VoodooShield/Cyberlock

Thanks Dan. Installed 3.47 and my issue is resolved with raserver.exe back in the whitelist.

 

Hey everyone, here is the latest version. I believe the Chrome issue is completely fixed, and I also fixed an issue when VS started, if it was having trouble checking if there was an active internet connection or not. And as always, there are a few minor optimizations and fixes.

https://voodooshield.com/Download/beta3/InstallVoodooShield348.exe

Today is super busy, but I will catch up asap, thank you!

 

BTW, I think it was OverKill who was having issues with VS slowing down his computer... please try 3.48. I think the issue might have been the internet connection check, thank you!

 

Hi Dan here is the latest Memory usage.

 

Hey TH, is that a little higher than normal? Mine is currently 27 for the gui and 15 for the service. You might install the new version and reboot, and if it goes too high, please let me know. Either way, I will keep an eye on it, thank you!

 

VS automatic update start , a box appear and ask me for stop VS and update to version .48 (y / n ) , select " y "

The update take effect very fine.

Memory usage is about : 38 MB total

 

Dan,

3.48 Beta.

1. I know VS doesn't scan .msi files yet. I rightclick & scanned a .msi file, VS alert wrongly mention VAi is disabled in the settings. And the alert mention "VAi is calculating", it should be "VAi is not yet available for this file type". In this case the .msi file used is Eset Endpoint Security installer, 107 MB.
Attached is the screenshot named "SCR1"
2. I executed the .msi Eset Endpoint Installer.
If blacklist scan is enabled, "VAi is not yet available for this file type" is there in the main alert.
If blacklist scan is disabled, "VAi is not yet available for this file type" is not there in the main alert.
Attached is the screenshot named "SCR2".
3. If I reset whitelist then should the programs installed after VS install should be there in the whitelist?
I installed FreeDownloadManager & AviraVPN after VS install. When I reset whitelist, FDM & AviraVPN are there in the whitelist.
4. In AutoPilot Mode, by default now, level of detection for blacklist scanner is "5 AV or more" detection i.e less than 5 AV detection & VAi verdict safe, file is allowed in AutoPilot Mode?
I have a file thats detected by 4 blacklist scanner & VAi verdict safe. The file is allowed in AutoPilot Mode.
5. I was connected to net. 1 time with rightclick scan & 1 time on file execution, I got the alert "connect to net for cloud analysis". May be some glitch, just mentioned for info.
Update - Got the alert again on file execution "connect to net for cloud analysis". Check the taskbar, net is connected.
Attached is the screenshot named "SCR3".

 

Memory usage here for both VS processes right now is app 30 MB, VS 3.48 Beta.
Windows Defender
Windows FW
No other security software
Win 10 64 Pro

 

Installed 3.48, reset the whitelist, put VS in Training Mode, opened Chrome, closed Chrome and put VS in Smart Mode, opened Chrome once again and no prompt at all. Yay!

Thanks Dan!

 

@VoodooShield

Think I may have spoken a bit prematurely. Just installed 348 and again deleted the system file raserver.exe from the whitelist in order to test the process. Went to the User Log and right clicked the entry where it had first been allowed three days ago. Unfortunately it still says "Already Whitelisted". See #13084 for my original post regarding this issue.

 

+1 here!

 

Me thinks this is [so far] the best version of VS EVER!

 

Dan,

Things have quite settled down with VS now So I would like to refresh my suggestions.

3 suggestions, atleast 2 I would like to see in the stable release.
1. Set Blacklist Scanner detection option Or Selective AV Engine - Either an option to set AV detection like "5" So 5 or more AV detection counted as threat & less than 5 i.e 4,3,2,1 AV detection counted as not threat Or list of AVs So that users can select the AVs for detection...I prefer this Selective AV Engine.
2. Option to show VAi Verdict i.e Unsafe Only, Unsafe & Suspicious.
3. Option to Allow Vulnerable Processes i.e No Vulnerable Processes alerts.

Atleast 2 & 3, I would like to see in the stable release. 1 can be there in the future release.

 

Thanks Dan! I will try it very soon.

 

Working great with EAM, 360 TS and HMPro.Alert

 

Cool, thank you for finding these, I will fix them soon.

On the window that displays all of those processes, what do you think about this... If there are more than 3 (or however many) processes, then to not even list them... because no one is going to read through all of those processes anyway, right? Like, maybe if there are 1-3 processes, the user might verify the process(es) real quick, just to make sure those are the once they intend to delete... but if there are 50 or so, there is no way they are going to go through each one, right . Does that sound good?

 

Oh yeah, I forgot to mention, I also activated the auto update . At some point I will turn it back into the silent update as well... thank you!

 

Thank you for the suggestions!

1. The Selective AV Engine would be super cool, but I am not allowed to do that. I actually think our FP detection mechanism is much, much better then simply relying on the quantity of threats detected. It essentially does the same thing that you are talking about, but in a much more accurate and safe way.

2. Cool, yeah, VoodooAi 2.0 will include options like you mentioned... it might be a few weeks, but I am doing some really cool stuff with it. Right now, it is kind of a priority, simply because I have not trained the models in quite some time, and if it goes much longer, the precision and accuracy will start to suffer. Basically what I am doing is building the infrastructure so that we can quickly retrain the models every month or two. I am almost finished with the infrastructure, and once that is finished, I will start training the models, so that will free me up to work on other things, since training the models will be a lot of "hurry up and wait"... especially with all of the Ai features I am adding... it might take a while for the machine learning computers to do their thing.

3. I still have not figured out what we are going to do on the vulnerable processes... but it will be super quick and easy once we figure out a game plan. Just out of curiosity... if you were going to add a new vulnerable process to the list, what would it be? .

Also, when you say No Vulnerable Processes alerts... do you mean that if an exploit spawns an executable by exploiting rundll32.exe, then it should be auto allowed? Or are you saying it should be auto blocked without an alert? Thank you!

 

Cool, I was thinking that was you, please let me know! BTW, I set the timeout to 3 seconds, we can actually decrease this a little probably... we can play around with it and see. Thank you!

 

Sorry about the posts I missed... there are several that I need to catch up on, and I will do so asap!

Thank you guys for all of your help and encouragement!

 

Option "Allow Vulnerable Processes" I mean allow vulnerable process whatsoever i.e no blocking/no alerts i.e auto allow.

I know the dangers of the vulnerable processes Thats why an option And not default.

 

I have had problems with the install of the program, TrackOff which I have mentioned about in another Wilders' thread, earlier today. The program seems, finally to be working, but now, I keep getting the following popup by VS, and appears to be related to the TrackOff program. I keep allowing it, but it won't accept....Have tried several times to make it stick.

 

Command Lines now list some private information, particularly about what is being played by a music/video player.

 

This file seems suspicious to VoodoAI. If you are using Smart Mode and the file is supicous you always see this prompt.
Maybe it helps to switch to Training Mode to put this file to the whitelist.