VoodooShield/Cyberlock

Is VS displaying a bubble to let you know that it blocked something? I installed Office 2013 tonight and tested it with Word and Outlook (after turning off automatically allow program files folder), and it worked great for me. If VS is not flashing, displaying a bubble or prompting, then it isn't killing anything. You might try to run your computer without VS for an hour or 2 and see if the error go away.

Is there something else that triggers this process that you know of?

Is anyone else having this problem? I think it mainly happens with Windows 8 and Office 2013.

Thank you!

 

I did a sort by date, and those error events didn't occur before having VS installed.

VS only blocks SSPSVC but the gadget flashes like 4-5 times when it's blocking it, but there's nothing in VS log file.

I presed few times to allow it, but the next second I got another ballon from VS about it, and this normaly happens like 4-5 times in a row.

 

Multiple balloon popups by VS when Opera browser opens. I deny the update in SSM, but VS still continues with the popups. Something is not right. Also, I can't get rid of the suspend, shown in Process Explorer. I have to reboot. Still, with v1.24 for the moment.

 

Finally, got this and when I blocked, still the balloon popups kept going, until I disabled VS protection.

 

VoodooShield users: -

Show of hands, please, if you are using VoodooShield on Win 8 [x64 bit] without issues ?

I'm asking as it's installed and working fine on a Win 7 x64 laptop, ....but I'm preparing to try it on a new Win 8 laptop. I'm becoming superstitious that maybe VS has issues on that platform ...

Savy?

So, what say you, crew mates?
Appease an old pirates heart, would you?

-cheers,
feandur

 

Hi Dan

I have installed a fresh copy of Win 8 on another drive and just loaded VS. This now loads in 15 secs. So I now have to go hunting to see what might be conflicting with it. Do you have any trace program to help track it down.

This still leaves a question in my mind as to what is happening in those 15 secs. It seems that leaves a big hole for malware to jump through.


Feandur - it should work as well in Win 8. I obviously have some particular issue on my machine.

 

View attachment 239081

I managed to catch it in action , maybe this will help you somehow. Btw it doesn't matter if VS is ON or OFF it happens anyway, in the screen it was ON because the browser.

The 4 sec delay was until I opened paint, pressed print screen and etc. I kept my mouse over the balloon to not close so fast

Btw I noticed that the drag and drop over VS gadget doesn't work.

 

Apologies if this has been raised before but I'm new to this thread and I haven't got the energy to search through the entire thread.

I'm running VoodooShield 1.24 in Smart Mode on Windows XP. When the shield is Off, the Windows Installer msiexec.exe is blocked, but if I manually switch to Training Mode it is allowed.

I thought that Smart Mode is an automatic toggle between Training Mode (Off) and On, depending on whether a browser or email client is running. If that's the case, shouldn't the Windows Installer be allowed when the shield is Off? It seems to defeat the point of Smart Mode if I have to manually switch to Training Mode in order to install something.

If I've misunderstood the way VoodooShield works, can somebody please explain to me what the difference is between Smart Mode with the shield Off and Training Mode, thanks.

 

Very cool, yes, this helps a lot. It does look like that is what is causing the error in the event viewer, but VS should not be blocking this at all, especially if you have the option to Automatically allow all software in the Windows systems folders checked.

I installed Office 2013 on my Windows 8 computer and ran Word, Excel and Outlook, and VS did not block this file at all, and it did not add it to the Whitelist either.

Can you please reset your default settings in Settings / About and reset your whitelist and see if the problem still occurs?

I also added this process to the default process list just as a precaution. BTW, at some point I will clean up the default process list... there are a lot of processes we can remove.

Also, yes, the drag and drop does not work with Windows 8 yet, it is an issue with permissions. Hopefully we can fix that soon!

 

So is this only happening with v1.24? Have you tried the latest v1.25, and if so, is this still an issue? There were a lot of changes in v1.25, and I would not want to make serious changes to the latest version if an issue has been solved in the latest version, since it is running extremely well.

BTW, VS does block processes and does not whitelist them if they are in the appdata folder. This is so hackers cannot spoof updates, such as the Opera update and Acrobat Reader updates, for example.

 

I did in the morning the reset to default and reset log info, and then reset whitelist, the screen in the picture is after i reset it .

 

VS works really well on both from what I have seen. I install VS on most of my clients computers, and it always seems to run really well.

I think sometimes if someone is running several different security solutions, they might have a tendency to conflict with each other. VS seems to work really well with all of the traditional blacklist antivirus, but I would be curious what other AE and HIPS VS works well with.

 

That is good news! I really have no way of tracking that down. Hopefully as you add your other software, it will become apparent what is causing VS to start slower. It is most likely other security software, but it is really hard to say.

VS will start even faster when we run it as a service. But as far as I know, other software that is somewhat similar to VS loads in about the same time as VS.

 

Here are the settings. I don't know why I opened 3 VS windows and 2 of them shows the same info, but ..

View attachment 239083

 

It's cool! The cmd / msi problem will be fixed very soon, and this will not be an issue anymore. Basically, some other process is triggering msiexec.exe to run, and VS does not know the path of the process that triggered msiexec.exe. Once this is fixed, VS will know the path of the process that triggered it, and it will allow it, or prompt the user if they want to run it, if it is outside of Program Files or the Windows System folders that are automatically allowed.

Smart Mode toggles from ON to OFF, depending on if a web app is running, or a USB drive is inserted, etc. Whereas Training stays in OFF mode, and allows everything, and does not toggle.

 

Wow, that is very odd, VS should not be blocking c:\windows\system32\sppsvc.exe at all!! I wonder if this issue is caused by a conflict with one of the other security software's you are running. If possible, can you try the same thing, with the other security software disabled and see what happens? Thank you for helping track down this issue!

In the use log, does it show that c:\windows\system32\sppsvc.exe was blocked?

 

Thanks for confirming that.

 

Currently I'm using Windows Defender +Zemana AntiLogger as system protection beside VS.

VS log file doesn't give any information about the sppsvc block balloon, it doesn't register it.

I will disable Zemana but it's an antilogger, it automatically created allow rule for VS when I first installed it.

 

What happens if you click on the balloon to allow it? Does it show that path, and can you allow it?

 

Sure, thank you for the help!

 

If I press allow, the ballon disappears but after 1-2 sec another one appears about it, and after I allowed again, another one appears (I allowed it like 20-30 times in the last weeks, but I never found any information about that actions is whitelist or log file).

If I press scan to VirusTotal it gives an error and asks me to reopen the file again.

The path that VS shows in the ballon is ~

 

Can you go to that location and copy the file and paste it to your Downloads folder then scan it with VirusTotal and let us know the outcome like 0/46 don't post the full results just give us the number as I checked mine and it came back as 0/46.

Also I will test it on my Win 8 Pro 32bit and 64bit VM's to see if I can find anything.

TH

 

I think that ~ path is the default path in VS for Windows folder.

I use all the time virtualization when surfing the internet, or when I install softwares. The only time when I don't do this is only when I surf here on this forum and 3-4 more very safe sites or when browsing my desktop, but I did a full scan with Bitdefender IS 2014 and with Kaspersky pure 3 recently, 0 results. Is very unlikely that this to be "the hand" of a virus.

 

If that is the path, running the engine as a service will fix that. I should just put that at the top of the list of things to do!

 

Good point, we better check to make sure! Thank you!