VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "A Disk Cleanup (cleanmgr.exe) should invoke it .."

    doesn't invoke on mine either.
     
  2. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Thanks TH. It is clear though that some users of VS think that there are benefits in having UAC enabled whilst VS is running and I would like to know if there are, in fact, any real benefits.
     
  3. Do you mean besides not allowing everything on the system full administrative access?
     
  4. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Surely VS essentially does the same thing in that a file cannot be executed without VS checking it first? This has to be better than just looking at the UAC prompt and making a decision based on very little information.
     
  5. hehe, Dog and cat fight between VS and Dismhost recreating in temp folder, that is what I guessed in post #11488
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    my appdata folder is covered by WAR. my folder is just the windows temp folder. most articles are talking about the appdata folder?

    in any event it will be nice when vlad gets it taken care of
     
  7. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Same here, wouldn't allow Chrome to update.
     
  8. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Like this?
     

    Attached Files:

  9. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    After click on "Allow" Chrome did update just fine, on my PC.
     
  10. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    78
    installed voodooshield 3.28 beta free - all options greyed-out - never uninstalled something so quickly.
     
  11. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "installed voodooshield 3.28 beta free - all options greyed-out - never uninstalled something so quickly."

    and who are you? the latest build is 3.30

    di you send a email as requested to get a two year lic? I don't think so

    troll ?
     
  12. NWOAbschaum

    NWOAbschaum Registered Member

    Joined:
    Feb 9, 2014
    Posts:
    222
    Location:
    Germany
    u need the pro version to have options. u can ask dav he will give u a two year license. next time u should look at the website what u can do with pro/free before write something like this.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Dan, haven't we already been down that road and didn't you rule out UAC being a factor because you have UAC disabled and VS froze on your machine?
     
  14. james246

    james246 Registered Member

    Joined:
    Nov 5, 2005
    Posts:
    139
    Works well for me - is it possible to buy a lifetime license.
     
  15. Guys,

    There was a long thread about the pro's and con's of using UAC which was closed by the mods, because people started attacking each other. TweakUAC explains it well (losing low Integrity rights sandbox/protected mode and folder protection) why completely disabling UAC is a bad idea (when you can also set it to silent). :blink:

    I have UAC set to silent auto allowing unsigned software to elevate. It is like a Standard User container for unsigned software, you can still run unsigned software, but unsigned software is not allowed to do stuff which require Admin privileges. I combine this with a default deny policy (Software Restriction on my Windows Pro Desktop and Parental Control on my Windows Home Transformer).

    I can't use a simple deny execution policy on my wife's laptop (running Windows 10 Pro). First reason is Chrome updating flash in User\AppData folder and secondly because she uses a photobook-creator program which also runs from User\AppData and requires a mandatory update check to run (so I can't freeze it by disabling update). Therefore I combine VS in autopilot with UAC (silently allowing signed software to elevate). In this best of both worlds VS defends user space and UAC defends admin space.

    I ran some malware against this setup on a test image (using Dan's randomizer*) and like Cruel Sister's short test shows https://www.youtube.com/watch?v=e-tk8HeV4Bw VS does astonishing well. Dan has made his test program publicly available, so everyone can check for themselves (code and samples). This also adds to VS credibility IMO. It is not surprisingly that in a Sophos (selected samples) test Sophos wins from Cylance and in a Cylance (selected samples) test Cylance wins from Sophos. The test tool of Dan, is a true randomizer. So when you throw enough samples into this objective (random) test, the results become statistically relevant.

    Cruel sister's test video https://www.youtube.com/watch?v=e-tk8HeV4Bw was very well crafted. It did contain not much samples, but each sample represented a different malware attack vector, sort of like the tests Kareldjag did in the past to assess zero day protection of security programs with PoC's. Cruel Sister testing with real malware (not PoC's) is very impressive and adds to the trust I have in VS. My guess is that the only sample remaining in memory (in Cruel Sister's test) was suspended (and thus paralyzed harmless) by VS and would not have survived re-boot.

    For this rare cases, I have UAC on silent blocking unsigned malware to survive re-boot (entering admin space). Since the UAC signature check only covers the local certificate store, it is probably more for peace of mind. Signed malware is not uncommon, but signed malware is still less than 4% of the total malware, making this simple UAC tweak as effective as running Sophos :p (according to real world protection tests of AV-comparatives).

    It is still early days and Dan needs to solve the freeze issue of the V3 Beta, but it is incredible that Dan with his limited resoruces outperforms a company (Cylance) which has received over 150 million dollars in Series A+B+C+D funding. When I was the guy from Dell who signed the deal with Cylance I would buy VoodooShield to take it out of the market to cover my mistake and ask for a refund at Cylance. :argh:

    I see a movie in the making where Dan fights Cyclance in a hands down shoot out (sort of Wyat Earp against Billy the Kid story). Our hero from Kansas wins it with his brilliant product, but the marketing and money machine of Cylance seems to tip public opinion into the benefit of Cylance (believing bigger is better). When the plot thickens and Goliath (Cylance) threatens to win from David (Dan), Dan is assisted by Cruel Sister who in the final moments of the movie proofs with her tests that VS beats Cylance hands down when dealing with true ZeroDay malware. The movie ends with one of Cruel Sister's favourite song titles, while the dust settles and our heroes (VS+CS) walk away in the dawn (to Paris?) :D

    regards Kees
     
    Last edited by a moderator: Jul 21, 2016
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey guys, I will catch up soon, but I wanted to post this new version asap. Earlier, a member (I think it was ieno) emailed me the following from his DeveloperLog, and this version should fix this issue, and possibly the freeze issue. I am not sure why we have not seen this exception before, but I would think there is a great chance that it would cause the VS GUI to freeze. So please try it and let me know how it goes. If this does not work, I think Vlad can probably look at the issue very soon.

    [07-20-2016 14:08:45] [ERROR] - Exception in NewProcessHandler_HandleProcess: Cannot access a disposed object.
    Object name: 'Main'.. at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
    at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
    at VoodooShield.NewProcessHandler.HandleProcess(ProcessInfo processInfo, String& title)

    www.voodooshield.com/artwork/InstallVoodooShield330Freeze.exe

    Thank you!
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, you have to catch them before they disappear ;).
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know... I will work on the dismhost issue next.
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Because of the Windows Protected Folder feature (or whatever it is called), it is probably best to keep UAC on. Thank you!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I do see your point though TH ;).
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, dismhost is a little tricky... thankfully it is the only process that is like this ;).
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, there is a bug in there somewhere, I will take a look at it. I think the reason it is being blocked is because it is unknown to the blacklist, does this sound right? Thank you!
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, for now you might just want to choose Allow. I am not sure why the blacklist is not detecting it properly, but I will look at it. Thank you!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, good point ;). If this last fix does not work, then Vlad will be able to fix these last couple of bugs very soon. Thank you!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sure, if you buy a 3 year license, I can add 100 years to your subscription. Or you can participate in the VoodooShield Challenge and get a free lifetime license ;). Thank you!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.