VoodooShield/Cyberlock

+1

 

Hi, I am a new user of the free version of VooDooShield.
I hope to ask some problems on it.

1. When I right click the gadget (the shield), sometimes it shows a dialog asking me whether to hide the gadget or not, sometimes it shows another dialog asking me whether to exit VS or not, sometimes it shows the context menu, which is what I really want. The problem is that what it shows is completely random. Would this be a bug?
2. In the Off mode, when I double click a digitally signed executable file, VS will still block it be default when VS cannot scan it online. Could the paid version (I have not tried ever) be configured to trust digital signs and vendors (in both On and Off modes) instead of scanning every unknown file online?

 

I am still getting CMD Allow or Block several times a day with no explanation as to what is being blocked or allowed. Are you going to fix this in the near future?

I am using Windows 10 x64.

 

@VoodooShield ,
I'm seeing this too. I haven't chosen either block or allow as there is no information about what the command line is for. It doesn't happen with Win7, only on my Win10 x64 machine.

Thanks.

 

This has been going on for a couple of months with no solution. Does anyone know if EXERadar NVT has this problem?

Many thanks,

 

It happens on both W8\8.1 and W10 systems.

Don't get too bent out of shape about it... @VoodooShield is working on a fix.

HJLBX

 

No, NVT ERP does not have this issue.

@VoodooShield has been\is aware of the issue and is currently working on a solution. He has a lot of balls in the air at the moment... so it requires some patience and understanding on the part of dedicated, die-hard VS users...

HJLBX

 

Currently, the way to customarily white-list a command line is at the cmd.exe block notification - by selecting "Allow."

In the most recent beta (2.82)

https://voodooshield.com/Download/beta/InstallVoodooShieldbeta.exe,

at the bottom of the command line white-list, there is a blank line. You can manually type in or copy-paste a command line in that very last blank line. Adding the command line in this fashion will permanently add it to the white-list.

@VoodooShield is working on a better solution...

HJLBX

 

I'm not losing sleep over it.

 

BTW, the blocked events should all be listed in Settings / User Log. If you find some that are not listed, please let me know!

 

Hmmm, that is odd. What OS? VS 3.0 with the KMD will be ready very soon, and A LOT of things are changing, so I am assuming this will no longer be an issue. The old AppCertDLL that we used was a great method, but there were a lot of workarounds that I had to do to get it to work right. With the KMD, all of the info comes straight from the driver, so this will make a huge difference and we will be able to eliminate a lot of the code that could be problematic.

 

Yeah, VT is usually pretty good about catching the bundled stuff. It always cracks me up when the google toolbar is flagged .

 

Cool, thank you, I will add that along with Cyberfox. Does anyone else have any other web apps we should add? There are 2 spots left for sure .

 

Welcome to VoodooShield .

1. That is really odd... we have used the same code for the mouse click events for 4 years now and this is the first that I have heard of this issue. Does anyone else have this issue? If you continue to have this issue, please let me know!
2. Yes, you can disable auto scanning in the Pro version in Settings / Advanced. But as far as digital signatures goes, VS will temporarily allow by digital signature, only after the initial file is allowed (it will auto allow all files with that digital signature temporarily). Since digital signatures can be faked, this really is the only safe way to allow by digital signatures in our opinion.

 

Sorry, I replied in post 7657. Can you please send me a screenshot of the prompt, and also look in your User Log to see what was actually blocked? Once we know what is blocked, it will be easy to fix. But then again, all of this is changing in VS 3.0, which should be ready in a week or two.

 

Dan, the blocks I've had with Win10 haven't shown in the User Log. I've just Reset my Whitelist, Deleted the User Log and Deleted Command Lines so if I see any Blocks again I will let you know.

There wasn't a great deal of information in the popup, nothing telling me what the Command Line was was, only CMD.EXE wan't to run, that's it.

 

Hmmm, that is odd. I think if I saw a screenshot I would know right away what was up. Please post a screenshot or the item from your User Log the next time this happens. If it is a command line, it will be listed in the Command Lines instead.

 

Sure, can you please let me know what cmd you are referring to and I will have a better idea of how to help. In theory, everything is supposed to be automatic, but if there is a bug we need to fix it. But then again, VS 3.0 should clear up all of these issues.

 

I guess I am confused. Are we talking about cmd, like a command prompt, or are we talking about a command line, like a rundll32.exe command line? Please post some screenshots and I will have it fixed asap!!!

 

Cool, thank you for the help, and should we keep the blank line at the bottom or is better to remove it? Once it is all working correctly, we really will not need the blank line, but if you guys think we should keep it, we will. I just wish I knew what was being blocked, hopefully I will get some screenshots soon.

 

'

Hmmm, thank you for letting me know, did it show the entire path, like C:\Windows\System32\cmd.exe, or did it just show cmd.exe?

 

I can't remember exactly so I won't speculate.

Next time I see it I will grab a screenshot.

The times I have seen it I was watching youtube videos while connected to my HDTV by HDMI and had a wireless keyboard attached... if that helps.

 

I think I am caught up on all of the posts, but if I missed one, please let me know. I should be able to reply much quicker now that we are almost finished with VS 3.0. A developer named Vlad has been working on the driver since I am not familiar with kernel mode stuff, and he has been doing some amazing work. Once the driver is implemented, he is going to help me for the next month or so with these last few bugs, assuming that the new driver does not fix the issues. He is also going to help me optimize the code even more and we are going to add some new features as well. Not too many features though... we do not want it to become bloated .

But VS 3.0 is going to be pretty cool with the new driver, and there are a lot of cool things we can do with it since the mini-filter driver basically detects all files, not just executables like the AppCertDLL we have been using. The AppCertDLL served its purpose and did a good job, but it is time to retire it . I was more comfortable using it while we developed VS, added features and beta tested it, since the AppCertDLL in theory cannot cause BSOD.

So over the month or two, Vlad is going to help me get VS where it really needs to be, and that will free me up to focus on some other things with VS that I did not have time to focus on before. Also, I hope to sell my consulting business and go full time with VS in the next couple of months... after 4+ years of 80+ hours a week, it is time to only focus on VS... well, and sleep a little. Thank you guys for all of your help, I hope to be posting VS 3.0 in the next week or so. I will probably post one last version of VS 2.0 in the next couple of days that has a few small bug fixes. If I receive some screenshots of the cmd block, I should be able to fix that too.

 

Hmmm, that is really odd because I have been running 10 for awhile now and I have never seen it. One thing I have seen is a plain grey box that is supposed to be a user prompt, but I could never figure out what triggered it. But just the other day I received an email from Online_Sword that told me how to reproduce the error, and it was an easy fix... it will be included in the next VS 2 release.

 

... Trying to reproduce what I've been seeing.