VoodooShield/Cyberlock

Updated to v. 1.05. Everything running smoothly.

 

Cool, thank you!

 

Also doing well here!

Thanks Dan,

Daniel

 

Thank you!

 

Wilderssecurity forums is an excellent place to get new security software known . . .

 

What is the difference in the way VooDooShield works and that of PrivateFirewall? Thanks.

 

VS is default-deny antiexecutable.
PF is firewall with HIPS.
Two totally different products.
PF gives you pop-up alerts about outbound/inbound traffic and actions on detected process activity.
VS silently blocks everything it doesn't know about.
That is why you first have to train it for a while.

Other guys can continue...

 

PrivateFirewall needs to be trained, as well, and it's free. Thanks.

 

There is a free trial with VoodooShield. Test it out.

 

Will do. Does one still need an AV along side? Thanks!

 

Yes. It is a very good idea to also run an AV. The folks at Voodooshield cannot at the present time guarantee that it will catch everything using their technology.

 

It depends what kind of user you are, what are your needs and habits.
I would choose some lightweight and simple AV.

 

Installed VooDooShield, running with MSE 4.2, no conflicts with anything else. Thanks!

 

My paid license doesn't work. Just sent you a PM, coz the password doesn't work together with my email address to register VoodooShield.

EDIT: Also, I've got a question regarding UAC: after installation of VoodooShield, the UAC is deactivated. Would it be harmfull for VS when I reactivate UAC? What's the reason UAC gets deactivated? What is it good for?

 

I reset your password and sent it to you in a pm.

VoodooShield disables UAC because having both is redundant, and VS works a lot better with out it. Besides, most viruses go right past UAC, but they should not get past VS. We were not sure whether to prompt the user or not to tell them that we turned UAC off because we figured that most users have already turned it off. Thank you!

 

Ok, thanx, now that you reset it VS runs very fine on Win 8 Pro x64.

But I guess I found a very dangerous vulnerability under a special configuration of my system: theres one C:\ system partition and a user and data partition Z:\ on my machine.

The local path of the user (I deleted his name on the screenshot below) is Z:\. Now when this user logs in he's able to run any *.exe which is located on Z:\ although VS runs in ALWAY ON (i. e. lock down) mode, thus he can also run any malware which is started from Z:\ even in ALWAY ON mode of VS.

 

natZONE, thank you for letting us know about this potential problem. So are you saying that if the user's profile is on another partition, any executable on that partition will run, even if VS is ON? We have tested VS with executables from different drives and partitions, and it works well. But we have not set the user profile to another drive or partition. Please let me know if I am understanding the problem correctly and I will look into it. Thank you!

 

Yes, that's exactly the point: if you change the local path of a standard user to another partition, this user is able to run any executable from this partition even if VoodooShield is set to ALWAYS ON mode. That's an enormous security hole from my point of view, because it makes VS totally useless under these circumstances.

 

That is really odd, the partition really should not matter, but I can check it out. So VS is installed on the C drive in the Program Files folder, and the user profile is on the Z drive? What happens when you try to view the User Log? Thank you!

 

As to the allowed executables, there were no entries within the logfile. I resetted the white list several times, and in all cases unknown executables could be launched in ALWAYS ON mode. For this very reason, I temporary uninstalled VS and changed to AppGuard again. Hope I may reinstall VS if this strange issue gets fixed.

 

Ok, I think I understand what is going on. If VS is not finding the log file when the path of the user's profile is changed, it is probably not finding the whitelist either since everything is hard coded to the C drive. Let me check into it more, I will let you know. Thank you!

 

Version 1.05 stable and runs fine.Great program,incredible light and powerfull.

 

Yes, indeed. Working smoothly here also

 

Nobody said it doesn't run smoothly. But it's a fact that under discrete circumstances, it doesn't protect as it should.

 

Under discrete circumstances ANY security solution can fail.