VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Does Command Line support wild cards

    e.g: C:\Windows\system32\cmd.exe /c rmdir /s /q "?:\*\__Delete_*" in lieu of

    c:\windows\system32\cmd.exe /c rmdir /s /q "c:\sandbox\bjms\__delete_defaultbox_1234567890123456"
     
    Last edited: Jan 10, 2015
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Most of the common command lines are already hardwired in VS, but yes, VS supports wild cards, but not exactly in the way that your example describes (although that should work too). VS uses a special algorithm that will automatically (and safely) detect wild cards. Basically, if there is a new command line that is not already hardwired or listed in the Command Lines tab in settings, it will use this algorithm to determine whether the new command line should be allowed or not. So yes, VS supports wild cards, and it is automatic. Thank you!
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, every time I delete SBoxie defaultbox. VS throws a flag. The flag has same path /string with different numbers each time. The whitelist populates a delete_defaultbox_16 different numbers every time. So, wildcards are my only option sans a line of code to add to SBoxie config. e.g: OpenPipePath=*\mailslot\NVTInj\*
     
    Last edited: Jan 10, 2015
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ahhh, I see what the problem is. VS is not detecting that block as a command line. It should be an easy fix, then it should work great. In the meantime, you could always left click on the shield before you delete the default sandbox, then once you return to a web app, VS will activate again. Thank you!
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, I disabled left click. Seems like if I need to disable. Two clicks is better than one.
    So, disable VS and then dump sand. I'll try that.

    On my Vista box Smart goes red on browser close. On W8 Smart stays blue. Anyway to figure out what's holding VS blue. W8 Task Manager only shows VS and TM under Apps.
     
    Last edited: Jan 11, 2015
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Do you have any USB devices plugged in other than a mouse, and keyboard?
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Nope..... I did add NIS to Web Apps as Auto Detect detected / allowed me to and I have Allow by Parent checked. Dan made a point of...make sure all web apps are listed before Allow by Parent is checked. I thought since NIS was Auto Detected as a web app. I should add it.... ?

    EDIT: NIS added to WebApps was holding VS blue. Q: Why is NIS detected as WebApp.
    Norton Toolbar ? As NIS is detected as a WebApp. Should I add NIS to WebApps ?
     
    Last edited: Jan 12, 2015
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    The only applications you should add to the Web apps tab are web facing applications that are points of entry for infection. Browsers, instant messengers, mail clients, pdf readers, media players, and P2P applications are the applications you should be adding to the web apps tab. If NIS stands for Norton Internet Security then no, you should not add NIS to the web apps tab. It probably just auto-detected it because it was making outbound access to the internet.
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Okie Dokie ~ NIS is a faux web app.....
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    What is a faux web app? I did a google search on it, and got a hundred different answers.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I meant to VS. NIS is detected as a web app ~ Auto Detect running Web apps. By faux I meant not a "real" web facing app. As NIS holds VS blue when added to VS web apps.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I think it's no needed-recommended-even allowed to run any security app (firewallls, AV/IS, "anti-something", etc.) in restricted mode and no matter what means "web app". There are usually apps that are connected to internet and deeply integrated with system and by this way of limited launching can cause "unpleasent" events.
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    The option to disable the left click is for admins who want to lock VS down so that the users cannot make changes (after setting a password for VS).

    Yeah, if you open the web apps tab in settings, the web app that is responsible for keeping VS ON is in bold. I should probably underline it as well or something. Thank you!
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Well, the button to Auto Detect Additional Running Web Apps basically just detects any app that is sending or receiving packets. So there will be some that are not actually web apps that should toggle VS in Smart Mode... For example NIS.
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly, thank you. Once I add the list of web apps you sent me, we might even be able to remove the Auto Detect Additional Running Web Apps button.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, there is no reason to have NIS toggle VS... as you described it, it is a faux web app.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    NIS should as you say Toggle. But, for me NIS added to web apps held VS blue. ?
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    OK, but for me VS saw NIS as a web app. So, I allowed NIS to be added. I've since removed NIS as a VS Web App. Don't know as VS auto detected NIS as Web App. If I should have NIS added to Web Apps for Parent Process. Since, NIS hold VS blue. I removed as a Web App.
    Just noticed after you pointed me to it. That yes, app holding VS blue is bold. Clever idea. Just never noticed. :)
    EDIT: I C #5615
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds great bjm_. Yeah, right now the only way that VS auto detects new web apps is when it detects all of the apps that send and receive packets. I think adding the massive list of web apps that CET created will help... then maybe we can just not have the Auto Detect web apps button. We will see, thank you!
     
  20. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Sorry, I cannot find the info on your website: can VS be installed on standard user account in Windows 7?
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It's cool... yeah it should work, although we do not test heavily with SUA, so if you run VS under SUA for a while, can you please let us know how it does? If you need a VS Pro account, please email us @ support@voodooshield.com. Thank you!
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    During my testing of VS I had thoroughly used Standard account. Although I initially installed VS within Admin account, I switched it back to
    Standard for the testing. I had no issues running VS under SUA/LUA, so you should be alright.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting us know!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW bjm_, I am looking into the sandboxie delete default sandbox issue. The main problem is that cmd.exe's are blacklisted whenever VS is ON. You could always uncheck CMD under Settings / Tweaks, but that probably is not the best idea. So in other words, unless we can get around VS blacklisting this, there may not be a way to fix it safely. But I will continue to work on it.
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, with any luck, this is my last version of VS! The new developers are finishing up their code review and are going to start on it very soon, and thankfully the code somehow made sense to them ;). This version just cleaned up a lot of things, so hopefully I did not break something in the process, but it has been running great. I think the service issue might be fixed as well, although it hardly ever happens anyway as far as I know.

    You will notice that the text on the prompts are a little different than before. Basically, I made all of the prompts pure text so that the new developers can do a lot more with them, and we will also be able to offer VS in different languages as well now! So they look a little different for now, but they are going to be totally redone very soon, so I did not worry too much about how they looked for now.

    You should be able to install over the top (after exiting VS), but uninstalling is always better just in case.

    At least one or two of the other developers will be joining wilders soon, so I will introduce you guys to them when they do.

    Please let us know if you have any issues! Thank you!

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.23b beta.exe
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.