own and didn't stay in Training.

12/09/2014 1:24:16 PM Blocked rundll32.exec:\windows\syswow64\rundll32.exe5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

Daniel

 

Spoke to soon. Got the same as Baldrick.

12/09/2014 2:13:10 PM Blocked rundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 2:13:09 PM Blocked rundll32.exec:\windows\sysnative\rundll32.exe
12/09/2014 1:32:09 PM Allowed iexplore.exec:\program files (x86)\internet explorer\iexplore.exe32c97ab4581c6e6d0470b4f4159c6db4d4e7306d2f2c398a128f1dd26f53110c



Daniel

 

Working well on Windows 7 64 bit and my Windows 8.1 32bit tablet.

Only issue I have seen is ont he Windows 7 64 bit.

I launch Internet Explorer and its fine. I close IE and it doesn't entrely shutdown so i open it again thats when i get a block message for rundll32 block.
c:\windows\sysnative\rundll32.exe

Same things happen for Filehippo update checker. It launched and seems to work but VS does say something about blocking
c:\windows\sysnative\rundll32.exe

http://filehippo.com/updatechecker


install was perfect on both systems

 

Cool, thank you for letting me know!