VoodooShield/Cyberlock

That is why we should have a joint test, and all test together, with the same sample set . I am not a betting man, but I would bet that the results would be the essentially same, assuming the sample set was 1,000 or more. They both really are great products, with some of the highest detection rates in the industry. And for example, I imagine that Sophos has a url filter, which would help its score, whereas Cylance currently does not (this is just a guess, please do not quote me on that ). I just wanted to use the same testing procedure that both Cylance and Sophos seems to think is a good general indication of the efficacy of a given solution... since they performed very similar tests in their videos. I need to be careful what I say, only because I do not want to sound like I am doing a sales pitch, but I think they are both great solutions with amazing detection rates, but I believe the computer also needs to be locked when it is at risk.

Yeah, the VoodooAi Sensitivity was set to 100% (default). Thank you!

 

Thank you, I appreciate that! Yeah, that is why it is helpful to be able to disable either the blacklist or Ai features of VS... that way you can customize it however you want. I would say, for example, if you are running Windows 8 or 10, with Defender, keep both the blacklist and VoodooAi on, you should be okay. If you are running a full time scanner such as Webroot, Cylance, Sophos, (pretty much any of them), you can probably disable VS's blacklist scan (if you want for some reason)... you are probably still safe, and this would reduce false positives.

So basically, the idea is to make everything as flexible as possible, while making sure that the default settings are a great balance of user-friendliness and security... leaning just a little toward the security side .

For me, I do not see how anything could ever slip through the blacklist and VoodooAi, the way it is currently implemented in VS... but I am sure there is something. But the idea is to provide the end user with as much information as possible, so that they make the correct decision on whether to allow a new item or not, so I think having both the blacklist and VoodooAi is extremely informative to the end user, since the blacklist is phenomenal at detecting pretty much everything except for zero days and unknowns, which VoodooAi excels at... so they make a great combo.

People always say "yeah, but ultimately, it is up to the user"... no, really, it is not. Even novices would probably not allow something when the user prompt was red and said "Threat Detected"... if they did, then honestly, they need to take some classes on safe computing / how to use a computer. Otherwise, they are playing with fire, and risk their identity being stolen. Besides, UAC provides the end user with no helpful information at all.

 

Why is there no internet in Cylance test?

 

I don't know why but recently VoodooShield have picked up my interest... Considering giving it a try, but I'm not sure.

Currently running: Emsisoft Internet Security, Malwarebytes Anti-Malware Pro, Malwarebytes Anti-Exploit Free and Malwarebytes Anti-Ransomware. I also use uBlock and Ghostery as "content blocker" under Google Chrome x64. Oh and, running Windows 10 Pro x64 (fully updated of course). UAC set to default level.

Any quick incompatibility issues between these products and VS I should be aware of?

 

Thanks Dan - that is very helpful. I do use Webroot as my main AV and I think I will disable the VS blacklist scans from now on, primarily because of the false positives. The other day I clicked on WRSA.exe and it was blocked by one of the Virus Total scanners, Bkav, which is annoying and unnecessary.

 

Basically, Cylance encourages everyone to test in offline mode, so that it is absolutely clear that no blacklist or global whitelists were utilized during the test, and that only their Ai algorithms were used. I believe that some people or companies might have suggested that Cylance cheats on their tests by using VT lookups or whatever... disabling the network connection ensures that only pure Ai is used, and nothing else. So if you ask me, they performed great!

Also, if VoodooAi had a local algorithm, as opposed to the Azure algorithm, we would do the same thing for VS.

This is also the reason why I disabled the blacklist scan for the VS test... we want to level the playing field as much as possible and compare apples to apples. I wish that option would have been implemented for the first you tubetest... VS would have missed about the same percentage as it did in this test. But oh well, you live and learn .

 

That's great to hear Aura, thank you! It looks like SHvFl already answered your question (thank you SHvFl), but if you need a free Pro license, please email me at support at voodooshield.com.

 

Yeah, exactly... that is a great example! Me personally, I like to play it safe, but most people could probably rely only on VoodooAi, but when you combine the 2, there is almost like a synergistic effect, and it provides killer protection. Thank you!

 

Thank you, will do. I'll start with the free version, and from there, see if the Pro version picks my curiosity.

 

BTW, I submitted a request to be formally tested by one of the best AV Test labs... I am excited to see the outcome of their tests (assuming the request is accepted).

They will find something that slips through... it will be interesting what they find. I will keep you guys posted.

 

Unless I've misunderstood something here, I thought if very few scanners picked up on a file it would be treated as a false positive and you can allow it thereby adding it to the whitelist. In this instance it seems only the BKAV engine marked it as unsafe so by allowing it to run surely the file shouldn't be picked up again because it's in the whitelist. *scratches head*

 

...one of the best AV Test labs...and that Labs is...?

 

I've now unchecked the blacklist scanner option and Process Explorer shows a significant drop in memory usage which I like!

 

I see what you are saying, and I would have to look at the code to tell you for sure... it is hard to remember what each mode does, and what the different thresholds are for each mode, etc. It also depends on if BKAV is listed as an engine with unusually high false positives. But either way, I am sure there is a reason it was flagged... usually it depends on the mode, but it can depend on a lot of things. Thank you!

 

... hopefully going to test VS soon . There are actually 5 or so really great labs that I would love to have test VS. I just figured we would start with one test for now, and if there are any obvious mistakes or something that I totally forgot about, we can fix the issue before it is tested again, that way we will have a good idea whether the issue is properly fixed or not.

 

Hmmm, that is interesting... I will have to play around with that and see why that is happening, thank you for the heads up!

 

Maybe not! The significant drop was compared to v.238. What I am actually seeing is a drop in memory usage since I have (just) installed v.239. The smaller memory is now much the same regardless as to which of those two options are checked.

 

@NullByte,

https://malwaretips.com/threads/clyance-vs-sophos-vs-voodosheild.61167/#post-520993

The last time this happened (recently), the tester bought a VS Pro license... after he finished testing .

I do not trash other AV products, but I do think we need more comparison videos and mathy type stuff... instead of qualitative "articles" for AV companies.

 

The lot over at MT are quite quaint & comical, what with all their posturing, self-centredness & innate belief in their infallibility. Quite cute really...but I am sure that you will win them over eventually, Dan, and they will come to realised what we have done a goodly while ago re. VS.

 

BTW, the next time someone suggests that VoodooShield would not work well for computer novices or average users, I hope they do the honorable thing and disable UAC on these users computers... since UAC offers no insight as to whether the item should be allowed or not, and since it forces them to make a decision on the spot .

If a novice or average user can use UAC, then trust me, they can use VS.

Just a thought .

 

I agree .

 

Hehehe, you are funny Baldrick! Actually, I think all they have to do is test VS, then they can decide if they like it or not. Thank you Baldrick and Djigi!

 

Spot on, Dan...SPOT ON!

 

UAC simply pops up to much for people with little security interests. That is why I have set UAC to auto elevate signed executables and block elevation for unsigned on my wife's laptop.

I know it is a risk, but less than 4 percent of malware is signed. I wish smartscreen had a block setting also (no option to run).

VoodooShield with AI seems to allow all of her installed (signed) programs to update on autopilot. Question does a user gets pop ups when running in auto pilot mode?

 

No need. If you see some of the security configuration threads, you will see people using whitelisting software some using EXE Radar Pro and others VoodooShield.

The thread you are seeing is merely one out of thousands of threads in the entire forum.

VoodooShield simply needs to promote and market itself a lot more. Which I heard Dan is already planning by promoting the product on Antivirus test labs and having someone help with the marketing.