VoodooShield/Cyberlock

Hmmmm, good Q. @VoodooShield

 

hamo I see you are also using adguard. have you enabled extra filters yet such as the spyware , annoyances, experimental, social media? these don't come set by default install.

 

Hello,

Thank you for the followup @guest . Do you happen to know what event(s) trigger the code in question to be uploaded to VirusTotal? I see that automatic uploading to VirusTotal can be disabled, however is it possible using VS to prevent execution / block and give the user the option to upload to VT if they choose? I really don't want to take the chance of uploading any legitimate file / attachment accidentally to VirusTotal>Rotarua>Google>Alphabet (I trust them as far as I can throw them).

 

ostexo

why would not want to upload a legit exe to vt? or for that matter why would not want to upload a non legit exe to vt? I am thinking you sare saying either you don't trust vt or you do not want them to analyze a file you have?

 

Yes, I enabled all Ad Blacker boxes,
also I enable all stealth mode boxes expect "Self destroy 1st party cookies and Hide your agent-user"

 

Hello,

@boredog , VT is Google, and if a legitimate file kicks off VS and that file is sent for analysis to Google automatically it could result in an intellectual property issue for me.

 

You have to ask Dan whether VT has asked him to stop using it. My take is that VT is watching how VS progresses as a next gen machine learning / artificial intelligence engine. VT has recently added two Machine Learning engines, so ML/AI engines which are willing to contribute are more likely to be embraced than banned from VT. It also depends whether VS4 is more an impoved consumer version of Cylance Protect than a user friendly version of Faranonics AE. It is up to Dan. He is the man with the answers to those questions.

 

just wondering because you had to go into adblocker and add filter .

 

This is a great idea. To build on your idea: Why not add a little padlock designating VS is locked or unlocked? Is the padlock idea patented or can it be used in this application? Surely something can be done along those lines with the tiny tray icon, because you know it's going to be visible on the desktop gadget. Make shield RED (totally OFF) for Training and Disable/Install modes? Lose the grey shield color in the Disable/Install mode? This way, maybe you have some consistency with the shield colors. Or, do you think making the shields differing colors would be clear?-- the only thing with that is learning what each color really means. Some long-time users might have a problem with that.

I don't know enough about the various modes, but do know, that once a mode is removed, I just gotta have it back for something. So, I vote for keeping Training mode.

 

I believe that Dan has answered this in the past, aboutnthe time that the rules around tthe use of VT chnagedd...and at that time I believe he stated that he would be offering them theVS AI engine for use by them so that he continue the use of VT resukts in VVS.

That maynhave changed but given that we still get the VT results I doubt it.

Regards, Baldrick

 

Yes, i read that too (several months ago?). I searched for these posts but i can't find them at the moment.
And he stated that "there is nothing to worry about" or something similar.

 

Good question, I have also been wondering this

 

it is automatically done for non-whitelisted processes.

yes by unticking the checkbox (check screenshot) however you must tick back if you want the scan.

One way would be that you whitelist the processes/executables you don't want to be uploaded (either manually or by Learning Mode, which doesn't scan with VT) and let the checkbox ticked so unknown processes will be scanned.

 

v. 3.45
autopilot interferes with program installation and uninstallation.
I reverted to smart mode.

 

Is it like here that installations are silently blocked?

here when I tried to install REVO. Had to disable VS

Code:

[10-29-2016 15:02:19] [INFO ] - Blocked: c:\windows\system32\dllhost.exe
[10-29-2016 15:02:20] [DEBUG] - dllhost.exe (1504) AllowReason: 0x0174
[10-29-2016 15:02:22] [INFO ] - Blocked: c:\users\~1\appdata\local\temp\is-a3pk8.tmp\revouninprosetup.tmp
[10-29-2016 15:02:22] [DEBUG] - revouninprosetup.tmp (13228) AllowReason: 0x0174
[10-29-2016 15:02:22] [INFO ] - Allowed: revouninprosetup.tmp, c:\users\~1\appdata\local\temp\is-a3pk8.tmp\revouninprosetup.tmp, 26b6dfa36b45d707691af15bd1af22a252f17a357c8a6bd0c2c6077e4ca1d365
[10-29-2016 15:02:23] [DEBUG] - tabtip.exe (6408) AllowReason: 0x0103
[10-29-2016 15:02:25] [DEBUG] - tabtip.exe (10208) AllowReason: 0x0103
[10-29-2016 15:02:26] [DEBUG] - revouninprosetup.exe (11280) BlockReason: 0x2021

Good to hear that it does not do this in smart mode.

 

I had problem with revo, too.
I also had problem with malwarebytes anti-exploit.
couldn't figure out what was going wrong at first. For me, exiting VS did not fix it. I had to switch to smart mode, after a system image restore, because things got pretty messed up.

 

OK, Thanks! Moved to smart...

 

Hi

Anybody having problems with the online updating of one's account re. the local whitelist? Have not tried this feature for a while and so delted the computer from the account via the account online, & then reset the whitelist via the local client (the setting 'Synchronize & backup my whitelist snapshot to the cloud' is checked by the way) but when I then sign into the account there is no record of the computer and/or the whitelist backup for it.

I know that this feature has at times been turned off in the beta (currently running v3.45) but had not heard recently that this was again the case, so am wonderingif (a) I am not doing something correctly or (b) there is a further issue withthe latest beta?

Any advice/thoughts gratefully accepted.

Regards, Baldrick

 

My icon is continually red but seems to be working. Is set in Smart Mode

 

red is supposed to mean that you have basic protection, but not the extra protection that you want when your browser is open.

 

Same problems here... I think it is not functioning with the latest betas.

 

Cheers, Gandalf

Good to know I am not the only one...most likely my failing memory is at fault and Dan advised of this...but I just cannot remember.

Hopefully he can update us on this when he is next around.

Have a great rest of weekend.

Regards, Baldrick

 

I use Training Mode as an easy way of whitelisting certain products that will have false positive detections like Nirsoft products for example. It's better than having to manually whitelist each item of edit command lines one at a time.

 

I left the computer for a couple of hours and now it has turned blue when I come back. Must be a bug lurking somewhere.