VoodooShield/Cyberlock

I just had an issue while I was browsing some forum threads here with Cyberfox when I found I couldn't move to the next page, couldn't close CF, couldn't open Task Manager and couldn't shut down my machine. The only thing that I could access was VS. I exited VS and my machine became responsive again. All I could find in the logs for about that time was this.

Code:

[11-21-2016 19:03:43] [ERROR] - Exception in DriverCommunicationService_HandleSingleProcess: There was an error writing to the pipe: Unrecognized error 232 (0xe8)..
Server stack trace:
   at System.ServiceModel.Channels.StreamConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
   at System.ServiceModel.Channels.StreamConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout, BufferManager bufferManager)
   at System.ServiceModel.Channels.FramingDuplexSessionChannel.OnSend(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.OutputChannel.Send(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.DuplexChannelBinder.Send(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at VoodooShieldService.IHandleProcessCallback.OnProcessCreation(ProcessCreationCtx context)
   at VoodooShieldService.DriverCommunicationService.HandleSingleProcess(Object threadContext)

Could this have caused my machine to become unresponsive, @VoodooShield ?

 

Apologies I was only repeating what Dan had said

 

That is paradox. u can say u whitelist something and then it doesnt score 100%.. thats not what voodooshield is for.

 

No apology needed, I was simply pointing out that I had tried VS free and found that it passed the test as well Maybe I could have worded my post better.

 

To get to the page where you can actually run the test you need to allow the four pop-ups I listed and then leave VS to do it's own thing and see if it actually blocks the simulated tests.
Yes, VS will block the actual installer from running but the object of this exercise is to actually run the simulator and see if the security app is able to prevent the simulator from successfully working (which VS does) and to run the simulator you need to install it which is why those four pop-ups have to be allowed. Why Djigi only got 4/5 I'm not sure because I get 5/5 every time. Perhaps different set up or maybe a conflict with another security app. The test page is below

 

Hey everyone, I did not mean for this to happen, but this whole VoodooAi (2.0) cloud thing (along with other features) turned into about 5-7 times more work then I initially expected. The good news is that I am getting somewhat close to wrapping it up, but there is still a lot of work I need to do.

The other good news is that it is seriously going to be cool when it is finished So if I miss a post or pm, please forgive me .

 

I think that is asking a bit much lol

 

Hello,

I encountered an issue with VS today concerning upload of files to Google. I am running the latest version of VS and despite having uploading unchecked VS still attempted to upload a file to VT. What version should I be running that respects the setting not to upload files for analysis? Thanks.

 

getting block notifications for:

11/23/2016 9:47 PM Blocked nvoawrappercache.exe c:\users\user-****\appdata\local\nvidia\nvbackend\applicationontology\nvoawrappercache.exe 06a90fd582656ab2a8b3ea7b4288a006e8a9ee6aae41c7a27a76676bdeffe0df

11/23/2016 9:47 PM Blocked nvoawrappercache.exe c:\users\user-****\appdata\local\nvidia\nvbackend\applicationontology\nvoawrappercache.exe 06a90fd582656ab2a8b3ea7b4288a006e8a9ee6aae41c7a27a76676bdeffe0df

not sure what triggers it

 

@VoodooShield

Dan did you receive my answer to your question?

Regards Kees

 

Because it's using the Protected User space AppData so I just allow.

 

thanks i removed the Gefore experience. Even though i always allowed it it seemed to still be blocked. Perhaps it creates a new entry each time it runs

 

OK, I wanted to test my DVD player using Windows Media Player (yes, I know), which also happens to be a protected app in HitmanPro Alert. Twice during the setup wizard, VS shows a "blocked exploit attempt" naming process unregmp.exe as the culprit. I had VS block it both times yet was able to continue the setup and then use the DVD without incident. According to the VS interface, the Ai was "not necessary." HMP Alert never said anything about an exploit, maybe because VS had already blocked the exe. Is this by any chance a false positive?

 

Digitaly signed file from google, also not detected with blacklist scan but recommended action is to block it bcz Ai says suspicious?!?
Why?

 

"unregmp2.exe" It is a legitimate file belonging to the Windows Mediaplayer Setup Wizard.
File description: "Microsoft Windows Media Player Setup Utility"
Should be a False Positive.

 

Yep and I got the same block.

 

Is it possible to use both HitmanPro.Alert and Voodooshield (either, paid or free) on the same computer, are there any conflicts?

 

They work fine together on my three machines, no conflict at all.

 

no conflicts , just add VS processes to HMPA exclusions (because a security apps injecting dlls into another one isn't a good move)

 

OK, thanks mood and Triple Helix.

HMP Alert/VoodooShield subscription is the backbone of my computer's security, with no issues at all since day-one.

 

Ufff...safe or not safe

 

"Ufff...safe or not safe"

all that pop up is telling you is 13 av's from virustotal marked it as bad.

 

Look at the names of these Blacklist threats (InstallCore / PUA.Optional.Downloader / PUP/Multitoolbar ...)
These are mainly "adware-related" detections - it's a regular installation-file with bundled adware.
Btw.: the file "Fusion.dll" which is bundled within the installer, is responsible for 11 / 56 detections (FusionCore / InstallCore, ...)

Better download an offline installer of this program (55MB instead of 2MB) to get only 4 / 56 detections:

 

Thanks but it's the same .exe...try it yourself, it seams like offline 55MB but when download was finished, it is only 1,76MB!