VoodooShield/Cyberlock

Thanks, I was in doubt, but that also doesn't work.

 

I am a rookie at all this command line business. Maybe hjlbx or guest or someone else can set you straight.

 

Okay thanks for trying I hope they or Dan can help me.

 

just an idea: check the latest entry in the log, and see if there is another variable in the command line. If so, put a star there as well. Compare the latest entry to what you posted before, and look for the places where it changes. That is where the stars need to go.

 

Thanks, but they are exactly the same.
DeveloperLog.log:

Code:

[10-27-2016 20:53:30] [INFO ] - Blocked: c:\windows\system32\spool\drivers\x64\3\e_yarnnme.exe

 

anybody else still getting the dismhost alerts? seems it has not been fixed. every day when I boot up computer.

 

No, don't get them. Maybe Dan have to add the new hashes to the internal whitelist?

 

I agree with you. All them mentioned things are unnecessary and a waste of time.

 

Yeah, i only wanted to show: "Off in Smart Mode"/"Off in Always On Mode."
Whatever, it only adds more confusion.

The current style doesn't really need to be changed. The simpler, the better.

 

if even Kees is confused, that is a big issues ! (im serious )

shown in that angle , sure it is ^^

lawl

Ok, just checked VS, so basically OFF is supposed to be the "whitelisting" thingy (and also show that no web apps is launched), but it still scan and generate a prompt about the file executed (unless on Training Mode), so OFF doesn't mean "Protection Off or disabled" despite what the banner explains.

After that, the toggling between ON - OFF is pointless, i used a installer from a newly developed security app; in every mode except Training , OFF generate the same alert as ON...which is contradictory to the explaining banner of VS; unless it is a bug or i missed something, OFF should be displayed only when Training Mode is selected.

so if there is no bug :

OFF = only on Training Mode (to whitelist stuff)
ON = in every other cases, no toggling should be needed.

i think to show that no web apps is launched, we can use a different way than OFF.

 

Exactly!

 

Hey guys, sorry I have been away… I have been preoccupied with the next version of VoodooAi. When I first started playing around with the whole Ai malware classification stuff 1-1.5 years ago, I really did not know what I was doing (not that I do now ). But I have learned a lot, and I am completely redesigning VoodooAi from the ground up. We used to analyze 30-40 features of the file, and now I am investigating 300+. As I was saying before, there is a chance that this version will not be as accurate as the current version, but we will not know until we finish the final analysis and see the curves. But the thing is, now that I know a lot more about machine learning and Ai, and have had time to think about it and come up with new ideas, I think this is going to be pretty cool.

I have had some help from the Microsoft Azure machine learning department, they are super cool, and I had a developer named Alexander help me with the feature extraction code, he is super cool too btw.

This part of the project was a little rough in the beginning, but we are in the clear now. Hopefully in 2-3 weeks we will see the results, and hopefully they will be good .

I have not forgotten about any of the changes or bug fixes that you guys have suggested, I still have my list and they will all be fixed very soon . I am just playing it safe until I am 100% convinced that it is ok to allow a file that no longer exists.

You guys are cracking me up with the GUI conversation . I am on both sides of the fence… I mean, you guys know me, I LOVE simplicity. But then again, if the user does not receive a necessary signal, then that is not good.

So you guys figure that out, and I will finish up the Ai stuff, and we will talk soon. As always, I will catch up on the posts asap.

Thank you guys!

 

Truly OFF is really only when it is in Disable / Install mode = Grey, or ...

 

BTW... Currently, the ON and OFF simply tells the user whether the LOCK is ON or OFF, but still scans the file with the blacklist and Ai when it is OFF (this is independent of the lock).

If VS is in Training Mode, it does not scan the file at all... but I am assuming that no one ever goes into training mode anyway (we could probably do away with training mode) .

I am up for anything, so whatever you guys decide is cool with me... it will be super easy to change either way.

 

Maybe I should have used training mode to stop my Epson printer files prompts... I assume that after training mode all you did during training mode is automatically allowed.

 

if it works, let everyone know...

 

If the computer is at risk, it needs to be locked.

If the computer is not at risk, then new, non-whitelisted files should be scanned before they are automatically allowed.

That is VS .

 

Problem is that in Smart or Always ON mode , the significance of the lock is pointless, since you have the same result in both OFF and ON , scans , choice of options , etc..

(unless i misunderstood something, i'm used to stay on Always ON permanently )

 

Not at all. When VS toggles to "ON", any non-whitelisted code is blocked... this automatically stops the payloads from exploits, etc.

When all web apps are closed, VS toggles to "OFF", you are no longer at risk. VS still scans any new items, but the key is that when the computer it at risk, it needs to be locked.

 

So based on your explanation; shouldn't ON block automatically the process without asking a prompt?

 

That does seem perfectly clear, but I guess guest may have a point here?

 

To me Training Mode works as it should, automatic whitelisting, no prompts. Shield indicate OFF and is red.

However:

Smart or Always ON mode, the ON - OFF function exactly the same way: scan > prompt > user dependency

I ran an installer: both ON and OFF did the same.

The only difference to me between Smart and Always, is that "Smart" is web app dependent (toggling accordingly to the type of executed apps) while "Always ON" is user dependent (user have to toggle).

I think Always ON should only Block, no prompts , if the user want whitelist something he just have to change the slider to Training or Smart and relaunch the process. (unless it is not what you want VS to do ^^)

 

Regarding the Ai, does it "learn" from me pressing allow false positive?
I do not mean that you should trust my decision right away, but is the false positive checked by anyone to improve the Ai?

/E

 

Seriously, what does that have to do with this conversation? Sure, it would be super easy to suppress the prompt, but why would we?

guest, you are overthinking this whole thing... if the device is at risk, it needs to be locked.

 

It almost seems that you prefer AE's with no file insight .