VoodooShield/Cyberlock

Can't tell, because I reverted to v1.27...

 

That is great to hear! It might be extremely helpful to go to Settings / About and click the Default Settings button, VS should run a lot better if you reset the settings. Hopefully we will not have to change these settings in future releases, so it should not be an issue anymore. Thank you for letting me know!

 

I see. I can log in to your computer around 2:00 CST today if that works for you. Just let me know!

 

I just sent you an email a short while ago.

 

I decided to try out this product. A question I had, and in order to save a lot of trial and error problems, is whether others are running any realtime av scanner alongside voodooshield. I'm considering running something else real time although it may not be necessary. Are there any known conflicts with this program? I was considering maybe Bitdefender TrafficLight and some lightweight cloud scanner. Or maybe just MBAM and Trafficlight. Or just trafficlight. Any suggestions?

I am running Windows 7 Ultimate. I previously tried Applocker but it was too big of a pain for me.

 

Any of those would be fine with VS and once you get to know it, it's very simple to use!

TH

 

Failed to stop FBI virus. This makes it useless, in my opinion.

 

The FBI moneypak virus has an image that pops up in a web browser that fills the entire screen. VS does not block web pages, or browsers from going full screen, but it should have killed the virus activity in the background. I have seen around 20 computers that were hit with the FBI moneypak virus that were not running VS, and the virus did a lot of damage. I have also seen 10 or so computers that were attacked by the virus, and VS was successful at stopping the virus, although it did not stop the webpage image. We have been looking for a sample that gets through since there are many variants of this virus. If you have a sample that can get through, please let me know. Most likely VS killed the malicious activity in the background, and all you saw was the full screen webpage popup. We have been trying to figure out a way to stop this from happening, but really, it is best for the web browsers to handle this.

VS 2.0 is coming out soon and will run the engine as a service and use a new kill method where the processes is never created in the first place. We have been talking about that on here for awhile now, and yes, it will be a better kill method. We are actually going to try a hybrid approach where we use the old and new methods.

But are you suggesting that if VS only blocks 99.999999% of viruses, but allegedly lets one through, it is useless? If that is the case, would you call of the security products on this list useless?

https://www.shadowserver.org/wiki/pmwiki.php/AV/VirusMonthlyStats

If you have a sample that can get through, please let me know. And feel free to test it with VS 2.0 in a month or so when it is available. Thank you!

 

BTW, I saw your post in this thread: https://www.wilderssecurity.com/showthread.php?p=2286328#post2286328

Do you know why it was "Easily removed by task manager"? Because VS killed the virus in the background. I have seen this virus on computers with and without VS, and VS makes a HUGE difference.

Please keep in mind, we are doing our best, and VS 2.0 is going to be truly amazing. I promise.

 

This may or may not be true. My AV had this behavior prior to adding VS.
I appreciate your detailed explanation.

 

True, I cannot speak for your computer since I did not see it, but I can tell you what I have experienced with the other 30 or so computers.

These hackers are getting to be very, very sneaky. It is almost to the point that we are almost going to have to lock our computer whenever we are on the internet .

 

I've just added Privatefirewall to Sandboxie and VoodooShield. Anyone else run VS and PF together? So far they seem compatible, not seeing any conflicts yet.

 

I run those together without any problem

 

That's good to know, thanks. If they are going to work well together, then these two are going to be powerful additions to Sandboxie.

edit: I finally got around to posting at the Sandboxie forum (http://www.sandboxie.com/phpbb/viewtopic.php?t=16625) about the "Drop Rights" conflict I've mentioned a few times here when running VoodooShield with SandBoxie and Chrome. Left a link there to this thread, hoping tzuk will take an interest in the problem and will contact you Dan if he has questions about VS. And yes my name is noobster there, which I was (and might still be compared to some here at Wilders) when I first signed up to the SBxie forum. I was even new to Windows, having just migrated from Mac and built my first machine. Wilders sure has taught me a lot in these three years.

 

Cool, thank you guys!

 

I found something that may or may not be an issue and was not previously discussed in this thread (as far as I can tell). I installed VS and ran all my programs, including notepad, before setting the mode to "always on".
Later, I do an on-demand scan with malwarebytes. The scan finds nothing. When the scan finishes, one of the things it does is create a log file using notepad. At this point VS asks me if I want to "allow" notepad. I "allow" it and figure VS is doing this because notepad is initialized by malwarebytes rather than the system. The problem is that malwarebytes creates an empty log file as a result.
Thanks.

 

Yes, I use MB a lot and have noticed this, it has something to do with the way MB launches notepad. I think you are right, it is probably because notepad is initialized by MB instead of the system.

If you make sure VS is OFF (Training Mode, or Smart Mode with no web apps running) and run MB until it finishes and opens notepad, VS should learn the path. You should also be able to just turn VS OFF temporarily (Left Click, Training Mode, or Smart Mode), and then run an on-demand scan of MB.

When we first released VS, users had to train VS A LOT more than the current version. We have refined it to the point that you almost do not even need to manually train VS, but there are times when it is necessary to make sure VS is OFF while it is learning what to allow. Thank you!

 

Dan could you read tzuk's 3 posts at the Sandboxie forum thread about the VoodooShield/Sandboxie/Chrome conflict? He has a theory about what's causing it. Maybe you could see if you think it might apply to something that VS does, or suggest some setting I can change to get around it:
http://www.sandboxie.com/phpbb/viewtopic.php?p=94405#94405

 

Re: SUPERAntiSpyware 5.x

I tried VoodooShield - I wasn't aware it turns off UAC on Windows 8, That presented me a real problem in the way I had my pc set up. Luckily, I had a System Restore Point to make it well again. I learned a lesson tho - check to see what an app turns on or off before trying it out. People should be aware of this when installing Voodoo Shield.

 

Re: SUPERAntiSpyware 5.x

Mmmmm.... good tip.

I didn't know it did that about VS either.

 

Re: SUPERAntiSpyware 5.x

That is an old issue that I brought up before (seeing no progress made by others), the end result being wait until version 2: https://www.wilderssecurity.com/showthread.php?p=2249780#post2249780

 

Sure, I just read that thread. Is the main problem the following error message... "Warning: your Google Chrome settings are stored on a network drive. This may result in slowdowns, crashes and even loss of data."?

If so, are you running a newer version of Chrome? Chrome used to install itself to the appdata folder, which caused a lot of problems. But the new version of Chrome installs in the Program Files folder (where it should). So where is your Chrome installed?

 

Yes that message is the problem. The odd thing is it's only when 'Drop Rights' is checked in Sandboxie and VoodooShield is installed. VS doesn't even have to be running, just having it installed triggers that message when opening Chrome with Sandboxie.

Chrome is installed in Program Files (x86) and is updated to latest version.

From what tzuk said about Administrators group and access permissions do you have any ideas about what VS is doing to cause the conflict? Or any suggestions about any settings I can try changing to avoid it?

 

Wow, if VS is just installed and not running and the error is still occurring, I would have no idea at all. If VS is not running, then it truly is doing nothing. I know a lot of people use SB and VS together, so I wonder if they added some kind of feature that detects if VS is installed? If Chrome is installed in Program Files, then that is not the issue. We might talk to SB to see if they have any ideas. If they do not, I can try the SB, VS, Chrome combo while debugging VS and see what clues we can find. Thank you!

 

Yeah it's very strange, but I've re-installed the programs 3 or 4 times, one time with a fresh system image, and each time when VS is on the computer (even when not running) it triggers the message in Sandboxied Chrome when "Drop Rights is checked in Sbxie.

But tzuk said that 'Drop Rights' isn't crucial in Sbxie's protection, so I'll just keep it unchecked when running VS. I've just been curious about what is behind the conflict, and I appreciate that you took a look at the problem.