VoodooShield/Cyberlock

Sorry, it was I who was confused, left, right... difficult
It a good idea to have some options for the left click

 

Hi Dan how are you. I'm having some problems with VS blocking Google Chrome reporter tool sometimes can you please fix that.

 

Cool... and we might not want the shield images, we might just want a simplified contextual menu for the left click. Either way, it is super easy to implement.

I do like how the left click simply toggles VS's mode, so maybe it would be best to just add the option in the "LeftClick2" image from above, who knows .

 

Yeah, I need to hardwire that in, the same way the other browser's dependencies are hardwired in. If you click allow, it should remember the item... does it not? I have to reset my whitelist pretty much every day for dev reasons, so I get that block all of the time .

 

Could not have said it better, and I was about to try. Thank you.

 

Always happy to help Buddy!

 

It does not remember allow Dan it blocks it randomly.

 

I have noticed this too with stuff like , notepad it will not remember my last input, and I have cleaned out my VS recently.

 

Hmmm, that is odd. The next time that happens, can you guys please:

1. Click Details and let me know what the Parent Process is?

2. Then click Block, then go into the VoodooShield settings and see if the blocked item is currently on the whitelist?

Thank you guys!

 

I have noticed that Microsoft Office Suite Applications are not listed under Web Apps. Are they being covered by some other means? VS Whitelisting AE, and Exploit Mitigation should be enabled when using those applications in Smart Mode.

 

Yeah, ALL of the office suites (along with TONS of other common apps) are hardwired in and protected, but since they are not the primary app that is part of the attack vector, they do not automatically toggle VS ON and OFF.

Basically, you will never become infected by simply creating your own Word document... it is only when a web app like a web browser or email client is involved, that there is a risk. For example, you might receive a weaponized Word document in Outlook, so there is a risk.

But even if you download the weaponized Word document, then close Outlook, VS will toggle to OFF, but Word is still protected.

Does that make sense?

 

The only part that does not make sense to me now is how VS is going to protect the System if the weaponized word document is downloaded, and the Mail Client is closed. The user is going to open the document later when the Mail Client is not running so VS is not going to toggle to ON.

 

Here is a similar problem with Google Chrome "Software reporter tool" (https://www.wilderssecurity.com/threads/voodooshield.313706/page-416 ) complaint is Krusty. Software reporter tool parent is google chrome.

Software_reporter_tool.exe is located in a subfolder of the user's profile folder.
The program is not visible. The file has a digital signature. The file is not a Windows system file. It is a Verisign signed file.

 

When VS is in Smart / OFF mode, there are a lot of protections that are still in place, and this is one of them. Smart / OFF mode acts pretty much exactly the way AutoPilot does... if something is perfectly safe to allow (after passing blacklist, VoodooAi, and other checks), then it is auto allowed.

But when the user is browsing the web or checking email, the system needs to be locked down in a higher security posture, and all new, non-whitelisted items are automatically blocked.

VS's automatic toggling helps tremendously with usability by automatically allowing items that are acceptable to auto allow, while blocking items when the computer is at risk.

Think of it as automatically toggling from Protected to Locked Down, when the computer is at risk, or it is not. See what I mean?

 

Hmmm, I thought we had that fixed long ago... there might be a different bug that is causing that. Either way, web browser dependencies should be hardwired in, and I will do that soon. Thank you!

 

So if the weaponized document is a zero day threat, and somehow manages to no be detected by blacklist, and VoodooAi there is a chance it would be allowed in Smart Mode, or Autopilot Mode?

 

No, all items that are unknown to the blacklist (zero days) are automatically blocked either way... I do not take any chances.

The only time something like this might happen is when all of the 60+ engines miss the threat, and VoodooAi misses it as well (when VS is on AutoPilot or Smart OFF). This does happen on a very, very rare occasion, but it is pretty much always a PUP. The blacklist and VoodooAi are truly a great combo... the blacklist is great with detecting known threats and VoodooAi is great with detecting unknown / zero day threats. Basically if one misses it, the other one almost always catches it.

When VS is ON, it does not matter either way, because if the file is not on the whitelist, it is going to be blocked.

Which is essentially what VS has been about all along... the computer needs to be locked when it is at risk .

If the computer is not locked when it is at risk, you are simply taking a chance. Which is why I probably would never be able to work for a security vendor who does not lock the computer when it is at risk... my stomach would turn knowing that because the computer is not locked when it is at risk, there will almost certainly be infections.

 

I really need to get back to work... but everyone have a great weekend, talk to you soon! Thank you guys!

 

So if VS Shield says OFF, VS will block an executable attempting to execute if the executable has never been seen before by VS?

 

Ok no sweat be careful champ.

 

Ok, have a good weekend.

 

Well, if the new non-whitelisted file passes the blacklist, VoodooAi and other checks, it will be auto allowed when VS is in Smart OFF mode. VS also automatically allows TONS of command lines and other items when it is in Smart OFF mode, but only when it is safe to do so.

But when VS is in Always ON or Smart ON mode, a new non-whitelisted item will automatically be blocked, and the blacklist, VoodooAi, digital signature, parent process, etc. file insight will be availble to the user so they can make an informed decision. Along with a user recommendation on the corresponding button.

BTW, I just wanted to mention... the ON and OFF on the desktop shield gadget simply tells you whether the lock is ON or OFF.

 

When Dan says he needs to get back to work , please stop posting !!!!!!!!!!!!!!!!!!!!!

 

@VoodooShield ,

can you add Vivaldi browser to your default Web Apps?

Thanks

 

I guess it will be added soon: