VoodooShield/Cyberlock

Yeah, that would be cool . The really cool thing is that we would hopefully have essentially unlimited resources for our training data sets, so VoodooAi's accuracy and precision would increase rapidly (even though it is already quite accurate and precise using the current models). Basically, machine learning / Ai would benefit everyone, since it is so adept in detecting zero days and unknown malware. Thank you!

 

BTW, it is kinda funny that we talked about this over a month ago . https://www.wilderssecurity.com/threads/voodooshield.313706/page-371#post-2578729

 

BTW, for those of you who are interested in how VoodooAi works, just google "machine learning malware classification"... there are tons of pdf's from academic studies that explain how it all works (from the last 6-7 years)... This is essentially how I got started on machine learning / Ai.

The original academic studies did not quite have the amazing models and algorithms that have recently become available in the last year or two, but these universities did some amazing work that laid the groundwork for machine learning and Ai, as it relates to malware classification.

It just so happens that machine learning and Ai are a perfect fit for a toggling desktop shield gadget / computer lock... so here we are.

 

Yes the system back to prior VS install.

 

In AutoPilot Mode the script was auto allowed & an entry was there in Command Lines as allowed so VS is working correct, right?

 

Sounds great to me! Please let me know if you have any other issues, thank you!

 

@VoodooShield

Does new Virus Total policy impact your product also?

With some imagination the AI engine could be qualified as an virus engine, so you might keep on using the VT check.

 

Hey Kees, how are you? I honestly have no idea what all is going on, I wish I knew more.

I see exactly what you are saying, and after I read the following link carefully, I would think that sharing VoodooAi is not a stretch that requires imagination, but rather, I think it is a very, very real possibility .

http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4

If anyone spends some time and tests VoodooAi like I have, they will be convinced as well . VoodooAi has A LOT to offer the security community, and the security community has done A LOT for VS, so it is time for us to return the favor . Thank you!

 

I tried HDS in Always ON & AutoPilot Mode.

Always ON - When you run HDS you get script alert...if you allow it...it is added as allow in Command Lines...then on further HDS run you dont get script alert. If you remove the HDS script entry from Command Lines...then on HDS run you get script alert again.

AutoPilot Mode - You dont get script alert. It is auto-allowed & added as allow in Command Lines.

 

Very cool... that sounds right to me, does is seem to be working as expected for you (in both modes)? BTW, that script is a known clean script, and that is why when VS was on AutoPilot, it was auto allowed.

 

On both modes it works as already mentioned in my last post.

And I like AutoPilot auto-allowed the script And Always ON alerted for the script. Thats why AutoPilot is for my family system of average users & Always ON & Smart Mode is for my personal system.

I would like ---

AutoPilot should work only on the basis of blacklist scanners & VoodooAi. So easy to use & can be added as layered security on average users system.

Always ON & Smart Mode should work on the basis of blacklist scanners, VoodooAi, cmd, script, etc...& everything. So good for users who want strong or maximum security.

 

I did that, but it didn't help. Maybe it is due to the large number of items I have in the whitelist, 1,840. I'm doing to delete everything from the whitelist online and then try again.

Edit: I uninstalled VS completely, then deleted my computer from the account page to remove the whitelist, and after reinstalling VS it is working fine.

Also, what about the second point I made in my post, about VS prompting when an installer is doing things such as registering files?

 

I just tried using quarantine again. Still nothing is getting written to the quarantine folder, even though VS is listing the quarantined files. However, now the original files are not being deleted.

So what's happening is if I click on a quarantine, the installer is blocked from running, but it does not get deleted.

 

Cool, thank you... that is pretty much how it is now, but like we have talked about, we just need to fine tune it a little. Right now, everything is tweaked towards the safe / cautions side, but once we are certain the freeze issue is completely gone (it has not happened to me in 4 days now), and we clear up a few more pending issues, refining what you are talking about is at the top of my to do list. Thank you!

 

Oops, I never thought about this... thank you for catching this. I think if someone has an old whitelist from a while back, before we made all of the recent changes, there might be some issues. I will have to look into this... good catch, thank you!

As far as an installer registering files... it depends on a lot of things, but basically, if we can allow by the parent of a recently whitelisted item that is being installed, then we do. But there are a lot of different scenarios and factors, do a lot of different things can happen. I cannot seem to find your post, but does this answer your question? Thank you!

 

Hmmm, when you deleted the C:\ProgramData\VoodooShield folder, did you recreate that folder manually afterwards? The VS installer is supposed to create that folder, with all of the appropriate permissions, so it would be best to delete that folder, then reinstall VS. Also, is there anything special about your config? Like, are your running as a SUA?

 

Dan, I deleted the folder after uninstalling VS, and did not recreate it, allowing VS to create it when installed it again. I'm running as admin with UAC disabled, and there's nothing at all unusual about my config. My guess would be that there is something else other permissions being an issue here as VS is able to created its dat files with no issues.

 

Hi Dan, this is what I posted earlier:
Autopilot modes gives a lot more prompts than Scan & Allow did, which is causing some issues. Sometimes when I'm installing software and VS issues a prompt for some action, before I have made a choice to allow or block what's going on, the installer thinks that the action has failed, and either the install fails (and I need to run the installer again), or it gives me the option to retry the action. For example, maybe the installer needs to register a dll file. With older versions of VS, this would be allowed with no prompts. However with the current versions, VS intercepts this and asks if I want to allow it or not. The installer is not waiting for me to choose an action, but instead straight away assumes that it was unable to register the dll file.

I know a solution to the third issue is to set VS to Disable / Install mode. However, it didn't need to do this with older beta versions, and it an annoyance to do so, as I install new software every day.

 

I haven't had any freezes aside from what I have already mentioned to you either Dan, but then I haven't been asked to block or allow anything out of the blue lately, so I would NOT say the freezing has been resolved just yet.

 

That's a great point... if VS created the .dat files after installation, then it is not a permissions issue. I think it has to do with the massive old format whitelist that you had... I think you are on to something there, so I am going to check it out. Thank you!

 

Yeah, I definitely need to fine tune AutoPilot a little more and that is at the top of my list as soon as we put out these other fires . Thank you!

 

Cool, thank you for letting me know, please keep me posted!

 

Scratch that! VS has just froze on me once again.

 

I just rebooted, and then tried to launch my browser (360 Extreme Explorer). It wouldn't launch and I got an error message. I set VS to disable, and then was able to launch it. Perhaps if I'd tried to launch it again without first disabling VS it would have worked. Based on the behaviour I've been seeing with VS lately it is a possibility.

Anyway, for now I am not going to use VS, as there are too many issues. I've still got it installed, but have configured it to not run at startup. When a new beta version has been released, I'll try it again.

 

Hmmm, thank you for the logs... I did not see any errors, but I did see something that gives me a clue. We will keep trying, sorry it is taking so long to fix. If it did not take 2-4 days for the error to occur, it would probably be easier to fix .