VoodooShield/Cyberlock

Salutations/Greetings!!!

In general questions below:

@VoodooShield, What is your opinion of ReHIPS?
https://www.youtube.com/watch?v=8Q2yrjxa0MQ

And would see any problems with VoodooShield? And ReHIPS together?

Also,what opinion about WinAntiRansom Plus+ https://www.winpatrol.com/

Post # 9563 & 9564 agree or not? What do you like about Crystal Security or Webroot with VS?

@themorpethian, can you use on non VM? And what are advances?


Opinions on http://www.fortresgrand.com/products/pf/pf.htm

 

IMO a super light and very strong security combo nothing else needed!

 

Oops, I just noticed while visiting my client that the desktop shield gadget in VS 3.15 will automatically hide temporarily on occasion... although I was not there long enough to figure out what was triggering it. I figured this would happen after all of the changes to the gadget that I made, but there was no way to test every scenario. So whenever you guys see this, please let me know what triggers it and I will fix it asap... it will be a super easy fix, thank you! BTW, for those of you who do not know, I still do computer consulting for my "day job". Hopefully soon I will only be working on VS . Oh, and the onsite emergency was just a bad network card .

 

No mention...you are busy bee with VS and I must say sorry to you bcz. my post is not been directly related to VS!
btw: Just tweak my sistem with one more layer of security...
I was install CryptoPrevent who tweak Group Policy and now criptomalware even if somehow come to system layer, can't do almost nothing!!!
Funny thing with CP is that he turns himself off after complete his magic and do not use nothing of system resources ( memory or cpu ).

I hope that CP modification in Group Policy will not trigger problems with VS!

 

Yeah, CP and VS are NOT compatible at all together. Be back soon!

 

Hi Dan! What was the reason not going into Training mode after install again? I did a clean reinstall of 3.15b then rebooted and I got so many blocks of unsigned files VS doesn't give me a chance to whitelist also I have programs installed on D drive?

Thanks,
Daniel

 

What I did just now I shut down both VS processes and deleted everything in ProgramData and restarted VS and I put it in Training until I got it setup as I like again!

Daniel

 

Ufff...sorry to hear that

What to do now?

 

Hey TH... it actually might be a good idea to put VS in Training mode initially by default... we can think about it. It works fine on most systems to go directly into AutoPilot or Smart Mode, but if you have a lot of stuff on your D drive that might be blocked, well, that is a different story . So we can think about it and figure it out... it is super easy to change. I installed VS and Webroot on 14 workstations yesterday at a dental office and everything went really well... except their medical software installs on the root of C, it is not signed, and has all of the tell tale signs of malware, so I just put VS in training and launched the medical software, then put VS in either smart or autopilot... depending on the user.

But really, there is no reason to not have VS train for a few minutes. I know we used to do that, but we finally got VS to the point where it pretty much trained itself, unless there is a weird situation like your D drive or some medical software that breaks every rule in the book . Thank you!

 

You don't need CP with VS IMO!

 

Very cool, that will work!

 

Hehehe, VS is great at blocking ransomware... you really do not need any specialty product.

 

Cool very nice!

 

Re training mode, I think that this is the way to go. I re-installed and started with Training. Then I re-booted. After a few minutes on the web VS popped-up to ask whether I wanted to turn on protection. I switched it into Smart and got another pop-up from Panda (psevents.exe) a few minutes later. I'll give it another day before installing on the Mrs' PC, leaving it in training mode for a few hours to ensure VS catches the Panda alerts. I'll then put it in Autopilot, which is what I'm now using. That should make it Mrs-proof. It's very light! Good job. For somebody that doesn't go near the dark-side the free VS is a great complement to your AV.

 

I've upgraded to the 3.15 beta. What happened to the Scan & Allow mode? I am now running in Smart mode, and whenever I launch cmd, which I do several times a day, I have to wait about 4 seconds for a prompt from VS to let me allow it to run or deny it. With "Scan & Allow" I was not prompted.

 

@roger_m , you want the new Autopilot Mode.

 

Yeah, I too liked Scan & Allow Mode...it was VS scanners only mode i.e Blacklist Scan & VoodooAi Only...was perfect for my family laptop of average users.

Now Scan & Allow Mode is renamed to Auto Mode & more than VS scanners i.e cmd, scripts, etc...too...This I dont like coz already 2 modes are available for strong & max protection...Scan & Allow Mode was kinda easy mode.

Scan & Allow Mode should be back, what you say?

 

@Krusty13 Autopilot Mode made no difference.
@yesnoo Yes, I think it should be brought back too.

 

Yeah, I will fix the cmd block... there is a safe way to do it... sorry about that. BTW, I was going to try to catch up on the posts tonight, but I really need to step away from the computer. Talk to you guys soon, thanks again for all of your help!

Thank you Krusty, yeah, AutoPilot is basically an enhance version of Scan & Allow, but since there were so many changes, there will be a few tweaks, like the cmd block that we will have to fix, but it will be super easy.

 

Sorry Dan, I was prompted for a Command Line but closed the pop-up without choosing to Block or Allow and VS froze.

This was the Command Line, if it helps.

Code:

"c:\windows\system32\rundll32.exe" "c:\windows\system32\edgehtml.dll",#125 s-1-15-2-3615333805-374319225-3870309745-360125604-1386518793-4086968991-3261710083

 

@Triple Helix, Thank you for your answer in post # 9576

Can someone provide a link for 3.15 beta version of VS?

Kind regards,

 

I really will catch up on the posts that I missed asap, but I wanted to respond to a couple now .

 

Boot up protection is a little late in the game… don’t you think? Why not just stop the shell code (exploit) or payload pre-execution in the previous / initial windows session? Why wait to reboot the computer to stop the malware? Filters might need this feature, but locks do not .

 

Cool, thank you for testing, I really appreciate it! I just want to make sure... you said "Followed the new GUI AI instructions pop up and mostly quarinteened them on advice."... were there any items that VoodooAi recommended that the user allow? If so, please let me know because I will have to look into this (the whole VoodooAi integration is less than a month old after all) . I am assuming (and hoping ) that VoodooAi at the very least recommended block, but I wanted to check .

 

VS block Sandboxie install (Autopilot Mode)

http://s32.postimg.org/v8ybrnclx/Clipboard01.png
http://s32.postimg.org/8ngwedfo5/Clipboard02.png

Cuckoo analysis: http://voodooshield.asuscomm.com:8080/analysis/2703/#static

Is this because of Virus Total?
http://s32.postimg.org/f1c051191/Clipboard01.png

Installation of LastPass got blocked:
http://s32.postimg.org/opxpwwcyd/Clipboard01.png