VoodooShield/Cyberlock

In total agreement with you.

 

Agreed! The reason is some users like Cruelsister that test, know that not all products respond the same way to threats and also know they need to tailor the tests around the product and how it does handle threats, unlike testing facilities that use the same method to test all products. Testing is necessary for security products, as much so as testing a new fire arm you just bought to make sure it will indeed fire when you need it to , or that house alarm system, to make sure when that door or windows is breached. Not testing a product for what it is designed to do and believing blindly that all will be well, is simply the face of stupidity. I was going to quote someones analogy on cars and brakes not working 5% of the time to further this lesson, as it only takes that one time something nasty gets by your security, just the same as the one time those brakes fail.

With this all said, i believe Dan is on the right track and knows the importance of testing constantly, his product to ensure it performs as it is supposed to and to find those hidden but often found issues that arises from testing a product thoroughly.

 

You Malwaretips guys do to much Youtube testing in the first place. This is Wilders take on Youtube testing: https://www.wilderssecurity.com/threads/posting-policy-recommended-threads.180128/#post-1041384

 

Is there anything you do not copy and paste. I said "most" users like Cruelsister, not all testers on youtube. Your stance is duly noted, and others have the right to their opinions as well.

 

I've always found that a little silly. We do allow A vs B here, just from approved testing organizations. Which smells a bit like an argument to authority to me. I've always believed that the best solution to a poor test is to expose it to people that actually know what they're talking about. Give it a small place to be discussed and let the bad ideas die on their own. And some vendors don't even like it when respected organizations test their security software

 

Well I don't agree with any Youtube testing and i don't care who does it. Freedom of speech! That's it for me on the off-topic.

 

There are testers, that on a daily basis, process many samples of malware through products, when those sample bypass the product, those same testers then SUD those samples to the Vendors labs for analysis and to get those samples added into signatures/detection. This helps the vendors as well as the users of those products. Those "Testers" do not get paid to do this, it is all voluntary, and as such, deserve some respect shown, IMO.

 

Just a quick reminder...I was stating my preferred choice... Others use the AV tests sites as a matter of their choice...Its not something to get into a cat-fight about

 

Testers should make their methodology known and their samples available for others to replicate the results, be they professional or amateur. If they shy away from being peer reviewed, be they professional or amateur, their results are indicative not definitive.

 

Hear, hear, that is why applauded Dan to make his test tool public available, so everybody can replicate the tests. As shown with Comodo, some tests are not replicable due to the fact that the randomizer has to be allowed to launch a random selection out of a malware pack. Also some AV's collect samples, repeating the test has AV-100 RAP effects (second time being tested it will protect against it, because AV has learned in offline analysis it is malware).

 

I haven't been very activate in this thread,lately, since I am still running XP. I have just booted into my VS snapshot, and got these two messages. I answered no, to both for the time being. I don't think there is a new version, other than the one that I am already running on XP, i.e. version 2.86.

 

2.86 is the latest one for XP. And i don't think there will be a newer one for XP.

Why are you then still running XP
Or do you postponed the move to Win10?

 

Well it looks like VS works well with the new anniversary update of Windows 10. I have successfully upgraded from version 1507 to version 1607 build 14393. Windows has since updated to 14393.3 and 14393.5 without any problems.
The main issue that I have several Dismhost.exe blocks every morning but it doesn't seem to break windows anyway.
Another issue is when I uninstall an app from the Windows store I get something like this:
"c:\windows\system32\rundll32.exe" "c:\windows\system32\edgehtml.dll",#125 s-1-15-2-2247564860-1936425355-3308778806-3154528403-4090129195-1302903472-1516371495
Again, it doesn't seem to break anything and the app seems to uninstall properly. I can't remember if this happened with Win 10 version 1507, but this behaviour is consistent with ver. 1607.
I also have had the this command line blocked a few times:
rundll32.exe appxdeploymentextensions.onecore.dll,shellrefresh
Not quite sure what this one is about, but again it doesn't seem to cause any problems.

In conclusion, I can say that anyone currently running VS 3.30 should feel confident upgrading Windows 10 to build 1607.......Works for me

 

yes, I see all what you describe in the current version 1507.

 

I could of said the same but the anniversary update of Windows 10 comes out this week (August 2nd) and I have tested WSA and VS with all the previews of Windows 10 Pro x64 & x86. But nothing from Dismhost.exe

Daniel

 

If any of you upgrade to Anniversary Update with VS already installed, VS will continue to work. However, VS will not work on Anniversary Update if you install VS after a clean install. If any of you get stuck with the kernel-mode driver not passing certification, you would have to disable Secure Boot temporarily. I'm certain that Dan has already got the ball rolling with regard to obtaining the updated signing requirements for this. VS would not pass cert verification for me so I've had to disable Secure Boot as well at the moment.

@VoodooShield Dan, have you got an ETA for your updated digital signing requirements for the KMD? It takes a while for Microsoft's Sysdev vetting of the driver before signing, unfortunately. But I am curious as to where you are at in that process. Thanks!

 

Interesting! Since I have the VS on 2 VM's I don't have to be concerned but good to know for my main system upgrade! Thanks!

Daniel

 

You're welcome. I would imagine that the VMs are likely legacy BIOS and not likely affected. But main system with UEFI and Secure Boot would be since they are using that to enforce the new cert signing requirements.

 

"The main issue that I have several Dismhost.exe blocks every morning"

I get about a dozen of those every morning when I boot up my pc.

 

Same for me. Some thing I don't understand, it only started last week and I have been running the beta version 3.30 since a couple of weeks now.

 

Hey everyone, I will catch up soon, things are just a little crazy right now. But real quick...

@Tarnak, sorry, we are discontinuing VS 2.0, so it is not going to work on XP anymore. There is a small chance that we can get the KMD to work with XP, but it will be a long time before we can look at that.

@WildByDesign, thank you for your help with the EV signature... I ordered it last week and I am on it. I know it is technically due tomorrow, and I will have it finished asap.

Also, Vlad is hard at work on the freeze issue along with the other last few bugs (dismhost, etc). Hopefully in a few days we will have everything wrapped up and properly signed with the new EV certificate... sorry for the delay.

Thanks again for all of your help!

 

Nice!

Has the freeze issue been isolated at last?

Thanks.

 

Yeap, same here, set VS to disabled/Install mode but still receiving dismhost pop-ups from VS. I have then fully shutdown VS, didn't want to risk a corrupted WIN10 install.

 

I feel very comfortable with Windows Defender (especially after this new Anniversary update) and VoodooShield as my main protection now, with Zemana AM as an on-demand scanner for an occasional scan. I'm going to clean install with the new update and keep VS off until the new version comes out though, which will hopefully have that freeze bug fixed and be more compatible with the AU.