VoodooShield/Cyberlock

Peter2150 · Mar 20, 2017

askmark said: ↑

Why did closing VS lock up your machine? A normal exit should just close the application, only terminating the VS processes through a backdoor method should instigate the self-protection.
Click to expand...

I didn't do a normal exit, not sure what I did. At any rate locking the application fine, locking the computer NOPE What ever I did was with the alert, and I don't think there was any notice about rebooting. I just a machine that was frozen.

boredog · Mar 20, 2017

OK Peter when Dan is not so busy maybe he will explain. Although I think he did explain his new protection locks entire computer so when a program trys to shut down Voodoo , Voodoo lock entire computer down.

Triple Helix · Mar 20, 2017

Peter2150 said: ↑

I didn't do a normal exit, not sure what I did. At any rate locking the application fine, locking the computer NOPE What ever I did was with the alert, and I don't think there was any notice about rebooting. I just a machine that was frozen.
Click to expand...

If it's not to late can you send Dan your logs if you still have them?

Peter2150 · Mar 20, 2017

Unfortunately I don't have them. Since I had a breather but wasn't sure I was out the water, I just did a quick uninstall, waited to the coast was clear and installed 3.53. Candidly I was leary enough I never left 3.53 on the other machine.

Gandalf_The_Grey · Mar 20, 2017

Today there was update KB4015438 for Windows 10. Initially it failed.
I had to set VoodooShield in install mode before I could successfully install this update.
Is this normal behavior for 3.55 beta 2 ?
Never had to do this with previous versions.

VecchioScarpone · Mar 20, 2017

General thought:
Those who have no issues must be wondering how such extreme occurrences could happen, quite understandable.
Twice 3.55 did not executed at all during startup/reboot in conjunction to: refer my post #14849 and subsequent ones.
That left me feel exposed. (Freaked out actually)
If such a program like VS are for the masses, I'm with Peter on this one.

Krusty · Mar 20, 2017

VecchioScarpone said: ↑

If such a program like VS are for the masses, I'm with Peter on this one.
Click to expand...

Me too.

VecchioScarpone · Mar 20, 2017

Krusty said: ↑

Me too.
Click to expand...

G'day.

Feels good not to be alone. For a while, due to lack of bugs reports on this thread I felt I was wacko

Krusty · Mar 20, 2017

Yeah, I haven't felt comfortable with any of the new builds which included the self defence module. I've tried 'em all but keep going back to stable and reliable 3.53.

Antarctica · Mar 20, 2017

Krusty said: ↑

I've tried 'em all but keep going back to stable and reliable 3.53.
Click to expand...

Also back to V3.53. This afternoon a Driver from VS would not start and the program closed by itself.

VecchioScarpone · Mar 20, 2017

"VS 3,53 rules!" he he
I have no doubt Dan will get it right.
"Forza Dan" ("Keep going Dan")

guest · Mar 20, 2017

Peter2150 said: ↑

UNACCEPTABLE. Either there has to be a way to run the selfprotection off
Click to expand...

Something like this:

I think, adding such an option would be a good idea.

Tarnak · Mar 20, 2017

I just shutdown VS from the tray icon, "exit" button. I thought that "self-protection", meant that I would get some kind of warning, like 'are you sure yo want to terminate VS', but I didn't. Maybe, I am not understanding what is meant by self-protection.

Achelous · Mar 20, 2017

mood said: ↑

Something like this:
View attachment 256384
I think, adding such an option would be a good idea.
Click to expand...

+1.

We also need to remember that many other factors come into play in terms of self-defense, it should not all evolve around protecting the processes (VoodoShield.exe and VoodoShieldService.exe). For example, the device driver (vsscanner.sys) is vulnerable because it can be unloaded (stop and delete the service) and then the process monitoring will not continue without the user being notified - bear in mind that I tested this myself, there was absolutely nothing to try and stop me from doing this.

Overall, process protection is just the start of it, and there is no point in them taking the self-defense mechanisms further until they've done a proper implementation of process protection. The current is hardly sufficient at all (in my opinion at least), due to the inconvenience of locking down the system, and because the processes are not actually "protected" from termination... If you will.

I do understand that this whole self-defense approach is new and all experimental, I look forward to seeing the implementations for the stable release.

plat1098 · Mar 20, 2017

Just got a sneaky little Windows kb 4015438, getting used to these. As I restarted, oops, left VS enabled. But, the update went very quickly, finished installing in about 1 minute. That, at least, is reassuring!

smith2006 · Mar 20, 2017

VecchioScarpone said: ↑

Same here. It is hard not to feel frustrated when it seems only you have big problems. (Like me)
I sent the Dev service logs to Dan. Don't mind me telling you, I suggest you do too, If you haven't done yet, he really appreciate that.
I'm back and forward from 3.53 to the newest one, none seems to work for me.

Dan promptly work on the bugs he found on mine and anyone else logs, he is a very considerate fellow.
Click to expand...

Thank you for the reply.

The strange thing is It seems to be running fine today after logging on.

Anyway I have forwarded the dev service logs to support for the attention of Dan.

VecchioScarpone · Mar 20, 2017

smith2006 said: ↑

The strange thing is It seems to be running fine today after logging on.
Click to expand...

You are welcome.
Most of the bugs I experienced where randomly happening too.
We should not forget that Dan asked the community to trying it out and send feedback,
3.55 is not a stable version.

guest · Mar 21, 2017

Peter2150 said: ↑

Note it's not a sandbox in the traditional sense, more of an analyze tool
Click to expand...

Exactly, and how many average users ( VS target market) will know (or even care) to analyze and differentiate malwares behaviors from normal file behavior in those kind of sandboxes? almost none.

paulderdash · Mar 21, 2017

guest said: ↑

I think Dan should lighten VS of some features that most users (average one in general) will never use , and the sandbox is one of them. If he focuses on the true power of VS (the anti-exe part) it should be better (and less hassle for him to fix). I told him that already and i think both VS and its users will benefit from it.

Better a simple but truly effective program than a bloated buggy one. Users shouldn't influence the development of the product's core features . The dev decide and the user must learn to use it. most of the successful softs are like this.
Click to expand...

I think there has been some 'scope creep'. I have never used the sandbox feature. I think Dan tries to please everyone, but I guess he wouldn't add something he doesn't deem desirable at least ...

paulderdash · Mar 21, 2017

Dan - just a question based on a statement in another thread: https://www.wilderssecurity.com/threads/cybergenic-shade-sandbox-tool.380371/page-6#post-2661225 though I guess you are busy with this self-protection and other stuff ...

@cruelsister's comment: Finally, recent malware seem to be using a lag time feature- they may not activate for a few minutes or a few hours whether it is in a VM or not.
Would this have any implications for VS which in Smart mode, only locks the computer when it is at risk e.g. online?

stapp · Mar 21, 2017

stapp said: ↑

Had a little issue with self protection and had to do a hard reset

PM sent.
Click to expand...

I am going to remove 3.55 as it is causing me a lot of issues. When it locked up for me after a boot nothing would work..taskmanager etc, and this morning had more issues so it's coming off.

Here are some of the many entries from the DevLog.log

[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Program Files\VoodooShield\Notify.exe | C:\Program Files\VoodooShield\VoodooShieldService.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:18] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\AUDIODG.EXE | C:\Windows\System32\svchost.exe | True | False
[03-20-2017 11:15:20] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\SearchProtocolHost.exe | C:\Windows\system32\SearchIndexer.exe | True | False
[03-20-2017 11:15:20] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\SearchProtocolHost.exe | C:\Windows\system32\SearchIndexer.exe | True | False
[03-20-2017 11:15:20] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\LogonUI.exe | C:\Windows\system32\wininit.exe | True | False
[03-20-2017 11:15:20] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\servicing\TrustedInstaller.exe | C:\Windows\system32\services.exe | True | False
[03-20-2017 11:15:20] [INFO ] - This process is being blocked: C:\Windows\servicing\TrustedInstaller.exe|C:\Windows\system32\services.exe|True|False

[03-20-2017 14:33:44] [ERROR] - VoodooShield has entered self-protection mode. | C:\Program Files\VoodooShield\Notify.exe | C:\Program Files\VoodooShield\VoodooShieldService.exe | True | False
[03-20-2017 14:33:46] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\SearchProtocolHost.exe | C:\Windows\system32\SearchIndexer.exe | True | False
[03-20-2017 14:33:46] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\SearchProtocolHost.exe | C:\Windows\system32\SearchIndexer.exe | True | False
[03-20-2017 14:33:46] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\system32\LogonUI.exe | C:\Windows\system32\wininit.exe | True | False

[03-21-2017 06:16:38] [ERROR] - VoodooShield has entered self-protection mode. | C:\Program Files\VoodooShield\Notify.exe | C:\Program Files\VoodooShield\VoodooShieldService.exe | True | False
[03-21-2017 06:16:41] [ERROR] - VoodooShield has entered self-protection mode. | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe | C:\Windows\system32\services.exe | True | False
[03-21-2017 06:16:42] [ERROR] - VoodooShield has entered self-protection mode. | C:\Windows\System32\smss.exe | \SystemRoot\System32\smss.exe | True | False

paulderdash · Mar 21, 2017

stapp said: ↑

I am going to remove 3.55 as it is causing me a lot of issues. When it locked up for me after a boot nothing would work..taskmanager etc, and this morning had more issues so it's coming off.
Click to expand...

I've had no issues, yet. But there does still seem to be a problem.

Triple Helix · Mar 21, 2017

paulderdash said: ↑

I've had no issues, yet.
Click to expand...

No issues here either!

Peter2150 · Mar 21, 2017

Self protection should protect that software package, not lock up the whole computer. Just a bad idea.

illumination · Mar 21, 2017

Peter2150 said: ↑

Self protection should protect that software package, not lock up the whole computer. Just a bad idea.
Click to expand...

I agree. If the average/novice users around my area where to have this happen, they would flip out and demand it be removed. Because of this, I can no longer suggest this product to them.

One thing it seems a few are having a hard time wrapping their brains around here, is that Voodooshield was NEVER meant to be a standalone product. Matter of fact, it was designed to be an optional replacement to UAC. It is a companion product, meant to be run with other security. If those same users want full lock down of their systems, maybe they should look into Policy Restriction instead of gradually ruining what was, a great product.

Log in or Sign up

VoodooShield/Cyberlock

Peter2150 Global Moderator

boredog Registered Member

Triple Helix Specialist

Peter2150 Global Moderator

Gandalf_The_Grey Registered Member

VecchioScarpone Registered Member

Krusty Registered Member

VecchioScarpone Registered Member

Krusty Registered Member

Antarctica Registered Member

VecchioScarpone Registered Member

guest Guest

Tarnak Registered Member

Achelous Registered Member

plat1098 Guest

smith2006 Registered Member

VecchioScarpone Registered Member

guest Guest

paulderdash Registered Member

paulderdash Registered Member

stapp Global Moderator

paulderdash Registered Member

Triple Helix Specialist

Peter2150 Global Moderator

illumination Guest

Log in or Sign up

VoodooShield/Cyberlock

Peter2150 Global Moderator

boredog Registered Member

Triple Helix Specialist

Peter2150 Global Moderator

Gandalf_The_Grey Registered Member

VecchioScarpone Registered Member

Krusty Registered Member

VecchioScarpone Registered Member

Krusty Registered Member

Antarctica Registered Member

VecchioScarpone Registered Member

guest Guest

Tarnak Registered Member

Achelous Registered Member

plat1098 Guest

smith2006 Registered Member

VecchioScarpone Registered Member

guest Guest

paulderdash Registered Member

paulderdash Registered Member

stapp Global Moderator

paulderdash Registered Member

Triple Helix Specialist

Peter2150 Global Moderator

illumination Guest

Useful Searches