VoodooShield/Cyberlock

The log is sent....

 

Uninstalled 2.86, installed 3.0 - whitelist and settings retained. No issues so far, Win 7 Pro 64-bit.

 

got it, thanks!

 

I

If the file is an installer, then the Local Sandbox will not be shown... long story but we can change this at some point. Please try an exe that is not an installer and it should work.

 

Hey, Dan...thought you were off now and leaving it all to Vlad

No, seriously, glad in a way that you are still around.

Regards, Baldrick

 

Dan, what do you think about this?
An option in VS GUI called "Sandbox" that would show all processes running inside.
From there we could terminate the processes/empty sandbox, etc.

Right now, we can not tell what processes are running in Sandbox. Or can we?

 

Hehehe, Vlad, watch out for this guy, he might make you laugh uncontrollably . Just kidding, thank you Baldrick!

 

Great idea, thank you! We do want to keep VS as simple as possible, but if everyone thinks this something we need, then we can check with Vlad and see how difficult it would be to implement this. Thank you!

Baldrick is right, I need to step away from the computer for a while . But if you guys need me for some odd reason, please email me as support@voodooshield.com. Thanks again everyone, talk to you soon!

 

I have tried several malware files (not installers) and I see no difference...maybe it is caused by VM...I will have to try it on real machine.....

 

I think that this is an excellent idea...makes things much clearer IMHO...nice one, siketa

 

Good catch! there is indeed a bug. Will be fixed in the next release

Thanks

 

Thanks, Baldrick! I hope other users might find this feature useful too.

 

BUG

v 3 on W8.1 x64 OEM (Toshiba)

Registration fields not functioning properly; when entering e-mail address and registration password one can only enter 1 or 2 letters at a time and the field becomes disabled for a moment or two...

 

Thanks for finding. This could happen on not so strong computer or if there is too much overloading on the Windows. I wasn't able to reproduce the bug. But I saw in the code where it may happen, so probably it will be fixed in the next release.

 

Did a clean install Version 3. Working good.

 

AFAIK, in general the installer is not whitelisted automatically just because it is signed. I.e. if installer is launched by some another process, then user has to know that something like that happened.
However if webapplication (i.e. Chrome) wants to update itself, then it should be allowed without prompting the user. There was indeed a bug, that chrome installer wasn't recognized as an installer.
Will be fixed in the next release.
Thanks for the finding and the log that helped to fix the bug!

What do you mean by "takes forever to finish"? does it open a browser with results or do you try to use VM? In your log I saw the "Access Denied" error (Exception) related to starting one of the processes needed by Cuckoo, so I'm trying to figure out what exactly was denied.

 

It's been awhile since I uninstalled and did a fresh install of VoodooShield. Could someone refresh my memory, didn't you have to reboot on a new install of the previous versions? Version 3 requires no reboot.

 

Now reboot is not required for VoodooShield installation unless some of the files is in use during installation (shouldn't happen). Also no internet connection is needed for downloading .net or VC++ runtime. VoodooShield installs the runtime by itself and knows to work under .NET preinstalled on the system

 

It opened browser with running analysis page but after x minutes it was not finished so I closed the browser.
How long does it usually take to finish it?

 

Also happened to me in VM but I made it after few attempts.

 

it
It shouldn't take too much time, more than few minutes I think. It seems to be a problem with the Cuckoo server. I saw in the server log, that record.exe was added to analysis, but looks like something wrong went there.
I'll check it with Dan.

 

@VoodooShield @VladimirM ,
Looks like a Full Disclosure: http://casual-scrutiny.blogspot.in/2015/10/poc-or-it-didnt-happen-for-appcert.html

 

@VladimirM

My test system = i7 4720HQ 12MB RAM with SSD + clean Windows OS install and less than 10 other softs installed.... avg CPU usage = 1 % \ RAM 15 %.

Code is making input fields mis-behave even on strong system with little demand on system; in version 2 there were troubles with VS' character input fields so probably just problematic coding artifact...

 

Yes. This is a problem since the introduction of the Cuckoo sandbox. It never got sorted out because Dan couldn't get around\didn't get to implementing a fix...