VoodooShield/Cyberlock

Now if it was @cruelsister... I wasn't impressed with the lack of a voice-over.

 

From the video, you can clearly see:

• he deleted the previously taken snapshot, so there's no whitelisted malware (0m12s)
• once the malware in the excel file runs, it disables VS (1m18s), that's why it can encypt the files. Doesn't VS have a self-defense?

 

I can understand that it's difficult to admit a bypass in a SW we use and we love... there are a lot of such examples in the Comodo Forum...

 

The same guy bypassed AppGuard...
https://www.youtube.com/watch?v=KinwLc4SqpQ&ytbChannel=F4zzx

 

It's not clear to me what he is doing either. I have just thrown three sources of Cerber ransomware at VS in Autopilot mode and it's warned on all three. In fact to date I must have run the best part of 1000 pieces of malware against VS and nothing has so far bypassed it. Not impossible but I really can't see much doing so either if my experience is anything to go by.

 

Yeah, this is Adam (F4zzx)… he told me about this targeted attack a while back, and the only fix is to implement self-protection in VS, which we will be doing soon. Do you guys remember when I posted on wilders that there is a very specific script that will kill VS and allow a bypass? Well, Adam was the one that told me about this targeted attack… I am not sure why he felt the need to make it public.

We will implement self-protection soon. BTW, this trick would most likely work on any security software that does not have self-protection.

 

BTW, here is where I disclosed this targeted attack:

https://www.wilderssecurity.com/threads/voodooshield.313706/page-564#post-2646533

 

I am not sure what all security products have self protection or not... but if they do not, and the other developers want to know more about this bypass, I would be happy to let them know how it works. Basically, the only way to defend against this (as far as I know) is to have self-protection.

 

This surprises me also since you two are now working together on VS. It's not as though that video was made ages ago.

 

Dan
You are very generous with your work.
Allow me a rookie question. What will self protection do once implemented. How should I react to it in the remote case the feature is triggered?

 

Well in the case of WSA if you try to terminate the 2 WRSA.exe Processes it will block the process and if you try to crash the 2 processes then they restart and to add if you want to shut down WSA you have to fill out a CAPTCHA so in this case WSA is protected from being terminated by Malware or without the user knowing. Maybe something like that for VS?

 

In the case of AppGuard:

 

@Triple Helix
Thanks for the example.

 

Hi Dan,

Wondering if Voodoo Shield will detect RATs.

Did anyone test it against remote access trojans ? I think they are really deadly.

 

Adam and I do not actually work together... he has just found 2-3 vulnerabilities in the past that he let me know about so I could fix them. I would have fixed this last vulnerability by adding self-protection already, but I had to wait until VS was completely stable. Thank you!

 

It should be very similar to what TH posted below... thank you TH! You won't notice any difference, except you will no longer be able to kill VS using the task manager . VS inherently protects itself (with the exception of Adam's script), so adding self-protection was never a great priority. Thank you!

 

Yeah, RAT's should not be a problem at all for VS. Thank you!

 

Yeah, as soon as we wrap up the web management console, we will be adding new features, including self-protection . Thank you!

 

Hehehe . Do you have an example? I need to go through the posts I missed soon... I am pretty far behind. Thank you guys, talk to you soon!

 

Yes, I could have spent my time better by reading such smart and brilliant posts, like this one from you and from a Global Moderator

 

Hi Dan,

first thing, nice to meet you and thanks a lot for your great product
About self-protection, I think that's the basic of any security product. If you don't have self-defense it's like you place a reinforced door in your home, but then you forget to lock it
By the way, I'm sure you'll update VS soon to add this feature

 

I'm running Voodooshield Pro, BitDefender Total Security 2017 & Adguard. Sandboxie Pro & Chrome.

Am I able to safely turn off or lower the BitDefender On-access scanning and/or Active Threat Control?
Started getting random lock-ups on my Asus Zenbook Flip, purchased last October.

Uninstalled BD and reinstalled it & that seems to have helped but I'm getting about-ready to refresh Windows due to the issues.