VoodooShield/Cyberlock

Thank you for mentioning VSSAdmin, I've recently shadowed my data drives, and (of course) I use Shadow Explorer .

So would/could VSSAdmin be treated the same way as powershell? I have ATM put the computer on Autopilot to avoid upsetting She Who Must Not Be Upset . It would be nice to have VSSAdmin whitelisted as a child of Shadow Explorer, but blacklisted otherwise.

 

Thanks to Dan for all the clarifications. There is much more to VS than meets the eye...

 

It's cool, you should be good to go... it is only risky web apps that should not be able to call Windows processes. Everything else should have no problem, especially since Shadow Explorer is obviously whitelisted . Think of it this way... Shadow Explorer is not going to be browsing the web anytime soon (same with Word in shmu26's example)... so it is totally cool that it spawns VSSAdmin. Thank you!

 

Sure, thank you! BTW, our conversation got me thinking... since VS has evolved so much the last couple of years, we might not have to list Acrobat reader (and several others, mainly pdf viewers) as web apps (that toggle VS to ON in Smart mode). It would be really cool if we did not have to apps like this as web apps, let me look into it, thank you for bringing this to my attention!

 

On kind of a side note... I am not sure why I even bothered listing the other PDF readers (that are not made by Adobe) as web apps. Correct me if I am wrong, but a vulnerability in Adobe's reader, is almost certainly not in any of the other readers. I suppose if the other readers were built on the same code base as Adobe, it would make sense... but otherwise, I do not believe an Adobe exploit would affect Nitro (for example).

 

I don't know that, but pdf readers like Nitro do not receive updates as often as Adobe's reader. Are they safer or just less targeted?
For me it is reassuring to find Nitro in web apps.

 

Good point there. Most of my non-legacy software is up for updates from time to time, and all have a setting to auto-update if I'm too lazy to supervise. Java, Flash, VLC, Dropbox... Java and Flash are on Notify Only, but Dropbox is always updating something. VLC I've switched off, and Foxit. Pale Moon is always whingeing it should be updated .

Given that I only ever update thru Admin--apart from Dropbox which is only on my User account--I suppose there is always the possibility that somebody may have cracked a repository. I depend on my AV to suss the download, and live in hope and trust.

Having said that, the second or third thing I did with VS was strip out all the checked web apps, leaving only the browsers, reasoning that only on HTTP could I be intercepted and infected. Everything else, including FTP, I choose to download an app. Email is the same, really. As long as Preview is disabled (see an earlier post I'm too lazy to look up) I cannot be drive-by infected: I must actually click on something.

 

shmu26 stated on MT that you need to add protected locations if you have moved your downloads or desktop to a custom folder, https://malwaretips.com/threads/optimal-settings-for-voodoshield-pro-2017.70370/#post-617151.

Could shmu26 or another bod expand on this as I expect I am not the only one that didn't know this? What are the default protected locations? Under which VS modes do you need to add protected locations?

Ta very much.

 

I am thinking that an Adobe Acrobat reader exploit will not work on Nitro, for example... I think we just need to research it more and figure out how to handle this. Thank you!

 

Yeah, exactly... something like that . Thank you!

 

I think I know what he is talking about... if a user moves their web browsers download folder outside of the user space, they need to add that folder in Custom Folders.

And actually, part of this code was from a long, long time ago before we had blacklist and VoodooAi scanning... so really, when VS is in Smart OFF mode, the best thing to do would be to have VS act like it does when it is on AutoPilot, for all folders and drives, not just the user space. I will change this in the next release, thank you!

 

That sounded simple... but then I got this...


and I'm not sure what that means. I've never understood what the custom folders was for, so I've basically ignored that. Help?

And this... Most of (but not all) of my Windows "location" folders (Documents, Downloads, Pictures, Videos...) reside on alternate partitions (non-OS). Do these need to be added to custom folders as well?

 

It's cool... just click yes to that prompt, and then you will see 2 folder trees. On the one on the right (When VoodooShield is OFF), select whatever folders you want to protect when VS is OFF.

I will post a new version soon (hopefully by tomorrow) that does not require you to do this... so you can probably just hold off if you want.

Before the blacklist and VoodooAi scans were implemented, VS protected the user space full time (even when it was OFF). There is no reason to not scan files outside of the user space... it will be pretty cool for VS OFF to essentially behave like AutoPilot mode.

 

That is great, never been able to wrap my head around that feature. Not that it is a surprise it is me we are talking about

 

I think you're being too hard on yourself.

 

100% agree there Dan.
From the beginning I have kept my VS set to Smart Mode and loved it, I did experiment over the years trying different modes,
but I always found myself with it set back on Smart Mode when all was said and done.

 

+1 Amen

 

My son has a different opinion He is the one that I turn, to sort things out after I mess with this and that.

 

Yes, Dan, that is exactly what I meant.
The same is true for the Desktop folder -- if you move it out of User space, you should add that folder in Custom Folders.

 

You could definitely take Sumatra off the list, because there is not really anything exploitable in it, anyways.
Ask @Lockdown about that.

 

Hi im still with 3.53 and if there is in 3.58 still no Vivaldi browser in Web-Apps maybe it deserves a place there?

 

Vivaldi isn't included in 3.58 but if you haven't already done so you can add Vivaldi to 'Web-apps' manually.
A few of us wish Slimjet was included too but Dan can't include everything, so I've added it myself.

 

@ghodgson You are right he can't add everything it would become to bloated. Thy for the tip

 

Hey everyone, here is 3.59… Andy’s wsf bug is fixed, and now when VS is in Smart OFF mode, it acts pretty much exactly like it does when it is on AutoPilot (so users who move their web browser's download folder do not have to change any settings in VS), and there are a few other small changes and fixes.

If anyone receives too many User Prompts that say “The File is Inaccessible or No Longer Exists!”, please let me know (and let me know what was blocked)… I might have to make a few small adjustments.

I have not had time to work on the multiuser issue yet. I just need to research the best way to start the gui when the user logs in, and stop the gui when the user logs out.

www.voodooshield.com/Download/beta3/InstallVoodooShield359.exe

Edit: It is good to go now, sorry about that!

Thank you guys!

 

I think you are overthinking it actually... a lot of people do that with this feature . It simply allows you to specify which directories are protected when VS is ON, and when VS is OFF (when it is in Smart Mode). And actually, the more I think about it... we might want to make a few small changes to the Custom Folders option, in the version I just released (3.59). Technically, the folder list on the left will block and scan any of the items in the folders that are checked... whereas the folder list on the right will scan and auto allow the files if they are clean. No biggie... just I just thought about that now... we can figure it out. Thank you!