VoodooShield/Cyberlock

Yeah, exactly... pretty much what you mentioned.

Off the top of my head... I would start with a hybrid between AppGuard and VS / VoodooAi, and use Excubits driver, along with MemProtect + Pumpernickel. But we also would need a really cool sandbox and realtime scanner, and there are a few that come to mind. There are so many great ideas that it is hard to choose from . Maybe we should start a new thread... something like "If you could create the perfect security software, what features would you include".

 

Yeah, great point, that is probably what is up... thank you!

 

Cool, thank you for the suggestions, I will look into them... they are now on my to do list .

 

There appears to only be one main issue with VS and Windows 10... VS does not have access to the C:\Windows\Temp directory (and possibly others). I think it is an easy fix, but I emailed Vlad to get his opinion. A lot of times, I would write like 4-5 lines of code that would fix a certain issue, then Vlad would come along and write one line of code that was a better fix, so I will wait to hear from him .

 

Good, thanks, Dan

And giving VS some wellie...trying to collect some information on some 'issues' with the AI recommending a Block when I know that the file analysed is safe...not many occurrences but need to gather some details to send you to see if you can explain where my understanding is incorrect...

Regards, Baldrick

 

Cool, thank you Baldrick! VoodooAI is very, very young so I am sure there are things that we need to work out with it. Also, I cannot wait to retrain the models in a couple of months... I think the accuracy and precision will skyrocket when using truly random samples for the training sets.

Here is VS 3.16... This should fix most of the Windows 10 issues. I have not heard back from Vlad yet (he has a lot going on at the moment), but I think this is the way he would have fixed it, but I guess we will see for sure soon .

www.voodooshield.com/artwork/InstallVoodooShield316.exe

BTW, I added some new file details to the user prompt... some of them may not be correct yet (long story), but that is on my list to fix. It is a very easy fix, but it is going to take a little time. I also have not fixed the Threats Blocked count so that it does not include clean files, and a few other things. But I wanted to get the Windows 10 fix out asap... I am not sure if the Windows 10 Egdehtml issue is fixed or not, so if it is not, please let me know.

 

Merci!

 

Dan, I just installed the 3.16 beta, and I can now open a cmd window without being prompted, which makes me very happy. Keep up the good work

 

Конечно, спасибо!

 

Very cool, thank you! Please let me know what else we need to tweak on the AutoPilot mode... A LOT has changed from Scan & Allow mode, but I think once everything is ironed out, it will be pretty cool.

 

Я получил файлы в белый список для пользователей WSA!

 

Is cmd

cmd blocking is still there i.e if you have previously used Scan & Allow mode then you know that cmd blocking was not there i.e Scan & Allow mode was purely scanners only i.e Blacklist scan & VoodooAi only, right?
So cmd blocking is still there i.e if you start Command Prompt window now then its not blocked. But any programs trying cmd, script, etc... stuffs, you get block alerts.

 

Installed and running now. If I see any bugs II will report them.

 

What's the Command Lines about? Could somebody do a quick explanation? Thanks.

One thing that I find confusing is when I allow a blocked programme I have to re-sort the log for visual confirmation it is allowed. The pop-up says it is now allowed but the log stays fixed on the line that says it is blocked. Before thinking to re-sort I thought there was a problem with VS. BTW, I'm your average user, not the security techie whizz-kid. I come here to read what they suggest. Another confusing thing is the allowed programmes states the time of when it was initially blocked, instead of the time it was allowed, so I had to re-sort by process to see it has been allowed.

 

I dont know if its a bug or by design...but check the log again as it says both blocked & allowed i.e I guess blocked coz the program was blocked & alert was issued & allowed coz the user allowed the program.
And it seems by design & not a bug.

I have asked these here on the thread but guess Dev is busy so sometimes miss the post & its not easy to go through & reply all the posts.

 

@VoodooShield - 3.16 Beta - Running in full screen (Games, Videos, etc.) causes the VS Gadget to hide itself.

 

VoodooShield,

You may be thinking why I request for detection level, VoodooAi Unsafe alert only, Scan & Allow Mode to be scanners only, etc... options. I have mentioned these 2-3 times.

The reason - I have never tried any anti-executable coz they do provide strong protection but not easy to use.

hjlbx a user here & malwaretips too, I do PM him many times requesting info on software. He, on PM & threads too recommended anti-executable quite a few times. So I decided to give a go.

I tried AppGuard, NVT & VS. AppGuard I find tough to use. NVT easy enough to use for me but not for my family members or average users. VS I find easiest to use compared to the other 2. But still not that easy or suitable for my family members or average users. And I know a software like anti-exe will always require some input from users.

Then I saw VS has protection modes. Scan & Allow, from the name I thought it may be like AVs minus anti-exe functions i.e scan & allow if found clean. So I tried S&A mode & liked it as it was the same as I thought would be. And I find it good for my family members or average users i.e AVs like easy to use but lot better protection i.e multiple scanners (for known malware) & VoodooAi (for zero day).

With few tests I find blacklist scan little FPs prone & VoodooAi quite good on Safe & Unsafe files but little sensitive on Suspicious. So I thought with detection level option & VoodooAi option to alert only for Unsafe files, VS Scan & Allow Mode will be excellent & easy to use with other layered security for my family members or average users.

So I request the options. And VS will be like...those who like default go with default, those who want max protection go with Always ON & those who want easy or want the benefits of VS blacklist scan & VoodooAi to add to the layered security of the family members or average users system go with Scan & Allow Mode.

And with the options they can set & make VS more easy or suitable for the family members or average users & their system security easy, strong & comfortable layered security.

 

Two ways that I found:

Remove .dat file access protection from Privacy Fence's list of protected file types. (Not ideal)

or

Register VoodooShield in "Open With" list in Windows. Ideally it needs to show up as "non default" program for opening .dat & .log files.

My knowledge on this is sketchy but here's what I see in Privacy Fence now.

VS registered as a program that can open .dat files (even though you would not set it as default program)



VS is now listed as an available in the Privacy Fence "Trusted Application" list:



There's a utility here that can be used to add VS to "Open With" list but I do not have a clue what arguments should be used to register VS as a program that can have shared access to .dat & .log files.

http://windowsxp.mvps.org/openwithadd.htm

Even so - VS does now appear in "Open With" list:

 

Thanks, I did not know that.

 

HDSentinel portable is good to check if you get cmd, etc... alerts or not.

 

Похоже, Влад повлияли на нас.

 

Yeah, it will block these items if they are not whitelisted . If they are whitelisted, VS should allow them... if it is not working correctly, please let me know!

 

Yeah, it will block these items if they are not whitelisted . If they are whitelisted, VS should allow them... if it is not working correctly, please let me know!

 

Very cool, thank you! So far so good... I think all of the bugs are fixed in Windows 10, but I will know for sure in a day or so... please let me know if it acts up though.

 

I & roger meant cmd blocking should not be there in auto mode like it was in scan & allow mode i.e auto mode should be like scan & allow mode i.e blacklist scan & VoodooAi only, m I right roger?