VoodooShield/Cyberlock

By the way "allowed" above means whitelisted only or executable allowed through popups too?

 

@VoodooShield How about the one's that have not seen the freezing issue? Can we help?

Daniel

 

using 3.33 beta and not seeing any freezes or dimhosts blocks anymore. I am also a windows insider.

 

I am not sure I understand the distinction since as soon as the user clicks Allow on the user prompt, the item is whitelisted. Do you have a specific example? I think it would be a lot easier for both of us if you do, thank you!

 

Thank you TH, that is really nice of you! Not that I can think of right now, but if I think of anything, I will let you know. We have to be getting very, very close, since we have gone over all of the code with a "fine tooth comb".

Thank you too boredog, please let me know how it goes!

BTW... if anyone experiences the freeze issue, please let me know what the memory utilization in the task manager for VoodooShield.exe is!!! I know we have talked about this before, but there might be something to it. I was playing around earlier, and I noticed that when VS blocks large (100mb +) executables, the memory utilization goes pretty high. It is fine for it to go high temporarily, but once the process is handled (blocked or allowed), the memory utilization should return to normal (15-30mb). What is odd is that when I click on the x to close the mini prompt, it reacts different from when the mini prompt countdown timer runs out, and the mini prompt closes on its own. So what I suspect is happening is that when the mini prompt closes on its own, the handled process (in this case blocked, since the mini prompt closed on its own), is not being released by VS completely... which would explain why the freeze almost always happens after the user has been away from the computer for awhile. Basically, during this time, VS handled tons of background processes, but did not release them properly, and the memory utilization goes sky high and as a result, freezes the gui.

The good news is, that the conhost.exe issue is totally fixed, thank you guys for sending all of your logs... sorry if I did not reply to the emails, I am trying to keep up with everything . Once the freeze issue is fixed, everything will go back to normal, thank you!

 

BTW, I can verify that the 3.09 freeze test version does freeze, it actually just happened. So everyone who is helping me test, please install the 3.08 freeze test and let's see if that freezes! If it does, then we know for certain that some change between these 2 versions is causing the issue... and we have great backups of both versions.

 

Yes it does appear the dismhost issue is fixed. I used to get dismhost blocks when running this program, and had to disable VS, but not now.

 

I thought whitelist you mean programs initially whitelisted i.e snapshot...Got it now...Thank You

 

Hi,

Just to jump into this thread with some questions about Voodoo Shield.

1) How would Voodoo Shield handle drive by downloads?
2) How would Voodoo Shield handle an attack where the payload is a RAT?
3) Would I need to disable Voodoo Shield when using a program installation which generates a exe in Temp?

I am actually using Voodoo Shield already, but I don't know how it works to protect me. And I wonder if it can protect me from past previous incidents.

 

VS 3.33 Beta
VS Mode - AutoPilot

If Blacklist Scan is disabled in settings then files with VAi safe verdict is auto-allowed in AutoPilot mode, right? (This is my experience)
I would like to see an option to auto-allow suspicious verdict by VAi too (when blacklist scan is disabled). Last option in basic settings i.e "Trust" option doesn't work (when blacklist scan is disabled) i.e suspicious verdict are not auto-allowed.

And some files get unknown to blacklist even though they are not
For ex- Portable DnsJumper & Portable VidCoder 64 Bits

Attached are the screenshots

 

Dan - just had a freeze in 333. It had recently been on hibernate but did not check the sys tray after waking. I will try 3.08 now.

I am running Win 8.1/64

 

this is a good compromise. there are many programs that have a "expert" mode or a "high security" mode. That keeps the geeks happy, and also the average user.

 

oh oh when I came back and brought computer out of hibernation/ sleep mode voodoo was froze. can access right click tray menu but can't do anything with it until I task manager it and restart. BUT I forgot this part:
"please let me know what the memory utilization in the task manager for VoodooShield.exe is!!!"

 

No freeze here with 3.09 up to now. Lasting more than 3.33. I have the impression the freeze may be related to more than one reason.... Anyway will download and install 3.08 and see. And for all the previous freezing I could no see any abnormal VS memory use from task manager.

 

just checked my hibernation setting and they are set to never. have now set sleep mode to 1 min. so far I don't see any freezes. even set the hard dick to one min for shutdown and so I can not duplicate the problem . it is a ghost.

 

Never had a freeze problem pre AU or since...Did have the DISM problem...Have had the install probem with VS intercepting installs while set to install\disable mode but its intermittent...I just exit Voodoo now while installing.

 

Hi,

I am actually using Voodoo Shield already, but I don't know how it works to protect me. And I wonder if it can protect me from past previous incidents.

1) How would Voodoo Shield handle an attack where the payload is a RAT? I had an incident where someone attacked my Webroot SecureAnywhere. I installed it on 2 computers, and both were attacked. I noticed some minor modifications (I forgot what he did) on one computer, and on the other computer my 2 standard accounts were erased leaving only the admin account.


2) Would I need to disable Voodoo Shield when using a program installation which generates a exe in Temp? I would need to disable SRP temporarily for this, so I need something that protects me during this time.

 

clubhouse : what version of windows are you running?

 

@VoodooShield

Dan, freezes occur for many reasons but the most common are:

1. Spawning to many processes drowns the OS scheduler
The cat and dog fight with DISMHOST could be a cause of that.

2. Using to much RAM which causes page faults in the memory manager.
The memory leak you mentioned in post 12028 could be the reason.

3. Driver fault in relation to hardware acceleration.
Since most members did not have any problems, have you tried looking at OS (32 bits versus 64 bits) and GPU's on which the problems occur?

 

Windows 10 x64 1607 build 14393.51

As I said it doesn't happen all the time.

 

Windows 10 Enterprise x64 1607 build 14393.51 NVIDIA GTX 980M GPU on my Alienware 17R2 Laptop and no freezing or DISMHOST issues at all.

 

I got a freeze this morning with 3.33

 

On my Windows 10 32 bits Pro W10AU (G3240) HD5570 neither

 

I am going to catch up on all of the posts I missed right now... I will skip the ones that refer to the freeze issue, unless there is something specific that I need to respond to.

BTW, VS 3.33 does have a freeze issue, but what we really need to do is to confirm whether or not the 3.08 freeze test version has a freeze issue or not, since we know that the 3.09 freeze test version does. Once we can confirm that the 3.08 freeze test version does not have this issue, we should have two sets of code that we can easily compare.

If you are experiencing the freeze issue, and would like to run the 3.08 freeze test version for a few days, that would help tremendously!!! There is no reason to run the 3.09 freeze test version, since we already know it freezes. Here is a link to the 3.08 freeze test.

https://voodooshield.com/Download/beta3/InstallVoodooShield308FreezeTest.exe

So for now, it is not necessary to report any freeze issues (or send logs) for any other version, other than the 3.08 freeze test version.

@fax... Yeah, I agree, I think there have been several things that have caused this issue. I think some are fixed and there are still 1-2 more that we need to fix.

@boredog... Yeah, it is definitely a ghost, and extremely difficult to figure out, but we are getting close!

@Windows_Security... Cool, thank you for the 3 suggestions... I am looking into all three!

Once we are certain that the 3.08 freeze test version does not freeze, I will remove some of the new code / features that were first implemented in 3.09 (one by one) that did not exist in 3.08, and before long we will be able to isolate this once and for all. Thank you!

Edit: Please keep in mind that the dismhost bug is probably in 3.08... so this might be a pain for a few days... sorry about that!

 

This is a very complicated question and extremely difficult to explain, but I will try. Basically, for the most part, VS does not care if the file is signed or not, and it does not allow by digital signature alone... I think that is very dangerous. VS will temporarily allow by digital signature, like if you are installing MS Office, it will temporarily allow all files signed by MS. But VS also auto allows by other factors, such as parent process... so it was probably a different feature in VS that whitelisted these items. I hope that helps, if not, please let me know, thank you!