VoodooShield/Cyberlock

Hi Dan,
yes I installed this build from your e-mail...aaaaa...and nothing was changed in VS behaviour Sorry...I know we've expected another result but "life is brutal"
Please, don't worry...I still have VS on my weird Vista and I'm waiting with patience for better times

 

This is fantastic news, Dan. I am very glad that your team is expanding. That will ensure continued success with VoodooShield. Wishing you all the best in the new year.

 

I'm pretty sure he is saying why is Firefox being allowed without VS prompting him. He does not have "automatically allow all software from the Program Files Folders" ticked, and Firefox is not on his whitelist. Why is Firefox being allowed to execute without prompting him if that option in the settings is not ticked? Firefox is located in the Program Files (x86) Folders. He should receive a prompt asking if he wants to allow Firefox. Firefox is not on his whitelist, and allow all software from the program files folders is unticked in the settings. He wants VS to prompt him for all executions from the program files Folders that is not on his whitelist. It seems there is a bug with the setting, "automatically allow all software from the Program Files Folders". He does not have that option ticked, and VS is allowing software to execute from the program files folders anyways. It's my understanding that VS should not allow any software from Program Files Folders unless it is on the whitelist if that setting is unticked.

 

Hi Dan
Something, I've been trying to figure out with iterations. So, I could report better info. Noticed on my new W8.x box. FF un-trained does not prompt VS.
I'm in the habit of re-training VS every day for testing. I re-train with hands off. So, only snapshot processes are background. Then I proceed from there. FF initial open after VS train with hands off....just seems immune to VS prompt. Confirmed FF and IE not in snapshot. IE prompts. FF does not prompt VS on initial open. But, does prompt VS on initial FF close with plugin container balloon. I posted to see if others could duplicate as not to bother you with what may be a new system anomaly. EDIT: to post agree with C_E. Yes, with un-tic'd ~ "Allow all" and to re-state testing is not influenced by SBoxie or TTF.

 

Ooops, yeah, it wasn't supposed to fix the error... I added some logging to help me isolate the issue. I was going to see if you could install it and then send me the .log files. But that is ok, there is another computer dude in Poland that has the same issue and he is helping me figure it out. So far we have figured out that VS reads the Settings.dat file correctly on start up, but the Settings window (form) cannot read or write to the Settings.dat file in the Polish version of Windows. So I think we are getting really close. If you want me to customize a Settings.dat file and send it to you, it should work. Just let me know what options you want to change. But it should be fixed in a couple of days. Thank you!

 

Thank you, I appreciate that! Yeah, I am pretty excited about the new group of guys. They are 3 guys I met through a client of mine who did some pretty cool things in the medical software sector, and are experienced in building software and software companies. I will keep you guys posted, thank you!

 

Ohhh, I see, thank you for the clarification! I just set VS to defaults, reset my whitelist, unchecked the "Automatically allow all software from the Program Files Folders" option, put VS in Always ON mode and it blocked FF (as expected). I then repeated the processes, and instead of putting VS in Always ON Mode, I chose Smart Mode and VS allowed FF (as expected).

So basically, if you reset your whitelist (or manually remove FF from the whitelist), here are the 3 scenarios if "Automatically allow all software from the Program Files Folders" is unchecked:

1. Smart Mode (with no other web app running): VS will allow FF since VS is OFF
2. Smart Mode (with another web app running): VS will block FF since VS is ON
3. Always ON: VS will block FF since VS is ON

I think this is the correct logic, but if not, please let me know! Thank you!

Edit: Please keep in mind that "Protect User Space" is still protecting the user space in all 3 scenarios!!!

 

Cool, thank you. Please see above, I think it is working correctly, but if not, please let me know. Or if what I wrote does not make sense, please let me know as well!

 

Let's hope they will last longer than previous guy....

 

Hehehe, I know what you mean, we will see .

 

OK...
these are screenshots with marked (red border) settings I'm interested to have. Please edit Setting.dat and send it to me...we will see what will happen
And thanks for your patience

 

Cool, thank you. I emailed you the settings.dat file. Please copy and paste it into the C:\ProgramData\VoodooShield directory after exiting out of VS.

 

Aha! re: 1. Smart Mode (with no other web app running): VS will allow FF since VS is OFF
Yes, that would be my scenario as you aptly describe. Just not the VS action I expect.
As, IE prompts VS in the same scenario ?
Also, I'm opening a new exe. VS should prompt in Smart Mode. I don't understand <<I chose Smart Mode and VS allowed FF (as expected).>> as expected ? Not expected by me. VS in Smart Mode. VS should prompt when presented with new process. ?
Why does VS prompt plugin container on initial FF close ?

 

Will VS thwart CBT http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

 

It should as Rasomware has to execute an exe.

 

Poweliks (I know not CBT) hides in registry. Maybe CBT hides ?

 

Ok, when in Smart Mode was the shield red, or blue when it allowed FF? Does it make a difference?

Edited: Never mind. I read your post again. It answered my question. I through he meant VS was not blocking FF when it's protection was enabled.

 

C_E
with my scenario VS was Smart Mode red. Toggle blue upon click / open FF with no VS bubble ? VS bubble on close of FF pointing to plugin container.
IE same scenario. VS Smart Mode red. Click IE. VS bubble > VS scan > VS Alert > Allow.

 

Personally, I would just use VS in Always On mode anyways. That should solve your problem. Then you don't have to worry about the Smart Mode toggling.

 

I'll test and report back....wish I knew why IE prompts and FF no. Wish I knew why VS prompts on close of FF.
Wish I understood > << Smart Mode (with no other web app running): VS will allow FF since VS is OFF >>
I thought VS is OFF only when Training / Disable. Surely, VS is ON for Smart Mode. Desktop apps prompt in Smart Mode. IE prompts. Just not FF.
...and to have Dan confirm...
Thanks WBD !

EDIT: ALWAYS ON does resolve but, as to why SMART no bubble ?
Thank you WBD

 

ALWAYS ON in required as VS SMART MODE has a timing issue. IMO
Had occasion to create Flash Recovery media. 25GB on to 32GB Flash. During the process of Prepare Disk, Copy Image and Verify Disk. VS SMART MODE went red 5 times and remained red with led rapidly blinking. Mouse move returned red to blue.
This adds to my earlier scenario with FF and subsequent test with IE. SMART MODE with IE not trained. Half the time VS would pop bubble IE would blink and IE would populate to whitelist. Other half, IE would just open.

ALWAYS ON is now default for me....Thanks again WBD !

Must say VS was a veritable chatter box getting Recovery Media Creation to run and for process to start. Had to finally un-tick cmd.

 

Observational feedback re MODE with Allow all from Program Files not checked + test app not trained.

VS Smart > Open'd HerdProtect from desktop shortcut > No prompt > No Scan > No Log > No Snapshot

VS Always On > Open'd HerdProtect from desktop shortcut > Prompt > Scan > Log > Snapshot

 

Running well as always here Dan great Job!

Thanks,

Daniel

 

Happy New Year Dan

No further issue here other than the one already notified and which seems particular to my system.

Regards, Baldrick

 

That is how it supposed to work isnt it?

You have no web apps open so it is off.
It is on only when you open herdprotect (unless VS doesnt know HP is a web app)