VoodooShield/Cyberlock

...the blocked file is actually located in the user-directory. It is launched after you have started Chrome.
c:\users\...\appdata\local\...\software_reporter_tool.exe
But after whitelisting it, the alert should go away (until chrome has updated the file again)

 

It's basically a normal Cuckoo-Sandbox - "automated malware analysis system"
The file is executed inside an isolated environment and information about it is collected.
Edit: Hmm, i think you mean the "Local Sandbox"-feature, and not the Cuckoo-Sandbox?

 

the creator of cuckoo
https://nex.sx/bio.html

 

I think by default anything in c:\users\* is blocked unless whitelisted. TH's screenshot in #13686 shows the Users folder as checked which means anything there will be blocked if not already whitelisted.

I haven't got Custom Folders enabled but I just took a look and Users is checked so I assume it remains so when Custom Folders is not enabled. The advantage of Custom Folders is one can select which folders are allowed/blocked when VS is on/off.

 

Right!

 

Right Tony as I use my D drive for Programs and Virtual Machines!

 

THX Pete I now see I was totally wrong, you explicitly mentioned it.

 

LOL Rasheed is like the great Greek philosophers het theorizes a lot but never test/trials himself

 

I think that Custom Folders provide a good example of why OFF needs clarifying, from true OFF (Training mode) to toggled OFF (Smart and Always On modes). In the former VS is indeed OFF and that is fine; in the latter OFF really means VS is in AUTO mode and this is the OFF referred to in CFs. This was all discussed a few weeks ago and Windows_Security came up with a solution that seemed satisfactory to me.

 

Does Webroot step-aside for VoodooShield Modes.?
Does Emsisoft step-aside for VoodooShield Modes.?

Why does VoodooShield works particularly well with Emsisoft or Webroot.?
Thanks

 

Hi, no blocks in firewall, my region is Israel

EDIT: actually, now that you mentioned firewall, the problem might be my ISP, which does some special filtering tricks that unfortunately block certain domains. I have had trouble connecting to Kaspersky Security Network, in the past. Maybe same prob here.

 

Sandbox (Button):
This button will display the Sandbox screen and will give the user the option to run the file in a Local Sandbox or in the Cuckoo Sandbox.

 

Regarding Custom Folders. I leave top level directory checked and existing sub-folders unchecked in the expectation that if any new folders are added when installing software they will automatically fall under the "blocked" category. Maybe someone could clarify.



Also using this addon: http://www.hotcleaner.com/clickclean_firefox.html in Firefox Portable, Palemoon Portable and Cyberfox (installed) often results in a pop up even though I tried running the addon in "training mode" with only default home page open in each browser. It doesn't seem possible to whitelist it either via whitelist or command line without allowing plugincontainer.exe



Also consider this scenario. User leaves machine unattended to answer the telephone, make a cup of tea or whatever. A legit file runs and VS prompts to block or allow. User will not see this prompt because the user is away from the machine. User returns to the machine some time later - say 30 minutes later. User will not know that an item has been blocked unless the prompt remains on screen until manually closed. Then what happens if there were several prompts while the user was away?

I know that users here will periodically check logs but average users probably will not bother with such checks.

 

The way I'd run a whitelisted file sandboxed:

Navigate to Firefox executable - right click and choose "VoodooShield Scan" from the context menu. Once the scan completes you get the option to sandbox. However I personally do not see any option to run in Local Sandbox. I only see Cuckoo Sandbox.

 

FWIW as per PCMag

as per User Guide

 

Okay running a file as above - right click and choose "VoodooShield Scan" doesn't produce Local Sanbox option for me. However dragging a file onto the desktop shield in order to initiate a scan does give the Local Sandbox option.

 

I've just done a similar test to you but got a different result.

I copied firefox.exe to the Desktop, made sure it wasn't running then dragged it over to the VS icon and blue dialog box popped up saying threat not detected. Option to click on Sandbox was there so I did and next screen shows Local and Cuckoo.

On clicking Local, a dialog popped up saying the program can't start because mozglue.dll was missing.

When I click on Cuckoo, I allowed another browser to open for the analysis to take place which is successfully completed.

Whether all this is correct procedure I don't know but it's not something I would use much.

 

This is a public thanks to Dan for his quick response to my emails over the weekend. Great customer relations and service - thanks, Dan, I really appreciated it.

 

Cool, please pm me your email address .