VoodooShield/Cyberlock

Hi Dan

Will never get tired of say it but a masterpiece takes time to craft and produce...so take your time...we will continue to wait patiently...as we know that the wait will be worth it!

Regards, Baldrick

 

VDS v. 2.51a beta

VDS permanently disables access to cmd.exe and powershell.exe in Windows Explorer (Explorer > File > Open command prompt or Open Windows Powershell) - even when switch VDS to OFF or Exit VDS.

To regain access requires system reboot.

 

VDS v. 2.51a beta

Windows 8.1 x86-64 (OEM) Toshiba
AMD A8-6410

Once set password, the only way to revert back to not using a password is to select "Set Password" with empty password fields. This is not intuitive.

Plus, currently, if user sets password then when user attempts to re-enter VDS, at password entry prompt the field will not accept it - and user is locked out of VDS.

Additionally, if user tries to "Restore Default Settings" there is an Error message when user enters password at password entry prompt - and user is still locked out of VDS.

 

- RESOLVED 2.70a Beta

Password field - inconsistent cursor placement: Ver 2.5 & 2.51

Hi all,

I've skimmed recent comments in the thread and this issue does not appear, so I'm assuming it’s a local software conflict or possible corruption.

The issue:
Password protection is active. Right click 'shield icon' and select 'Choose mode'.
Password dialogue box displays. Cursor actively flashes 3 times then disappears.
It will display key entries if entered whilst flashing, but appears to time out.
Otherwise cursor requires manual placement (sometimes twice) for each character as entered.
Same behaviour cannot be created elsewhere e.g. web browser fields, explorer search field or documents

Previously running either 2.3 or 2.31 without this issue. Any thoughts?

 

Same identical issue on my system, VDS v. 2.51a beta. See post previous to yours - I just didn't cover all the exact details as you have done. Much thanks...

 

- RESOLVED 2.70a Beta

Hi Dan,

Encountered an 'unhandled exception' while running a 'new' executable with VS2.51a beta set to 'Smart'

VoodooShield did as expected initially:
Triggered an alert "A threat has been detected!!! (1/56)

Selected 'Allow'
Triggered VoodooShield false positive message

Selected 'Allow'
Resulted in an 'unhandled exception'

​

System spec
Win7 x64

 

...fwiw (on my xp) I tried comodo fw after OA, and too many things not functioning correctly or too slowly... I just tried Outpost Pro 9.1 trial, so smooth I bought license a few days later, and now been several weeks, and smooth, no impact with nod32, and now I even have hmp.alert3_187 running aok. OP is app to consider unless you already have.

 

VDS v. 2.51a beta

Windows x86-64 (OEM) Toshiba
AMD A8-6410

This probably doesn't help much, but here it is in any case. From Windows Reliability Manager. No mem dump created, random occurrence.

Source
VoodooShield

Summary
Stopped working

Date
5/10/2015 8:16 PM

Status
Report sent

Description
Faulting Application Path: C:\Program Files\VoodooShield\VoodooShield.exe

Problem signature
Problem Event Name: CLR20r3
Problem Signature 01: VoodooShield.exe
Problem Signature 02: 2.0.0.0
Problem Signature 03: 55332026
Problem Signature 04: mscorlib
Problem Signature 05: 4.0.30319.34209
Problem Signature 06: 53489fcf
Problem Signature 07: 159a
Problem Signature 08: 3
Problem Signature 09: System.ArgumentNullException
OS Version: 6.3.9600.2.0.0.768.101
Locale ID: 1033
Additional Information 1: a2b4
Additional Information 2: a2b4f865b8ad2f2764b5f15e691d1c7f
Additional Information 3: bd97
Additional Information 4: bd97341b8f3cc93baf427f37fd2b3477

Extra information about the problem
Bucket ID: 4ded801658dc9c1d9d33455984b5c46f (9473560726)

Also getting Runtime Error: ngen.exe - insufficient space - not sure if related.

Best Regards,

HJLBX

 

Sorry it has been awhile . I will catch up on the posts soon, but we will probably have to ignore most of the bugs in the old version for now because so much has changed and most of those bugs should be fixed now. Although, as many changes as I made, I am sure there will be a few bugs we need to work out, but I think we are in great shape.

BTW, THIS VERSION IS NOT READY FOR WINDOWS XP YET!!!!!!!! But it should be fine for all other versions of Windows. The XP version will be available in the next couple of days.

Up to version 2.50 there was a major design flaw that I never noticed until CET asked me about a multithreading issue. While everything we perfectly safe, and everything would have been blocked properly, it really needed to be changed. So basically, I redesigned pretty much all of the main code from scratch, and I think most of the bugs are worked out (I did my best ).

The whole idea in this version was to suspend the process creation until VS or the user could decide whether to allow it or not... instead of blocking it first and running it later. Doing it this way is sooooo much more smooth than before... you will see.

Also I put the notification / information prompts at the top right for now, and the prompts that might require a user response at the bottom, that way they are separate. I think it is more functional, but I am not sure that I like it that way, so please let me know what you guys think.

Since it was vital that we keep deny by default (so that the user is not forced to make a decision to an affirmative prompt), I have limited the number of active prompts to 5... which actually might be more than we need anyway.

BTW, VS flashing means that it blocked something, while the progress bar means that it is scanning something . We might want to do some kind of mouse over feature on the progress bar while VS is scanning, but the scan happens so fast that we might not be able to do it. I also added an auto quarantine feature, along with a few others... they are all in Settings, please check them out.

I still have to line up a few things (like the countdown timer) and resize a few things (like the prompts), but I think we are in pretty good shape. But under the hood, VS is now a COMPLETELY different animal altogether. BTW, the countdown timer stops when the mouse is hovering on the miniprompt or the userprompt... it is not a bug .

So this should be working pretty well, but if there are any major issues, you can always go back to 2.51 until they are resolved.

Also, I am waiting for approval on a new feature where VS will scan the running processes on start up... it will skip the known good Windows processes, but will scan the other stuff... focusing on appdata and programdata.

It was a very, very long month or so of work, but I think it is going to be worth it, please let me know what you guys think!

Your old settings and snapshots should work, but if you run into any weird problems, please reset them. I will catch up on the posts asap, thank you!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.70a beta.exe

 

BTW, please make sure to check out how Smart Mode now operates... that is what this version is all about. The goal is to make it as user-friendly as possible, limit the number of blocks to an absolute minimum and still be perfectly safe.

I think we are close .

 

I am going to post the first bug . PowerShell is being whitelisted when it should not be... it is an easy fix .

 

Hi Dan,

Many thanks for the new beta. I'm doing an upgrade right now and of course I'll let you know if only I notice any issues

Best regards ,

Mike

 

Hi Dan,

I’m not sure what’s expected, so please treat the following as feedback

A) Custom Blocked Folders
Do you expect an executable to be completely locked down or only unable to make change?

Ran a test executable (jre-8u20-windows-x64) within a folder declared in VS
VS Balloon prompt: Click if you intended to allow (displays for a few seconds then disappears)

Check -> VS User log: listed blocked​

Welcome to Java setup dialogue box appears

Select ‘install’​

Balloon prompt: Click if you intended to allow (displays for 20 sec count down)
Error: Java update did not complete

B) Quarantine
Run test.exe (gapa)
VS Balloon prompt: Click here for details

File is not digitally signed (Blocking in 20)
Possible Worm32
Select Quarantine​

Check -> VS Quarantine tab: Listed test.exe

Rerun test.exe
Repeats above process e.g. prompts, adds a 2nd entry under quarantine tab, test file remains in original location

C) CMD
Able to launch command prompt. Logged as Admin on Win7 x64. VS mode = Smart. VS default advanced setting i.e. Do not whitelist the following items: CMD flagged

 

I still have not tried the latest version so I'm writing this based on sasaq's post...

I don't like countdowns and autoshutdown of notifications.
Can you make this optional in settings?

 

Cool, thank you, let me know what you think!

 

Hmmm, I have not thought about the scenario where a user runs an installer from a Custom Blocked Folder. I think typically a user would not run an installer from a Custom Blocked Folder, but we should figure out how to handle it just in case. Obviously the initial installer should be blocked, but the question is whether the parent process feature should allow the child processes that the installer spawns or not. How do you think VS should handle the child processes in a Custom Blocked Folder? I downloaded the java installer and it seemed to work for me. What is the path of your Custom Blocked Folder?

On the Quarantine, I ran the same test that you did and it quarantined both files as expected. What was the path of your test file?

Yeah, the CMD issue is the same as the PowerShell issue, I will fix that. Thank you!

 

Yeah, we can make that optional .

 

Thanks, Dan!

 

Re: Custom blocked folder; As a newb I'm unclear on the scope/expectation of blocked? I could access files through win explorer and guessed the focus might be executable (self executing or otherwise). As far as child processes, my thinking, simplicity is best where possible e.g. if blocked translates to can't execute, I would suggest that applies to all. It worked for me as I ignored the VS prompt, which then auto blocked the java installer and produced a java error. End of story

Re: Quarantine; again not sure of expected result e.g. does it work like an antivirus handles 'quarantine', by moving it to a locked down location? Path: E:\user2\Downloads\Archive (current Admin account). Also noticed 'Windows Critical Stop' sound following selection to quarantine. Might be just my rig.

UPDATE 14.05
I understand Smart mode protects the 'user space', but how is VS distinguishing user space e.g. is it simply the user data directory ( C:\Users\%USERNAME%)? I ran some tests as follows; if you would explain the results that will bring me up to speed:

Notes:
C drive is an internal SSD
E drive is an in internal HHD
My Documents re-mapped from default location

SMART mode
C:\Users\User\Downloads\gapa.exe – VS reports Quarantined – file disappears from original location
C:\Users\User\Desktop\gapa.exe – VS reports Quarantined – file disappears from original location
E:\folder_1\My Documents\gapa.exe – VS reports Quarantined - file remains (My Documents re-mapped)
E:\folder_1\folder_2\folder_3\gapa.exe - VS reports Quarantined – file remains

ON mode
E:\folder_1\My Documents\gapa.exe – VS reports Quarantined – file remains (My Documents re-mapped)
E:\folder_1\folder_2\folder_3\gapa.exe - VS reports Quarantined – file remains

 

when you right click the taskbar icon using 2.70, the message that "left click is disbaled" obscures the right click menu.

 

Hi Dan

All installed on Win 7 64but & Win8.1 32bit...and all running hunky dory for the moment...early days I know but looking good.

Regards, Baldrick

 

Same here on Win 8.1 Pro x64, I like the Disable/Install mode!

Daniel

 

270a
Right Click taskbar Icon shows Left Click Disabled balloon covering right click menu...
x close Left Click Disabled balloon also closes right click menu...
Why does VS have Left Click Disabled balloon...I know left click is disabled.
Countdown is time pressure. Why does VS need 'countdown'. Is 'suspend' time sensitive.
Command Lines has no way to edit/wildcard. I've heard Command Lines are automated. I have the same Command Line multiple times because the string changes.

 

270a SmartMode
VS taskbar Icon flashing/blocked for May MSRT ... wish copy paste was available...
Only saw VS taskbar Icon flash out of the corner of my eye ... no prompt dialog...
Log shows MSRT blocked. So, I whitelisted. IDK if it made a difference. MSRT ran. Maybe because scan was clean. Curious that MSRT was detected...?
I have un-checked to show prompt instead of balloon...
I have Automatically scan blocked...
Did something happen to prompt .. ?
Did something happen to scan blocked...?
Maybe Always On will show prompt.

 

I just installed the latest beta on Windows 7X64 Ultimate SP1. I configured VS to prompt me when encountering an executable not on the whitelist. I also unticked Allow all Software from the Program Files Folders. VS is silently blocking everything not on the whitelist from Program Files Folders, and the User-Space without prompting me. The VS tray icon does not even blink. If I try to launch anything located in Program Files then windows gives me a message that states, "Can't open this item. It might have been moved, renamed, or deleted. Do you want to remove this item?" I'm using Always On Mode. Below is a screen shot of my settings.