VoodooShield/Cyberlock

Here is the hopefully final release for VS 2.2, assuming everything goes right.

It does include a native version of .net for 7 and 8 (and will do the same for 10 soon), although we should be a little careful. I tested the heck out of it, but who knows what could go wrong.

I HAVE NOT TEST THIS ON WINDOWS 10 YET, but I will do so a little later. I am not even sure what .net version 10 is running natively, so I will have to look into this. If anyone has a test VM for Windows 10 and would like to see what happens, please let me know! I will create a Windows 10 VM at some point and test this some more.

Other than that, I tested this with XP, Vista, 7, 8 and 8.1, and although it took a while, I think everything is just right (after about 100 installs .

I will respond to the above posts a little later today, sorry I am behind.

BTW, you can either install over the top or do a clean install, it should not matter either way. Also, VS will prompt you to update, but please DO NOT! It will install the old version. You can disable this for now in Settings / Basic.

Other than that, I added a bunch of small features and refinements, and I am hoping it is pretty much bug free, although it would not surprise me if there was a minor bug or two.

Please let me know what you think! Thank you!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.22 beta.exe

 

Thanks Dan going to do a clean reinstall on this one as the last couple have been running great!

Thanks,

TH

 

This new Build is working great!

Daniel

 

Cool, thank you for letting me know! I just tested 2.22 with Windows 10 and it works great. It looks like the only thing I need to do is to make sure the path of the blocked file is on the new notifications that replaced the balloon notifications. But I think we are going to have our own notifications anyway soon, that way we can adjust the time they are displayed. I will read through the posts a little later, I just wanted you guys to know that it is working great with 10 as well.

 

Working great here too. Thanks Dan for your hard work,

 

Over the top 2.22 beta. Train and Backup SMOOTH
What accounts for the NET Framework dialog upon clicking malware link in Alert.
Quit closes VS ~ Continue seems to continue.
Has something to do with Firefox not yet in Whitelist after Training. I think?
With Firefox trained. No NET Framework dialog.

 

Build 9901 comes with .NET Framework 4.6 Preview.
The previous Insider builds came with .NET Framework 4.5.2

 

Cool, thank you guys for your hard work as well!

 

That should be a super easy fix. I am not sure what you mean by "Quit closes VS ~ Continue seems to continue." Please let me know what you click on to create the error and I will fix it asap! Thank you!

 

Cool, thank your letting me know. I am running build 9841, so I will download 9901 right now and test. Thank you!

 

Cool, thank you Baldrick!

 

Yeah, exactly. Once we upload VS 2.22 to the public, you will no longer receive this message. Sorry about that! Thank you!

 

Please try 2.22, it really should be working, but if not, please let me know! Thank you!

 

Good news! VS 2.22 should work with 8 and 8.1 using the native .net! Thank you!

 

Hi all,

Installed 2.22b over 2.21b, no issues to report.

Noticed that under advanced tab for Parent Process, it states "Enable ONLY if all web apps are listed". I only have Firefox, IE, Avast, CCleaner, Keyscrambler, and Sidebar listed on Web Apps Tab. VS states Detection Completed when checking for additional web apps. Since I use "Always On" mode, should I enable the check mark for "Allow for Parent Process"? I guess I'm confused in regards to the Parent Process feature being used in Always On mode since the Web Apps tab states that it's for Smart Mode use. Maybe I'm reading/thinking too much into it, or maybe it's the couple of beers after work that is clouding my mind.

Any help clearing that out for me is greatly appreciated. As always, great work Dan. You're putting out new versions like a boss! LOL

Best regards,
l3l312

 

Hey l3l312,

Great to hear that it is working well, thank you! Yeah, the Parent Process feature is still kind of experimental at this point, I am just trying to figure out the best way to refine it, since we have a lot of different options.

Basically, I disabled the Parent Process feature by default just in case, for example, an exploit hit Acrobat Reader. That is, the payload would be automatically allowed if Acrobat Reader was exploited, and VS was allowing child processes of Acrobat Reader. So what I need to do is to exclude certain programs from utilizing the Parent Process feature. Here is a list of apps that are already excluded, and CET sent me a really great list earlier that I am going to add soon. These apps will not toggle VS, they simply are excluded from utilizing the Parent Process feature, so that if they are exploited, their child processes will be blocked.

Everything that is already listed in Web Apps
acrobatreader (and all of the variants)
excel
foxitreader (and all of the variants)
java (and all of the variants)
mplayer2
powerpnt
quicktimeplayer
vlc
winamp
winword
wmplayer

So for the most part, most of the common apps are covered, but if you have an app that could potentially be exploited, you can either add them to Web Apps, or you might not want to enable the Parent Process feature. So this feature is still in the works, and it is going to take some time to get it right, but I think it will be worth it. I actually think there are a lot of really cool things that we can do with the web apps. I hope this answers your question, but if not, please let me know! Thank you!

 

Dan, thanks for that thorough explanation, it really clears up the way the Parent Process feature works; and it will help me in the way I use and configure VS.

One thing that is not clear to me however; is if the behavior you described above for Parent Process is in effect while using "Always On" mode? I at the moment am not savvy enough to use a sandbox or VM environment, so I'd like to be protected by VS as much as possible. So if enabling Parent Process leaves me a litlle vulnerable, I might not enable it for the moment. In the future when I experiment with Sandboxie or Virtualbox, I'd be able to be more helpful with feedback regarding the Parent Process.
I only have 1 PC, so I gotta take care of it like a baby. LOL

Thanks again Dan for taking the time to explain this to me. I'll continue to report with future versions of VS.

Best regards,
l3l312

 

Installed 2.22b over the top without any issues. I disabled 'Enable parent processes feature' manually, as it was still checked - possibly from the previous instal.

Thanks Dan

 

Hi Dan

Just installed 2.20 and am having the same problem with programs installed on another partition. The program folders are setup as allowed Custom and have even hard wired the one in Web Apps and still VS pops up. In the last case there is a command line attached to direct it to the profile location.

 

Voodoo Shield v2.22b will not run at boot. I have to start it manually each time even though I have it set to start in settings. I installed it clean. In addition, the white list only shows 1 entry on the site.

Does any one have any suggestions?

Many thanks

 

Sure, thank you! Actually, this applies to whenever VS is ON, it really does not matter what mode VS is in. I hope that makes sense, if not, please let me know!

 

Yeah, that was from the previous install. If you Restore Default Settings or wipe out the old .dat files and do a clean install, it will be disabled. Even if this option is checked, it is still quite safe, mainly because the most of the apps that the hackers exploit are already excluded. Thank you!

 

Hey David, I am not exactly sure what you mean... are you saying that all of your Program Files are on another partition, and VS is blocking them, even though the Program Files folder on your other partition is listed as a Custom Allowed Folder? If so, that should be easy to reproduce and fix. Please let me know, thank you!

 

Hmmm, that is odd. What version of Windows are you running? You might want uninstall VS, then before you reboot, delete all of the files in the following folders:

Windows XP: C:\Documents and Settings\All Users\Application Data\VoodooShield
Windows Vista and above: C:\ProgramData\VoodooShield

Then install the latest version listed below, and please let me know if there is still a problem. Thank you!

 

I just released VS 2.22 to the public! Please update and the annoying update prompt will disappear!

http://voodooshield.com/download/versions/Install VoodooShield.2.22.exe

Edit: BTW, please update using the link above, not the auto update in VS... you might get an error message if you use the auto update in VS (no big deal though).

Thank you!