VoodooShield/Cyberlock

I am not sure what you mean by this, what kind of virtualization are you using? Are you talking about Shadow Defender? If so, does this issue happen when SD is not running?

 

Yes, Shadow Defender or Sandboxie, it depends on what I want to open, but they are on demand protection, I close VS when i'm in virt env so it won't whitelist something that I don't want. (I haven't test yet VS option to disable protection).

So VS blocks sppvsc when i'm in normal mode. SD and Sandboxie are inactive in this mode.

 

Hmmm, I think we might be able to get to the bottom of this. Have you tried to edit your whitelist and see if the sppvsc is on it, with the full path?

I just added that process to the default process list this morning, so you might try a reset defaults and whitelist one last time. Thank you!

 

Yep, the path is now in whitelist: sppsvc.exe c:\windows\system32\sppsvc.exe

I will do a restart a little later of my Windows and try to trigger again sppsvc to see what happens

 

Dan

I have just sent you an email with a list of my running processes. Could you take a look please and see if anything there might be interfering with VS

Thanks

 

I upgraded from version 1.09 to this third build of 1.25. The upgrade finally went smooth. Also, smart mode worked this time when I opened my web browser VS enabled it's protection without any noticeable delay. I have not tried flash devices yet for this build. Has anymore applications been added to trigger VS's protection in smart mode in this build?

 

Ok, VS enables it's protection in smart mode now when I plug in my Western Digital external drive. I like the addition of USB written below ON which notifies the user why VS has enabled it's protection. Nice addition

 

I think that it has been fixed, I normally get the balloon after few min the Windows was start and Office is launched, but I tried to trigger it and for about 1 hour all works fine.

 

Very cool, thank you guys for testing and helping us out! I like the usb label too, I just hope we do not come up with all kinds of new ideas and graffiti the heck out of VS .

 

Sure, I will send you a pm right now. Actually, I just responded to your email.

 

Just to let everyone know I have been Testing VS on Win 8 Pro 32bit & 64bit and the only thing I see is the msi, msiexec.exe problem but I don't have that issue on Win 7 x64.

Daniel

 

I have just finished installing v1.25. There has been no appearance of the symptoms this time.




After rebooting.....




>>>

 

Tarnak, I remember the good old days of using Sygate Firewall. Then they were acquired by Symantec. Too many great products get bought out by large companies just to eliminate the competition.

 

I remember I first used ZoneAlarm FW and then I discovered Sygate way back in 2003... I'll stick with it on this XP system.

 

I am a new user of VoodooShield and have taken advantage of Dan's kind offer of a year's free subscription (thank you Dan!).

My initial thoughts are that the kind of approach that VoodooShield uses is exactly right for the greater majority of users who either aren't qualified to make security decisions or, if they are qualified, expect their security applications to work quietly in the background with bothering them unecessarily with decisions about what to allow and what to deny, as far as possible.

I am a firm believer in the principle of default-deny, but also think that the security application needs to be able to handle this automatically as far as possible. The trick is to get the balance right. The clever thing about VoodooShield is Smart Mode. Smart Mode lifts VoodooShield out of being just another anti-executable based on whitelisting. Having the application automatically determine the level of risk depending on the activity being performed then turning the anti-execution On or Off accordingly is both elegant and effective. Training while protection is Off enables the whitelist to be built quietly in the background.

This is very similar to what policy restriction applications such as AppGuard do, except that AppGuard is policy restriction based on risk assessment, combined with anti-execution features needed for policy enforcement. Whether the emphasis is on anti-execution or policy restriction doesn't matter. It is the combination of the two, with automatic risk assessment, that makes for a strong security setup that requires minimal user involvement. Users who want tighter control still have the option of the Always On mode of VoodooShield. AppGuard has a similar option with its Locked Down mode.

Whilst there is overlap between AppGuard and VoodooShield, the different approach that each takes means they complement each other well. They are co-existing happily on my system, with no issues (apart from the Windows Installer issue previously noted to which Dan has replied) and no noticeable impact on performance.

Just some thoughts . . .

 

they both can be use ofcourse if you want too

 

Agreed - I am.

 

I have One very minor possible bug to report. When I use my Western Digital external drive in smart mode then VS enables it's protection as expected. VS shows USB below the On Status on the Shield indicating why VS has enabled it's protection. If I open my web browser then close it VS continues to run in protected mode as expected, but USB is no longer shown on the shield. It only shows ON. VS no longer list USB as the reason for it's protection being enabled even though that is the only reason it continues to run in protected mode.

 

i forgot my password

 

Very cool! It took awhile, but we got there... Thanks again for everyone's help! We still have a few small things to do, but at least we have a really good stable version!

 

Great to hear, thank you! Now if I could just get rid of the dark gray box that is around the VS Shield on Windows XP . A while back I spent like 30 hours trying to get rid of it... it is only cosmetic, but it would be nice to not have it.

 

Yep, that is exactly what VS is all about! I have been removing viruses for 15 years, and my clients would always call or email me after they got a virus, for just about every prompt they ever received. And I wanted something simple... something like a computer lock. The whole idea of VS is that as soon as you are at risk, VS takes a snapshot of your system, and does not let anything new or unknown until you are no longer at risk.

It is funny though if you think about it... What security software company in their right mind would toggle their protection from OFF to ON so easily?

An investor sent me this link the other day of viruses now possibly attacking smart TV's. He asked if VS would work well for the smart tv and other platforms. That is the whole idea of VS!

http://news.msn.com/videos/?ap=True&videoid=617d4e23-cb6e-8163-0a2d-ed444e0a9cb6&from=en-us_msnhp

But thank you for trying VS, we are happy you like it!

 

Hmmmm, that is odd, you are right, it shouldn't do that. There is a little more tweaking I need to do with the USB label on the shield, so when I get to that, I will look into that too, thank you! Do you know if flash drives have the same issue?

 

Oh, it is ***********, hehehe, just kidding.

You can reset it here:

https://voodooshield.com/Account/ForgotPassword/

 

Since SPPSVC was whitelisted I haven't seen any blocked msi exec.exe in log file, before It was blocked like 10-15 times/day. (later edit, nope, this Is still blocked).

Later edit.

it seems that VS encounter a bug, I downloaded voodooshield v4 in downloads, closed my browser, ran it, and VS allowed it, then I did a reset vs to default, did the same thing and now VS blocked it. (Last night I did the prev reset to default, 10 Hours ago), Now VS doesn't seem to register anything to log file, is empty in training mode.

Let's see how it runs after another reset to default and then reset whitelist.