VoodooShield/Cyberlock

VoodooShield,

VS 3.13 - Auto Mode
On net disconnected...dots move on VS icon & VS icon flashes but programs doesn't open & no VS alerts.

And it seems cmd prob is still there. I started cmd admin...got VS alert...allowed on alert...performed a command & got access denied. Checked GUI - User Log - cmd blocked entry is there. Similarly cscript.

And in Auto Mode...there should be cmd, cscript, etc... alerts or not? I am getting alerts with this version but didn't use to get with previous versions.

And Reset Whitelist can reset whitelist & log...why no option to reset Command Lines?

And it freezed once...no spinning circle...just freezed.

 

You can right click on one and choose Delete, or Delete all.

 

So there are no default entries in Command Lines i.e the section is empty?

 

Yes, I believe that is the case. Command Lines will be added as required.

Edit: Dan and Vlad may of hard-wired some Command Lines in that don't show in the list.

 

I reinstalled to see & there is one entry in Command Line.
I think reset option for Command Line would be good too. Users can accidently remove the default entries manually.

 

What other security software / firewalls are you running?

On the cmd prob... what commands are you trying? I have tried md, ping and I ran an executable, and they all worked, with VS in Always ON mode (On).

 

All of the default command lines are hardwired in, so they do not need to be listed. I am also going to create a new feature that whitelists command lines in the cloud... it is hard to explain, but it will be cool.

 

Thank you Krusty... any freezes yet? .

 

Not yet, my friend, but it is early days.

 

Win 10 64
Windows Defender
Win 10 inbuilt FW

I tried chkdsk & worked fine.
I tried cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus & get access denied. And User Log show cmd blocked.

 

So after VS install the one entry I see in Command Lines section is not a default entry?
The entry is rundll32.exe aeinv.dll,updatesoftwareinventory

And I noticed in User Log - There are 2 entries for any programs allowed...Blocked & Allowed both entries, is this by design or a bug?

 

VoodooShield,

Do you think different colour icon would be good for modes? This would be good when users hide VS gadget but show VS icon on taskbar. On VS gadget it easy to know what mode is on but on taskbar its simply VS icon.

And would be good if there is some kinda animation on VS icon on taskbar for scanning, etc...

And do you think would be good if there is My Account on top right of main GUI or about section or register section? Clicking on My Account will take to account page.

I think would be good if VS website have screenshots VS, alerts, etc...

And do check if the website Cloud Whitelist "Select All" is working or not. For me its not working i.e select all checkbox cant be checked.

 

Real quick... I will catch up on the other posts later.

I was able to finally reproduce the internet not active bug on one of my computers by disabling the wired ethernet connection, so it will be fixed in the next version.

Also, there was an access is denied bug on a windows update (different issue), but I will fix that too.

 

Apparently there is a new trick that bypasses all application whitelisting software (or something like that, who knows.). I just ran a very quick test (I really need to step away from the computer), and VS seemed to block it just fine, but please try it and see.

If VS 3.13 blocks it, I would be curious if older versions do as well. We can play around with it and see . Either way, if this is for real, it is something we need to fix .

Here it is: http://subt0x10.blogspot.mx/2016/04/bypass-application-whitelisting-script.html

 

Only when it is at risk, and not whitelisting your entire hard drive, right .

 

Hmmm, the trick from above bypasses App Locker as well . I could not get it to bypass VS... did anyone get it to work?

http://www.zdnet.com/article/you-ca...ws-machines-by-exploiting-this-security-flaw/

 

Hey TH, how are you? I just posted on subTee's blog... we will see if he can get it to work .

 

I just realized something... subTee is the same dude from a youtube video I posted on here a while back: https://www.youtube.com/watch?v=85M1Rw6mh4U

I was actually going to email him anyway once VS was ready, just to see if he might want to take it for a test drive... I think we are far enough along for him to check it out, if he is willing to do so.

Anyway, if anyone can bypass VS... it is subTee.

 

3.Krusty13 is pretty nice, Dan!

 

Krusy, I believe the freeze issue is completely fixed in 3.14… if not, please let me know. Yesnoo, I believe the internet connection issue is fixed, if not, please let me know. On the command prompt block… well, there is not a safe way to do this, so for now, just click allow… it should allow it the next time.

Here is the final to do list for VS 3.0

- This hardly ever happens, but there is a path is denied error. It will be a super easy fix (the code is already written), I just have to be able to reproduce this error first.

- Cloud command lines feature… this will be easy, but there is a lot of busy work

- Activate the realtime scanning of processes on VS’s startup. It is already in the code and ready to go, but it is not activated… I wanted to fix all of the other bugs first.

- Cuckoo Sandbox RDP for Windows 10… Can someone who is running Windows 10 confirm either way if the Cuckoo Sandbox is working for them or not? If it is not working, I think I know what is wrong. Please let me know!

- Mini prompt location… sometimes it is too far to the left. This is an easy fix.

- Sign with SHA 256… I just need to find my password for the signature. I put it somewhere so I would not lose it, but guess what, I lost it .

If there is anything that I am missing, please let me know. I will catch up on the posts I missed asap! Thank you!

http://www.voodooshield.com/artwork/InstallVoodooShield314.exe

 

Already installed and testing.

I have Win10, so next time I get a prompt from VS I will check if Cuckoo Sandbox works, but I've never used it before so I'm not sure what to expect.

Cheers.

 

VoodooShield,

Win 10 64
VS 3.14 Beta - Auto Mode

Internet disconnected & programs not opening prob is fixed for me.

I dont know what you meant about Command Prompt?
chkdsk command works.

This command cscript "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus I get access denied. On VS cmd prompt I selected allow & tried 3 times but I get access denied.

I tried Portable DnsJumper & Rufus with Local & Cuckoo Sandbox.
Selected Local Sandbox & nothing opened. Tried 3 times & same results.

Selected Cuckoo Sandbox & my default Chrome browser opened. It mentioned analysis is running & page will refresh every 30 secs. After sometime blank black page.

Tried again & this time was successful i.e all those static, behavior, network, etc... info appeared.
Tried again & was successful again (Cuckoo Sandbox analysis everytime even for the files already analyzed? Coz it seems so as the process was same for the already analyzed files here i.e analysis is running & page will refresh every 30 secs & after sometime results were there).

Tried again & this time got error ---
This site can’t be reached
voodooshield.asuscomm.com took too long to respond.
Search Google for voodooshield asuscomm 8080 submit status 2615
ERR_CONNECTION_TIMED_OUT

Tried again & the same above error.

Tried again & browser didn't open.
Tried again & browser didn't open.

Tried again & browser opened. (I didn't wait for analysis)
Tried again & browser opened. ( " )
Tried again & browser opened. ( " )

Tried again & waited for analysis but same above error i.e This site cant be reached...........

Tried again & analysis was successful.
Tried again & analysis was successful.

Tried again & waited for analysis but same above error i.e This site cant be reached...........
Tried again & waited for analysis but same above error i.e This site cant be reached...........

Tried again & analysis was successful.
Tried again & analysis was successful.

Do try to check Cuckoo Sandbox with & without Adguard Desktop. I use Adguard Desktop with default settings. I tried with Adguard Desktop enabled & disabled i.e exit. If I am correct, with Adguard Desktop enabled browser traffic passes through Adguard.

But my bad I forgot to take note when Cuckoo Sandbox worked & not worked for all the above tests. So I tried 6 times again with Adguard Desktop enabled & disabled i.e exit.
3 times with Adguard Desktop enabled - All the 3 times got the above mentioned error This site cant be reached...........
3 times with Adguard Desktop disabled i.e exit - All the 3 times analysis completed fine.
So dont know if Cuckoo Sandbox works fine or not & cant confirm on Adguard Desktop but atleast with these little tests it seems Adguard Desktop affects Cuckoo Sandbox.

Rest I have posted or requested info in couple of my previous posts.

 

Thanks, Dan

Installing now and hopefully giving it a test over the next couple of days.

Regards, Baldrick

 

Thank you... yeah, I think I need to start the RDP session from the service for Windows 10, I will play around with it and see.

Yeah, the local sandbox that VS uses is not the best (some items will not run using this method), but once VS 3.0 is finished, I am going to do a really cool local sandbox .

 

I think the access is denied error is fixed... I think it was responsible for some users who reported some Windows updates not completing successfully. This would also explain the freeze that some users experienced, although there was another bug that could have been causing this too, which is fixed as well. Either way, VS is finally almost bug free!

Anyway, there are just a few more small things to do... we are getting close!!!

I still have to figure out how we are going to handle vulnerable processes so that the user can modify them. All of the items in the Windows directory are already covered, and there are a few like Java that are already hardwired in (flash is covered because it is in the Windows directory). It would just be nice to have the option for the user to modify these if they wanted to.

I should have the "final" version ready in a day or two, then I will catch up on the posts I missed.