VoodooShield/Cyberlock

2.01, diskcleanup thing still being blocked even after allowing it many times

 

Cool, thank you. I am having a few problems with 2.01 silently blocking a few things, but it's cool, I know what to do .

 

Sounds good, thank you for letting me know. I just need to tweak that algorithm a little bit and we will be good to go.

 

Having done the above I might be a bit closer to the problem. See pic

 

I still have start up issues with v2.01 just VoodooShieldService.exe is running on Boot up and I have to click on the Desktop Icon for it to show and it starts VoodooShield.exe

Daniel

 

Minor issue, this is not updated to show 2.01

 

It did not update the version number for me either.

 

yes still shows 2.00 for me

 

At first, I thought I didn't update successfully to v2.01 .

So I did another update.

 

Version 2.01 resolved the freezing caused by the Web Apps tab. The button does not work though for detecting Web Apps. I think I read above that the button needs to be reseized. I will have to wait to see what the effect is when using the button to detect Web Apps since the button does not work now. I hope it does not cause the freeze I have experienced with previous builds.

A few mental notes I made while using VS.
1. I think the commands tab should be made a list. I'm not sure what the purpose of it is. Is it for adding command Line strings manually, or does VS automatically add any command line strings that is not whitelisted to the commands tab if the user allows it when prompted? I think VS should prompt the user requesting an action to allow, or deny command lines strings that are not already white listed with the option to add them to the white list.
2. I got the prompt several times stating that some files are harder to allow than others when trying to allow some files. I don't remember which files triggered this now. This will be a problem for many users. VS really needs to be able to allow files to execute when using the allow button. That is much safer than using the install button. I would not want to use the install button unless I am installing software. I want to have full control over exactly which files I want to allow.
3. Flash tried to update, and VS detected it as a threat. I'm sure it was a false positive. Only one AV from Virus total flagged it as a threat, and I had never heard of that AV until now. VS does not give me an option to allow a file that has been detected as malicious due to a false positive. It only gives the option to block, or Quarantine.
4. VS blocks CMD unless CMD is unticked, or VS is disabled. What effect if any does this have on command line strings when CMD is not ticked? Does VS still filter which command line strings are allowed to execute with CMD unticked?

So far everything else seems to be working good. I have not done any testing to see how well VS blocks executables. I have only been observing VS's behavior as I perform the most common task that I usually use my PC for. I will keep using VS, and report back if I observe anything worth noting.

 

Its just an oversight. I'm sure it will be corrected in the next build.

 

Cool, so does it work once you allow it? Thank you!

 

Hey TH, can you please try to exit out of VS, then delete .dat and .log files in C:\ProgramData\VoodooShield, then reboot? It will wipe out your snapshot and settings, but it should fix the problem, but if not, please let me know, thank you!

 

Sorry, I was just being lazy .

 

Yeah, I do not like the button in the Web Apps anyway, so I set the timer for 15 seconds instead of 5, please let me know how the Web Apps tab does!

1. Yeah, we can do something with the commands. That tab is for both manual and automatic command line additions. VS does prompt the user, for example, post 4529. And if the user clicks Allow, it automatically allows them. We cannot really add them to the whitelist because the format for the whitelist is Process Name, Process Path, Process Hash, and technically we store the command line if there is one for that processes. But the command lines we are talking about are more for Rundll32 situations. We could move that tab to the View Log / Snapshot form if that makes more sense.

2. On the "some files are harder to allow" prompt... this happens when the user tries to allow something that no longer exists. For example, a lot of installers will temporarily write an executable to the AppData directory, and for whatever reason, delete the file after it thinks that it has already ran. So VS is trying to allow something that already has been deleted. Most likely, I can just take out that prompt and everything should be great. Or, better yet, just make sure the user is not prompted if the file does not exist.

3. Yeah, I have been meaning to add a small "Allow Anyway" button or link, it will be easy.

4. The CMD only has to do with cmd.exe, not command lines of other processes, so they should not be affected either way. Since they are independent of each other, yeah, VS still compares command lines of other processes whether that box is checked or not. There is almost never a reason to untick any of those boxes, and we could almost remove them at this point.

Thank you for all of your help!

 

Ok, this version should be ready to release to the public on Monday, assuming that there are no major problems, please let me know if there are!

If anyone is having an issue with VS starting after 2.04 is installed, please delete the files from the C:\ProgramData\VoodooShield folder after exiting VS. If the VoodooShieldService is running, it will only let you delete 4 of the 5, but that is ok. New users, or users who are upgrading from 1.30 should not have this issue, if so, please let me know!

Thank you everyone for all of your help!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.04.exe

 

installed version 2.04 but shows 2.00. other than that it's working great. I even see the Malwarbytes command is added already


oh and the icon is a bit off for web apps still

 

download shows 2.01 ?

 

Copy&Paste this link into your browser

Code:

www.voodooshield.com/freeoffer/Install VoodooShield.2.04.exe

 

Getting rid of the balloon pop ups seems to work a lot better. I am seeing a lot more processes that were previously lost. Having them remain on screen until dealth with seems much better.

 

2.04 blocks dismhost.exe when luanching it from the start menu. It does not block it when launching the program using "launchy" software. I have told VS to allow it many times but it does not seem to add a rule.

 

Cheers, Dan

Will install and as per usual give this some wellie under Win7 64bit & Win8.1 32bit over the weekend...will report back if I find anything.

Regards, Baldrick

 

I just uninstalled 2.01, and installed 2.04 without deleting anything from the ProgramData folder. VS did not start in learning mode. I assume VS detected the whitelist from the prior installation, and used it. That's good in my opinion. VS also started in Always On mode which was the last Mode I used with VS before uninstalling VS. I assume this is expected behavior as well. I think VS preserved all my prior settings, but I will double check. I'm using Windows 7X64 Ultimate. So far so good. I will let VS run for a while, and then see if I still have the web apps problem I reported recently. I will report back if I discover any issues, or have any further advice as well.

 

Hi CE

I can confirm this as happening the first time I installed v2.04 over the top of v2.01. I then uninstalled that, cleared \programdata\voodooshield, clean installed v2.04 and sure enough snapshot taken (and took a while), started in training mode, etc.

So far so good as a result of either install method.

Regards, Baldrick

 

Dan, how long do you think it will be before you add the option to allow an executable that has been detected as a false positive?