VoodooShield/Cyberlock

It seems like both of files were firstly installed at 02.01.2015 and it had one hash and then those files were updated at 20.03.2015 and the new files have another hash value.
If you update the file - the old entry is not deleted from the whitelist.

 

@Krusty13 - you made my day. That's funny...

I'm not trying to be offensive. With full-blown paranoia peddled, daily, on the internet, I can see why people would think such a thing were possible.

 

That was my fault. I forgot that i tried VS last year, so there are old entries and checksums
You're right.

 

I've got an old e-mail account which is a good source of new malware as it is constantly spammed by fraudsters. I got a booby trapped word doc today loaded with Dridex variant.

VS flagged the dropped VBE script but said it was likely an FP (I assume because only 1 out of 57 on VT flagged it). Is there anyway to disable the 'probably an FP' notification? I'd rather it just flagged the execution and let me decide without the advice.

Thanks

 

Yeah, it was only half a joke though.

Cool!

 

Nice one, Vlad

Will install and start testing ASAP.

 

Salutations/Greetings!

VoodooShield v3.10 Beta can you install over existing version.
Posts: (9003,9004)

And do have a list of the improvements in VoodooShield v3.10 Beta?

Also, do you have a time frame for VoodooShield v3.11 Beta being
complete?

Kind regards,

 

Yes.

https://www.wilderssecurity.com/threads/voodooshield.313706/page-360#post-2574607

I'll have to defer to the developers for this but I'll guess, when it's ready.

 

Guys, a newbie question.

I need a little help with editing Command Lines. I have two that keep appearing with every virus definitions update for Norton. Please see attached.

Part A


Part B


The only part as far as I can tell that changes is the \20160322.003\ as above. I'd like to use a wild card so as these Command Lines stop being created with each new updates. I tried deleting that number and replacing it with "?" but that didn't work.

Can someone help?

Thanks in advance.

 

Ah ha!

Replacing the number with * might of done the job. I will see after the next virus def's update.

SOLVED!

 

This is still problem because I'm from Croatia or something else?

 

No problem @VladimirM, thank you for taking a look at it.

 

Was this answered? I searched but didn't see any reply.

 

From the User Guide:

 

It seems like the AI server drops the requests. Dan is checking why it happens.

 

You're right, the wrong symbol was used in the wildcard
? - is a single character, * - any number of any characters (match as many as possible)

 

I believe that it will be released in week or two. The 3.10 seems to have a lot of problems, so I want to fix as much as possible before the next release.

 

What does Scan & Allow do if a non-whitelisted process is spawned that is determined to have 0 positive detections...? (no file found)

 

@Krusty13 I guess the '22.5.5.15' will also change over time. Wonder if you can use more than one '*' ...

 

I run a Virtualbox now and it looks OK:

 

Custom folders bug is fixed.
Performance bugs fixes are not planned for the next release. I'll take a look on it, if there is something simple that I can do, then I'll try to improve it.

 

Yeah, that could be the case but I will deal with that when the time comes. Norton has already upgraded to 22.6.0.142 but that component is still at the older version. Perhaps when that component does get updated that it could be a slightly different path. I think if my wild card stops working then it will be pretty easy to edit the new command line.

Thanks.

 

v3.10 beta running very nicely here with no observable issues other than in some cases a slight delay in delivering the AI verdict.

Baldrick

 

I tried 3.10 Beta (Scan & Allow Mode)

I run a software Syncovery. Got an alert. It mentioned "Unknown". So it seems in Scan & Allow, non-whitelisted with no detection, alert is there.

And VoodooAi seems excellent.
For the software I got FPs from multiple engines, VoodooAi correctly calculated "Safe".
Only 1 software VoodooAi gave FP i.e "Unsafe" VirusTotal Uploader Installer.

Tried big files & VoodooAi correctly calculated "Safe". And VoodooAi is quick i.e doesn't takes much time.

Is VoodooAi going to be there in the free version?

UPDATE -
Tried Smart Mode. 2 more FPs i.e Unsafe from VoodooAi, DnsJumper & VidCoder.

 

Yeah, the blacklist scan had a couple of false positives, but VoodooAi go it right... it returned around 0.2000 or so. Once we adjust the prompts and adjust the blacklist results with VoodooAi, we will be good to go. Thank you!