VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting us know! I just received an email from a wilders user, and actually I do not know who it is yet. But he has a lot of detailed information about the VS freeze... he is a computer dude in India and has been running VS on his clients computers, and they have various traditional security software on them. VS works great with some, and not others... I asked if he wanted to post his findings, so let's hope that he does. Either way, between the info that you guys supply on here, his recent email and the additional logging, I think we will have the freeze issue fixed soon. Thank you!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for posting this info, it really helps! It really is crazy... it is almost impossible to determine what is malware and what is not anymore... which is why I think we should have a zero tolerance policy ;).
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you TH, I agree... Now, if they made the PUP's easy to remove, it would not be that big of a deal. But pretty much every one that I have seen made it extremely difficult to be removed, by the user or a computer tech. Seriously, without adwcleaner, I would have had to reinstall windows on many, many, many occasions... they really are that bad.
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, now that is funny Kees ;). Thank you for the good laugh!
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    How funny, you guys are cracking me up!
     
  6. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    460
    Location:
    Mercia
    I know this sounds far too simplistic Dan but do you think there is there any benefit in asking all testers to provide you with a list of the security software that they are running along with VS and whether they have had VS freeze? Just thinking that it might give you some idea if there is a pattern before requesting more detailed logs from the more likely candidates.

    Pleased to report no issues with 3.28L so far. I am also running Webroot SA and Malwarebytes Anti-Exploit if that is of interest.
     
  7. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,236
    Location:
    The Netherlands
    Just installed 3.28 and running in smart mode. My realtime AV is Emsisoft Anti-Malware and i'm trying to decide if Malwarebytes Anti-Exploit is overkill. Not installed for the moment. No issues to report yet.
     
  8. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    460
    Location:
    Mercia
    If it's any help, I've been running MBAE for over two years and it is incredibly light on resources. It is also "install and forget" and I've installed it on family members' PCs to complement their main AVs.
     
  9. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,236
    Location:
    The Netherlands
    Thanks, I know it's light on resources and I too install it on family members pc's. But VoodooShield itself has anti-exploit functionality. MBAE has never blocked an exploit on my computer. So I wonder if I need it and if there can be a conflict with VoodooShield. I want to keep my setup as simple as possible.
     
  10. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    460
    Location:
    Mercia
    All I can say is that from my experience, there is absolutely no conflict between MBAE and VS. Whether you NEED them both is another matter of course.
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    If the application that is being exploited is patched with the latest updates then it is unlikely you'll see any alert from MBAE or some other anti-exploit tool. For the most part the attack used in exploits work against older unpatched versions of Flash, Java etc. so if you have any of these vulnerable programs and you hit a website with that exploit code then yes, you should see an alert from MBAE.

    I'm not sure if VoodooShield's anti-exploit protection works in a similar way. Hopefully @VoodooShield can shed some light on this aspect.
     
    Last edited: Jun 22, 2016
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,444
    Location:
    Among the gum trees
    No, not yet.
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,626
    Dan, I did some quick testing using the same malware pack that you used. I ran scans on 500 files. They actually all seem to be malware and adware without any PUPs. But, I need to do some more testing to see if some the adware detected, is actualy installers which can install unwanted extras you can opt out of, rather than installing actual adware.

    A few of the files were detected as being clean by Jotti. However, it's possible that they would have been detected by one or two scanners if scanned at VirusTotal due to it using more scanners. I used to use the excellent PhrozenSoft VirusTotal Uploader, but it no longer works, so I'm using JottiQ as an alternative.
     
  14. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,626
    I just scanned 500 more files, and I can confirm that pretty much all the samples are actual malware or adware. There were a few damged files, but for the rest there were only 9 files that were either definitely safe or most likely safe (only a single heuristic detection for the file at VirusTotal). So it is a good source of files for testing.
     
  15. indian11

    indian11 Registered Member

    Joined:
    Jun 19, 2016
    Posts:
    2
    Location:
    india
    I am using VS for past one year and have installed the free VS on more than 80 customers computers, they are all working perfectly ok, earlier there used to be lots of problems created by viruses....

    what I found after installing VS, a few systems around 7 still gave freeze problems, so any how I solved the problem in 5 of them.

    what I found that after VS AI came from around v 3.10.... there was a clash of VS Artificial intelligence along with real-time scan of AV.

    How I solved it o_O? by removing the variety of AV and installed Avira, as it works perfectly and there is no clash with VS.

    Overall after installing VS, it protects a lot, earlier due to viruses, fresh install of Windows had to be performed.

    My security set up is Sandboxie also with Avira, second line of defense is VS alongside MBAE. for testing variety of software I use Shadow defender.

    Thus the freezeeee problem is due to clash of VS AI alonwith some specific AV, due to which VS starts consuming lots of ram and this leads to freezeeee.

    I think, Dan needs to look into this clash with some real-time AV.

    overall VS is a very sophisticated piece of software and hope Dan solves this compatibility issue with some AV.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you Cache... yeah, exactly, I think that will really help narrow down the freeze issue.
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great to know, thank you!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I agree, MBAE is super light and works well with VS, so it certainly could not hurt. VS should block any payloads of exploits and should also block when an exploit from a web app tries to exploit, for example a vulnerable windows file. But since they work really well together and are super light, you might as well run both!
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for checking that out. Yeah, the one thing I did do to pre-screen the samples is to make sure that they were actually executable (not damaged), other then that, I just wanted to keep the test as random as possible. VirusShare really is a great resource for malpacks... I also like the fact that they seem to have a lot of variants of the same malware in each sample... they do a great job!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you indian11, this will help tremendously. BTW everyone, this is the computer dude that emailed me earlier, and pretty much said the same thing in his initial email to me. VoodooAi was actually first implemented in 3.09, but it did not show in the GUI yet at that point, so I think indian11 really has this narrowed down for us... and I am sure everyone appreciates his help a lot, since this bug has been extremely difficult to isolate!

    It is also great to hear that you have the same experience that I have had with installing VS on customer computers! The thing is, we have to make certain of two things... first, we have to make sure that the basic locking mechanism is working correctly and that VS actually blocks what it is supposed to block. And second (which is independent of the first), we have to make sure that the VS interface is designed in such a way that the users are able to understand and use VS properly, so that everything that needs to be blocked, is actually blocked, and not accidentally allowed because of operator error (or an ineffective / confusing gui). And really, there is no better place to test this then the real world, on actual user computers... and it is great to see that you have had the same experience that I have had... that basically, after installing VS on customer computers, malware problems seem to magically disappear.

    So you have helped tremendously on several things, and I certainly appreciate it! I hope to have the freeze bug fixed very, very soon. Thank you!
     
    Last edited: Jun 22, 2016
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    That's a great point Tony... MBAE is pretty silent (often times due to patching), which is a great thing... there is no use in bothering the user with unnecessary or dangerous affirmative user prompts.

    MBAE works by blocking the 24 or so exploit techniques used by malware authors, so it is pretty cool what they do. VS blocks the payloads from these exploits, but also blocks web apps from opening pretty much all of the windows files, since these are the most commonly exploited files. We could specify a list of vulnerable windows processes and only block these, but every few months, there seems to be a new vulnerable windows process that all of the malware authors are trying to exploit. When that happens, somehow the vulnerable windows process list would have to be updated in order to patch this vulnerability. A few months back, I came to realize that web apps never need to open any of the windows files anyway, so why not just block them all? There were a handful (3 or so) that we have to allow web apps to open, and only block the payload if an exploit tries to spawn a child process from these vulnerable processes, but it ended up really working great and made everything super secure... my only regret is that I wish I would have thought of this a long time ago ;).

    So yeah, you should be perfectly secure with VS, but as light as MBAE is, it certainly would not hurt to install it as well. Thank you Tony!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know. Man, if we could just figure out a way to reproduce the bug, we would be good to go. But like me, you have to wait 2-3 days to get it to freeze ;).
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I appreciate that! Please let me know what you find!
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,444
    Location:
    Among the gum trees
    Yeah Dan, it's a right pain in the arse. The only time VS freezes on me is when I'm prompted for something out of the blue, like when Software Reporter Tool runs for example. Since I normally disable VS when updating or installing VS does not freeze. :shifty:
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, so maybe if we can figure out how to spawn the Sofware Reporter Tool on a system with Norton, or one of the other AV's that indian11 mentioned, we might be able to reproduce the issue. If we can reproduce the issue, it will be a 2 minute fix. It probably is a permission issue with VoodooAi... like the AV is locking the file and does not give VoodooAi permission to analyze the file. The logging that I added yesterday should create a log entry if this happens... that is unless we figure out how to spawn Chrome's Software Report Tool manually first ;). Thank you!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.