VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Ah ha, I knew that you would have a good answer for that one, Dan. ;)

    Cheers, Baldrick :D
     
  2. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    Just an update: still no freezes on my system, even with Chrome running. Good work guys! :thumb:
     
  3. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    roger_m,

    Is it possible for you to test your malware pack with VoodooAi Sensitivity Reckless & 90 & compare with Balanced?
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you Baldrick! Yeah, I am not sure what all I can do to lower the result, I just have not thought about it, but I am sure there are some things I can do. It really is just a quick and dirty POC.
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, we appreciate that! BTW, VS has not froze on me at all while trying to isolate the freeze issue, so we might be getting close!
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    This would be cool, but keep in mind, he will have to look at each result after changing the sensitivity, since the sensitivity adjustment only changes the numbers... it does not move it from the Suspicious / Unsafe box to the Safe box automatically. I could probably make it so it does move the item to the Safe box, but it will be awhile before I get around to doing that.

    Also, I do not think it was a malpack that he tested... I think it was just a bunch of random installers. Thank you!
     
  7. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    VS only freezed for me once & got an unhandled exception error once, thats it. That was one of the earlier version 3.12 or 3.14 or around those versions.
    No probs after that.

    And I guess I am the only 1 who runs/tests VS with Windows Defender & FW & no other realtime security software.
    So there is near zero chance of compatibility probs for me & may be thats the reason no probs here.

    When VS 3 Stable will release I plan to run it with Windows Defender & FW only & exclude VS in WD on my Win 10 64 system.
     
  8. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    86
    Location:
    UK
    Sorry Dan, what I meant to say was that VoodooAi classified 159 of the 160 samples under its heading “Suspicious & Unsafe Files.” Without going through each one individually I can’t say which were specifically categorised as suspicious and which unsafe.

    Prior to submitting to VoodooAi I ran all 160 samples past a couple of second opinion scanners and every sample was reported to be either a worm, trojan, rootkit, downloader, trojancrypter or dropper - no adware or PUPs.

    So a good result from VoodooAi but although I don’t pretend to understand how it works I was just wondering why it would classify as safe a file that was so obviously malicious (VT=39/56 Trojan).

    And yes, VoodooAi and VS are a terrific combo.
     
  9. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    I meant those packs as those too will give a good idea on the sensitivity level. Malware I know VS will do good. Even Reckless does good with malware atleast with harmless samples so I know with real malware VS will do good.

    I want to see sensitivity level Reckless & 90 comparison with Balanced against those random installers.

    I know its very time consuming so I requested with "Is it possible for you?".
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It's not a malware pack, they are all programs I've downloaded and installed at some point to test them and I have 50 or so of them currently installed. There is a lot of unwated software there, but nothing is malicious - which is almost always the case for unwanted software.

    I tested again with the sensitivity set at reckless and 90. With the sensitivity set to 90, out of 406 installers scanned, 66 were classified as suspicious, and none as unsafe. With the sensitivity at reckless, nothing was identified as suspicious or unsafe.

    @VoodooShield I didn't realise until I had finished doing the reckless scan that I did not need to rescan the files when I changed the sensitivity.
     
  11. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Currently there is a bug in standalone VAi so if you test a program @ Balanced & just move the slider to Reckless/Paranoid, etc to get the results for Reckless/Paranoid, etc you will get wrong results. To get correct results you have to set the sensitivity & browse the files again.
    So you did right i.e set the sensitivity to Reckless & rescanned/browse the files.

    I did a little test & noticed that Reckless too works good i.e I have noticed with my little test that almost all the time files calculated as Unsafe @ Balanced are calculated as Unsafe @ Reckless too. And Suspicious files @ Balanced are mostly calculated as Safe/Auto-Allowed @ Reckless.
    Your test with 406 installers obtained the same results i.e @ 90 none of the files were calculated as Unsafe And @ Reckless too none of the files were calculated as Unsafe. And @ 90 files calculated as Suspicious were calculated as Safe/Auto-Allowed @ Reckless.

    Suspicious verdict of VAi is little sensitive. Reckless seems works good for Unsafe files. I will give a try to Reckless sensitivity on my system. And Blacklist scan is there for stuffs too.

    I will request testers on malwaretips to test VS on Reckless too. Would be interesting to see the results.

    I am kinda liking Reckless.

    Thank You roger_m for your time, support & tests.
     
    Last edited: Jun 13, 2016
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    +1 here...but I was not really seeing any before...but I suppose that if I am not seeing any no means that nothing has been broken whilst trying to fix the issue for those who have it. :D
     
  13. @VoodooShield

    Dan,

    I am playing with the portble at 100%. What is AI value cut off point for something to be considered safe and unsafe?
     
  14. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    After today's Windows Updates I had my first freeze with version 3.26.
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I will catch up soon... there is a chance the freeze issue is fixed in this version. It has been completely stable for me for 5 days or so.

    http://www.voodooshield.com/artwork/InstallVoodooShield327.exe

    BTW, I heard back from Vlad... he is doing well. It is a long story, but basically we are on the right track to fixing the freeze issue, if it is not already fixed in 3.27.

    Also, the dismhost issue is a little tricky for Windows 10 (and possible :cool:... I looked into it and the code looks right, and I think it is a great idea that Vlad (or whoever came up with). But I think the reason it is acting up with dismhost is because VS, along with the user, does not have access to, for example C:\Windows\Temp... so VS cannot get the hash to compare and auto allow. So I need to play around with it some more... there is always a way around these types of obstacles ;).

    Thanks again, talk to you guys soon!
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Downloading slooowly now. :thumb:
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I noticed that as well... who knows, maybe VS is actually catching on? ;). I will reply to the posts I missed asap... sorry, things are a little crazy right now.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Strange, one machine took about a full minute and the other downloaded in a couple of seconds. Both connected to the same network.
     
  19. guest

    guest Guest

    But the service (with system rights) has access to C:\Windows\Temp
    Let it get the needed hash from these files and hand it over to Voodooshield.exe (that can now compare the hash)
     
  20. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Dan

    Installed over the top and so far looking good. :thumb:

    Regards, Baldrick
     
  21. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    Same here. So far good to go!!!
     
  22. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    Downloaded 327 over 326. Only problem, when I closed Firefox, VS 326 wouldn't turn off. Finally stopped 326 via task manager. Updated over 326 and all running fine right now, a couple of hours.
     
  23. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    Still getting the warning situation ..

    'Something is trying to close VoodooShield, so your computer is most likely under attack!!!

    Please don't close VoodooShield at this time!!!''

    when overwriting VS after choosing install mode. (this was from 3.26 to 3.27)

    However pressed ok button and 3.27 installed :)

    Running fine here
     
  24. martk1972

    martk1972 Registered Member

    Joined:
    Dec 6, 2009
    Posts:
    6
    Location:
    Sheffield, UK
    Installed 3.27, all good so far and no freeze. Well done :thumb:
     
  25. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    Same situation here; warning, then closing dialog and install went fine. No freezes as of yet!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.