VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Yes I do know that but was asking other users as well.
     
  2. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Well we can all say HOW it works but I would argue only Dan can say WHY it works the way it does.
     
  3. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    Where can you download VoodooAi from? there is only download links for voodooshield on the voodooshield.com website. So where do you download VoodooAi from?
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Dan gave a link to the portable version of VoodooAI in this post.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    A link to it and the latest beta were in Dan's signature too but I guess he removed the links when he had his dummy spit.
     
  6. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Could someone tell me what "autopilot" is...Last time I used VS it wasn't an option and there doesn't seem to be a mention of it on the developers site..I don't doubt its explained somewhere in this thread but I'd probably miss it through vision fatigue due to the tread size :)
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Autopilot Mode is the new name for Scan and Allow Mode.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just tried this portable version, and the application stops responding right after selecting a file to scan using the browser button. I then get a .NET Framework error about 10 seconds after that. I think this could be why VS has not worked for me since VSAi was integrated into VS. Below is the .NET data from the Application crash. It appears to me that VS is not able to gain internet access at my gateway, but that should not cause the application to crash. I would assume there is a flaw in the code somewhere that is causing the crash.

    I have Eset Smart Security 10 beta, AppGuard, and MBAE installed. I have AppGaurd disabled while using VSAi. I'm using Windows 7X64 Ultimate. I will try VSAi again right before I have to roll my machine back for testing. I can try it without any other security software installed then. I have done this twice before though, and it did not help.

    Regards,

    Cutting_edgetech


    Code:
    See the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.
    
    ************** Exception Text **************
    System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - An attempt was made to access a socket in a way forbidden by its access permissions.)
       at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject)
       at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
       at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
       at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
       at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
       at System.Data.SqlClient.SqlConnection.Open()
       at VoodooAi.VoodooAi.IsFileInSQLDatabase(String ProcessHash)
       at VoodooAi.VoodooAi.btnUnknown_MouseDown(Object sender, EventArgs e)
       at System.Windows.Forms.ButtonBase.OnMouseDown(MouseEventArgs mevent)
       at System.Windows.Forms.Control.WmMouseDown(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ButtonBase.WndProc(Message& m)
       at System.Windows.Forms.Button.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    
    
    ************** Loaded Assemblies **************
    mscorlib
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
    ----------------------------------------
    VoodooAi
        Assembly Version: 1.0.0.0
        Win32 Version: 1.0.0.0
        CodeBase: file:///C:/Users/Public/Desktop/VoodooAi.exe
    ----------------------------------------
    Microsoft.VisualBasic
        Assembly Version: 8.0.0.0
        Win32 Version: 8.0.50727.5483 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
    ----------------------------------------
    System
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.8686 (QFE.050727-8600)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
    ----------------------------------------
    System.Windows.Forms
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
    ----------------------------------------
    System.Drawing
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5495 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
    ----------------------------------------
    System.Runtime.Remoting
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5488 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
    ----------------------------------------
    8d47107fb11f429aa5babd3a73faa2c8
        Assembly Version: 1.0.0.0
        Win32 Version: 1.0.0.0
        CodeBase: file:///C:/Users/Public/Desktop/VoodooAi.exe
    ----------------------------------------
    System.Core
        Assembly Version: 3.5.0.0
        Win32 Version: 3.5.30729.5420 built by: Win7SP1
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
    ----------------------------------------
    System.Data
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_64/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
    ----------------------------------------
    System.Configuration
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
    ----------------------------------------
    System.Xml
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5494 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
    ----------------------------------------
    System.Transactions
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_64/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
    ----------------------------------------
    System.EnterpriseServices
        Assembly Version: 2.0.0.0
        Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
        CodeBase: file:///C:/Windows/assembly/GAC_64/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
    ----------------------------------------
    
    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging
    enabled.
    
    For example:
    
    <configuration>
        <system.windows.forms jitDebugging="true" />
    </configuration>
    
    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.
     

    Attached Files:

  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just used killswitch, and CPort to see what port VSAi is using for outbound, and the application does not even show up as attempting any outbound traffic. I'm not sure what the deal with that is. My firewall did alert me for the attempt, and I chose allow. Hmmm....
     
  10. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Thank you :)
     
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @VoodooShield I know that you are away right now and I hope that all is well. This comment is not urgent. I just wanted to follow up regarding the digital signing of kernel-mode drivers.

    Florian (of Excubits/Bouncer) was in contact with Microsoft Sys Dev team and was able to confirm that, indeed, starting August 2nd with the Windows 10 Anniversary Update (and 2017 with Windows 7 and 8.x, Microsoft will be enforcing that all kernel-mode drivers will require an EV certificate for digitally signing the drivers.

    I will quote his interpretation of the reasons that Microsoft gave him for this new requirement, clearly security related:

    He also explained that increase in costs for EV certification of kernel-mode drivers per platform, etc. It is definitely hefty for any smaller software companies and developers, unfortunately.

    Anyway, I hope you are doing well and hope that you are able to enjoy some time off. :)
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Oooops, the links are fixed in my signature, sorry about that. BTW, if VoodooAi is not working for some reason, either a firewall is blocking it (so you need to create an exception in the firewall), or the regional settings are not working properly, or you might be running an old version that is not active anymore. The first two issues will be fixed sometime soon... well, the regional issue will be fixed... for the firewall issue, I will probably just have to warn the user that they need to make an exception in their firewall.

    If you guys need anything, please email me. We are in the process of figuring out a path for VS... and there are a lot of things that I need to wrap up. As soon as we have figured out a definite path for VS, I will let you guys know. I have a tenancy to spend countless hours on Wilders, and right now I need to focus on a few things. As I was saying, everything is great.

    J_L, if you or anyone would like a license, please email me at support at voodooshield.com.

    I will check out the USB and make sure it is working properly... please keep in mind that this feature is intended for Smart Mode only, since VS is always on in Always ON mode, and same with AutoPilot.

    BTW, yeah, AutoPilot is an enhanced Scan & Allow mode. There are a lot more tweaks we can do to it to make it even better in the next month or so.

    Thank you!
     
  13. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Thanks for the update Dan - glad all is well. Regarding the USB issue, I think part of the confusion arises from the fact that "Basic Settings" says: "Activate VS when USB is inserted in Smart AND Always ON mode". Maybe a short reword would help.

    EDIT. I should point out that I am still using 3.28 so it may have already been changed in 3.29 for all I know.
     
    Last edited: Jul 4, 2016
  14. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    No webapps running and inserting USB stick does not appear to trigger USB Shield, as Daniel has advised. I will double check the webapps but I think that none are active when I try this.

    Baldrick
     
  15. guest

    guest Guest

    Smart Mode (no webapp running) / [X] Activate VoodooShield when USB drive is inserted / Insert USB-drive/stick
    These three things should trigger it.
    But i see that i have to update to a newer beta. I'll test it again after i upgraded.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for the info WildByDesign.

    BTW, I see what you guys mean by the USB features... we can make it behave however you guys think is best (it is easy to change). Once I catch up on a few things, we will figure out what makes the most sense to everyone and adjust it. Thank you!
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    IMO it's a USB Shield so whenever you plugin a USB it should be ON unless you have VS in Learning Mode or Disable/Install Mode.

    Thanks,

    Daniel :)
     
  18. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Agreed, Daniel...+1 here to that. :thumb:

    Regards, Baldrick
     
  19. guest

    guest Guest

    What is the difference between "autopilot" and "Trust the blacklist scan false positive detection and auto allow files not detected as unsafe by VoodooAI in all modules"?
    How do they play together?
     
  20. Turing Doenitz

    Turing Doenitz Registered Member

    Joined:
    Oct 23, 2013
    Posts:
    31
    Location:
    Australia
    Very happy with 3.28 running on Autopilot. The only real recurring issue that bugs me is with updating Chrome. VS has flagged the Chrome software reporter tool as unknown and has popped up with an alert a few times. I did a manual update of Chrome the other day from within the browser and it failed even after several "allow" clicks. When I tried again with VS in Disable/Install mode all was good.
    I know that others have already mentioned it in this thread before, and It does not bother me as I know what to do; but for a non tech savvy person (which I believe Autopilot is perfectly designed for) seamless upgrading of Chrome is a must.
     
  21. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    That's a good question since they sound as though they more or less do the same thing. This setting was probably introduced when Scan and Allow was changed to Autopilot since neither are referred to in the User Guide that was written for v3.0.

    Hopefully Dan will explain when he has the time and, even better, update the User Guide! ;)
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I will catch up on the posts I misses asap! Here is the latest Cylance VS Sophos (VS VoodooShield) test video.

    As you can see, the results were essentially the same as the first test... that is the magic of random sampling ;).

    So if Cylance, Sophos and VS were to perform a joint test, I would expect the results to once again be about the same.

    https://youtu.be/bOXnpUHYD4Q

    Thank you guys, talk to you soon!

    Edit: BTW, I forgot to mention... VS was on AutoPilot and the Blacklist scan was disabled! VoodooAi was essentially the only mechanism protecting the computer.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I was under the impression that they were essential the same. What differences between the two versions have you heard of? Thank you!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you... I think they are about the same since ultimately they both use the Cylance Infinity Engine. Also, since technically VS does not have a separate enterprise end point solution yet, this might be a better test anyway, since we are basically comparing three non-enterprise (Home / SMB) solutions.
     
  25. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    That looks like a great video. My initial reaction is why do we need the VT blacklist scans if Ai on its own is so effective?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.