VoodooShield/Cyberlock

Ok, sounds good... I thought it might be worth a shot. One time they offered like 5 day licenses to like 10 people or something like that, so they could test. Just a thought! Thank you!

 

ok, with all my effort , i deserve a LFT license

more seriously, about the test, one contender is almost reaching the required 5k-10k samples; but for some others it will be hard to get such huge numbers.

 

ok i have edited the challenge post with more precisions, feel free to read it.

https://malwaretips.com/threads/challenge-voodooshield-and-win-a-lifetime-license.61197/

 

This is seriously funny... you were thinking the exact same thing I was, apparently at the same time. Molly and I just went for a walk, and when I came back, I opened the fridge to get an energy drink, and at that time was thinking "guest and yesnoo should both receive a lifetime license as well, for all of their help on the VS Challenge." Then I went to my computer and saw your message. Anyway, I thought it was funny. But yeah, if you and yesnoo pm the email address you want to use for your account, I will set that up for you guys. Djigi helped early on, so I can set one up for him as well.

Yeah, about the number of samples, probably the absolute minimum should be 100, does that sound about right? I just think if you start with an initial sample set of 10,000+, and select truly random samples from the set, the results will be a lot more representative in the end. We want the tests to be as creative and different from each other as possible, and if reducing the sample set to a minimum of 100 helps with that, then I am all for it. We just need to keep in mind that if the sample set is 100, each file that is missed drops the efficacy 1 whole percentage point... so if the sample set size is 100, they REALLY need to be random samples. Thank you!

 

Looks great, thank you! This is kind of uncharted territory for everyone... I figured we would have to adjust a few rules and stuff. But it will be a good template for the future in case anyone else wants to try something like this later.

 

100 would be to small as you say, if they cant get the required number, we may lowered it; let see for the moment how it goes.

yes , you are the first to request a public test made by individuals and offering a reward for them ; this is a great move

 

Thank you very much Dan.

I have emailed you to accept your kind offer.

 

Sounds great, thank you! Yeah, we can just see how it goes, but I would think 100 would be the absolute minimum... ideally 500+ would be better.

 

Cool, thank you, you are good to go!

 

+1 We appreciate it very much VoodooShield !

 

This obviously goes without saying, but any Wilders member who is not a MT member can join the VoodooShield Challenge as well. I have some onsite stuff to do, thank you guys, talk to you soon!

 

I made a video witch is something like that...
http://www.youtube.com/watch?v=dIdjBZ5R7is

 

"I wonder if MM would be willing to offer some or all of the contest participants a free 3 day trial, so they can test Cylance as well. It will do very, very well... similar to the results from my tests."

it sounds like if they do give out trial lics it won't be to any competitors or me thinks cylance would be unhappy

 

Yeah, exactly... that is what I was talking about, thank you for jogging my memory . Yeah, this is something that we need to carefully consider. For the time being, we are safe, simply because the injected file will be unknown to the blacklist, and the VS prompt will be red, and the recommendation will be to block or quarantine the file. Once the file is in the wild and known to the blacklist, it will obviously be detected as malicious... rather quickly. And none of this would be an issue if VS did not automatically allow by Parent Process (of most recently whitelisted file)... but we kind of need to keep the parent process feature enabled by default since it drastically reduces the number of affirmative prompts.

So either way, this is basically a secondary layer of protection anyway, but I think for a temporary fix, we can just have the blacklist and VoodooAi scan any file that is going to be allowed by parent process. I think the permanent fix is to include some of these samples in the training data sets for the next time we retrain VoodooAi. I believe VoodooAi already identifies most of the encoding / obfuscation techniques rather quickly (since I have already included a lot of these types of files in the training data sets), but I think it would be wise to download as many of the hacker tools as possible and include these in the next training data sets. So really, it is just a question of security vs usability. Thank you!

 

Maybe not, but that would be really cool if they could... I found the link I was talking about earlier, here it is:

https://www.wilderssecurity.com/thr...-malware-managed-testing.385886/#post-2588633

It always does really well when I test CylancePROTECT, so I am sure it would do well when other people test it as well.

 

So if i understand well: in default settings , when the toggle is on "ON" , all executables launched from any folders (except Program Files ones) are blocked ; if i want to add exceptions , i must use the custom folder feature, im right?

 

ok good. thanks

 

Some suggestion for the Whitelist tab, to make it easier to control and pinpoint mistakes.

- add a column or a marker mentioning if the process was whitelisted by the user or VS.
- add a column mentioning the blacklist ratio of the process.

 

Hi Dan,

VoodooShield always calculate something on fresh install. Like send data to Voodoo Ai.

Windows 10 x 64 -blacklist mode.
http://i.imgur.com/CteD4dx.png

https://i.imgur.com/zJSIK6E.png

 

That or uploading your Whitelist to there Cloud servers or checking your credentials?

 

Hi!
By default cloud synchronization is unchecked. And i have license from Dan.
http://i.imgur.com/w2pcFtL.png

Best Regards,

Plamen!

 

You said:

So it could be checking your credentials/license online with VS servers. I've seen it work on the shield also so it must be doing some checking.

Daniel

 

Yes, but from 24 hours there is no change.

Regards,

Plamen!

 

Whatever it does it is surely legit; if the vendor really want mine your datas , it will do it silently and you will have no clues about it.

 

VS I regards to this thread you posted above. MM offered 7 day lic to the first 5 people that asked. Do you know of anyone taking them up on that offer? I have not seen any sign of it because one of the requests was for members who did this to post results and I have not seen that either. So where did all those try before you buy people go anyways?