VoodooShield/Cyberlock

Yes, now it makes sense. BTW, on VS 2 where cmd.exe is blacklisted by default, can the script bypass?

 

Thanks Vlad....I just have to update my system, eventually.

 

As I thought the driver does't work on XP, sorry.

 

That was quick....Ah well, just have to carry on, until I can afford a new custom desktop.

 

as a compensation I can give you the OnePlus2 invite (if you want to buy it in the next 24 hours)

 

No. Not blocking cmd by default - even without argument - is too great a security risk in my estimation.

Let's say a user needs cmd to run ping for whatever reason. In v 2 they could just allow cmd at the VS prompt, do the ping, then close cmd. It is not a user-unfriendly "arrangement."

Interpreters are virtually unused by typical users. Power users can de-black-list interpreter(s) as needed. Yes, yes... there is a tiny bit of inconvenience but that is the price of VS' high-level protection.

 

Well, that would be very welcome, since I don't own a smart phone....Maybe, you can let me know by PM how one goes about using the invite. I don't know how it works.

 

Vlad, I just found this: "Like last year’s model, purchase is restricted to a fairly convoluted invite system — while Australians will need to resort to third-party e-tailers that sell the OnePlus 2 at a higher price." - http://www.theaustralian.com.au/lif...k=e79def70cf2785b65e3f79e517f0804d-1443909912

 

I just tested the script (changed C:\ to some not existing folder. No need to be such dramatic to delete the whole disk for testing ). So if VS is ON, then it was blocked as expected. So the question is - should it be blocked when VS is OF (or in smart mode with closed webapplication)

 

Yeah, than you can join the rest of us here at "Pick and Choose" Windows Updates to avoid Windows 10.

 

I thought with Windows 10, you have no choice...you can't pick and choose...Am I right?

 

I didn't write script. I found it as part of a WinKiller. So I thought good malicious script to keep for testing purposes.

Interpreters should be black-listed by default when VS is both ON and OFF... otherwise, you experience what I did =

launch script,
it executes and is added to white-list,
white-list is then backed-up to cloud

For example, I kept deleting script from white-list, but it was still allowed to run no matter what I tried. Not sure what the reason(s) were.

I also forgot that VS does not upload scripts to VT for analysis... so I was mistakenly trying to stop it by setting auto-quarantine for any detection by VT = 1.

There was a lot going on so it is difficult to articulate everything in sufficient detail.

I use VS primarily to protect against malicious scripts. Had VS uploaded the script to VT it would have been blocked - but only if user set auto-quarantine upon VT detection to 3 or less. So, at default setting of 5, it still would not have been auto-quarantined even if it were uploaded to VT.

Bottom line is that there is security risk when dealing with scripts when VS is OFF; User Space launches of malicious scripts will occur in Smart Mode.

That's why I customarily I always use ALWAYS ON mode... but since this is beta I am exploring and re-exploring potential problems.

 

I am in my SAP snapshot, so it is time to boot into my VS snapshot....My computer is a beta testing laboratory... Back in awhile!

 

Simple solution for dealing with scripts is Winpatrol. In cruelsister video, but not perfect.
https://www.youtube.com/watch?v=iSwsq5lP0Hc

 

Actually it is upload to VT. But in the script that you sent me it doesn't find any threats (as expected).

I'm tending to agree with you. I'll recheck with Dan about what he meant and probably it will be changed.

Thanks for finding!

 

I have to go to the bed now (2 AM here ), so if you have some findings please PM me so I'll not miss it tomorrow.

Have a good day/night!

 

Goodnight, Vlad... 9.00 am here!

 

@VladimirM

Script is rated as malicious by both Kaspersky and Comodo. However, even if I set VS to auto-quarantine if VT shows malicious rating by only 1 vendor, script is not auto-quarantined\blocked.

Something is amiss... VS just isn't behaving like its usual self. This is highly unusual behavior for VS...

 

WinPatrol is good monitoring soft, but when it comes to malicious scripts VS - properly configured - actually protects system = blocks scripts.

 

VS 3.0.1 is working well! 1 question why is the install file so much larger than v2? Also I still see calendarofupdates.com can you change it to calenarofupdates.org where we have the Official VoodooShield support forum. http://calendarofupdates.org/index.php?board=21.0

TIA,

Daniel

 

Hey TH, how are you? Vlad included all of the necessary runtimes in the installer, which makes the installation super smooth and now it does not have to download any runtimes from the internet. The only disadvantage is that it is 13-14mb instead of 4-5, but that is a small price to pay for a super smooth installation. VoodooShield.exe and VoodooShieldService.exe are pretty much the same size as before after installation.

 

Awesome and great job Vlad and Dan install is smooth on Win 10 x64!

Cheers,

Daniel

 

Does anyone have a link for VS 3.0.1? And will it work with Sandboxie without conflict?
Respecting this thread about Voodooshield just trying to understand VS better.

 

https://www.wilderssecurity.com/threads/voodooshield.313706/page-320#post-2531162