VoodooShield/Cyberlock

PrivaZer is probably deleting a file VS uses from the ProgramData, or AppData Folder. It's most likely the ProgramData Folder. I don't know if VS uses the AppData folder for storing settings. Most coders use the ProgramData Folder, or Program Files Folder. I think I remember seeing some of VS settings stored in the ProgramData Folder in the past. I don't have VS installed right now to take a look at it.

Edited 3/13 @ 12:34
Edited 3/13 @ 12:36

 

PrivaZer could also be deleting a registry key belonging to VS, but I think that would cause a much bigger problem. I would first try making an exclusion for the VS ProgramData Folder in PrivaZer if it allows making exclusions.

 

VS uses ProgramData folder, but not the registry. Maybe PrivaZer deletes it. I need to check

 

Hello
I fixed the some bugs (the crash also) and now work on integrating Ai to VS. It should be ready soon.

 

Salutations/Greetings!

Looking forward to integration of Ai into VS! Let us know when it ready!

Does anybody know if WinAntiRansom by Ruiware has any kind bugs/conflicts
with VS?

Feedback, Sandboxie is working very well with VoodooShield latest beta! Keep up the
work!!!

Kind regards,

 

The strange thing is I have only seen this on one machine. My other machine does not appear to have this issue, at least so far.

 

Hi Sherry

DismHost.exe is not essential for Windows and will often cause problems. It is usually located in a subfolder of C:\Windows or sometimes in a subfolder of the user's profile folder, and but in this case it is being blocked in error if the Custom Folders blocking option is set...looks like it is something fixed by Vlad and so hopefully in the next beta release.

Regards, Baldrick

 

Great! Thank you Baldrick and @Dzp5t for this information. I looked on Google but I felt I was getting confused if this was a useful Windows file or not.

Kind Regards, Sherry!

 

Sorry I have been away... things have been crazy.

When in doubt, I would delete the .dat files. Once VS 3.0 is finalized, we should not have to delete these files anymore, thank you!

 

Cool, thank you for letting us know!

 

Most components should be removed, except for the .dat and .log files... when I get a chance, I will see what else we might need to clean up during an uninstall... thank you for mentioning that!

 

Hey Moose, is this still an issue? If so, please let us know, thank you!

 

I think this one if for Vlad .

 

Hmmm, that is really odd, we will have to add this to the to do list, thank you!

 

Smart mode will toggle VS ON and OFF when web apps are launched, whereas Always ON just stays on all the time and does not toggle with the web apps. I hope to have the VS owners manual ready soon... sorry for the delay.

 

Ok, got it.

 

Yeah, we could do away with the second prompt... I just want to make sure that the user knows that they are trying to allow a false positive... thank you!

 

Thank you Baldrick and pablozi, obviously we appreciate that very much!

 

Oops, sorry, I forgot to mention that! We might want to make it optional at some point to keep that parent process option checked, but still block SB processes. Thank you guys!

 

The limitation is on the database itself... so even if we did upload the large files hashes, they would not be in the database anyway. At some point we are going to upload the file if it is not in the database, but the same will hold true... the database does not support files larger than 125mb or so. Thank you!

 

Hopefully we will have the owners manual finished very soon, thank you!

 

Cool, thank you for the help, we appreciate it!

 

Thanxx for the info.

Why the dependency of those MS files, forgot the name?

 

I think Vlad is getting close to finishing the VoodooAi integration! We need to make sure our 2 friends from Croatia (you and Djigi) try the new version, because you 2 were the only ones that had issues with the stand alone version of VoodooAi (crazy large results). I wonder why it only seems to be an issue in Croatia.

Also, do you guys think it is a good idea for VoodooAi to automatically call any file Unsafe (1.0000) that has over 5 hits from the blacklist scan? The main reason I ask is because I do not want to confuse the user when the VoodooAi and blacklist scan results conflict... although it really should not happen that often. After all, the whole purpose of VoodooAi is to extract whatever features it can to help the user decide whether to run the file or not, and to me, the blacklist scan is one of the most important features, if not, the most important.

Also, instead of calling the file Safe, Suspicious, or Unsafe, should we just have the graph and indicator? There are a lot of times when the result is .5001 for example, so it is just over the threshold for a safe file, so it is called suspicious, even though the file is safe. As I was saying, we can adjust the thresholds / limits, but it might be better to just show the graph and indicator.

Keep in mind, sometimes VoodooAi will call a file suspicious (0.7500 or so) only because, for example, maybe the file does not have DEP / ASLR enabled and maybe the file is not signed or something. Sometimes this is because it is a really cool open source project and they do not worry about signing the file or whatever. But sometimes it is code that is written so poorly that it should not be ran on any machine . But, when the VoodooAi result is super high or super low, you can be pretty sure it is correct.

 

Welcome SSherjj! The main reason it is being blocked is because it typically runs from the AppData folder (or ProgramData folder, I forget which). These happen to be favorite hang out spots for malware, so it can be a little tricky dealing with this dismhost. But we have a couple of mechanisms in place, and hopefully this will not be a problem for long. Thank you!