VoodooShield unable to add some processes to Whitelist

Discussion in 'other anti-malware software' started by Cutting_Edgetech, Feb 4, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    VoodooShield will not add msiexec.exe from the system 32 directory to it's whitelist. I can select to allow it infinite times, and it will still block it each time it tries to run again. I also can select learning mode, and it will not add it to the whitelist using learning mode either. Also hkcmd can not be added to the whitelist using the same methods I just described above. I believe hkcmd is used by intel chip sets, and has to do with ones graphics card. VoodooShield is blocking both msiexec.exe, and hkcmd very frequently. Also, I do not see an option to save VS logs from within the UI. I also browsed VS folder at C:\ Programs\VoodooShield, and I did not locate VS's log file there as well. At that point I was questioning myself exactly how VS saves it's logs, and in what type of file. I had to take a screen shot instead of uploading the log file.
     

    Attached Files:

  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Btw..I don't see why msiexec.exe would be be running so frequently. It belongs to windows installer. I'm no installing any software. I wonder if some of Sony's crappy software is invoking the process to run. That would be my best guess without investigating it. Is msiexec.exe on any sort of blacklist at all of VoodooShield's? I am not aware of VS having any sort of blacklist. I'm just trying to clarify that this is not expected behavior. I don't believe it would be safe to allow it to run when ever it wants, but VS want white list it anyways.
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,743
    Location:
    New York City
    There are certain processes that VoodooShield won't add to the whitelist since they are used frequently to install malware. One of these is cmd.exe which runs when I use Emsisoft Emergency Kit.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Logs are located here.

    TH


    05-02-2013 10-21-16 AM.png
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Thanks Tripe Helix! At least I know where to find the logs at now. I just need to find out if msiexec.exe, and hkcmd are blacklisted. It would be nice to have a list of blacklisted processes.
     
    Last edited: Feb 5, 2013
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Thanks Thankful! I'm going to see if I get a list of blacklisted processes from VS, and make sure this is expected behavior.
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Are you using v1.06? Have you tried this? Capture05-02-2013-10.43.02 AM.jpg

    TH
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I have balloon click enabled to learn a new program. It prompts me over, and over again whether I want to allow msiexec.exe. No matter how many times I choose to allow it it blocks it again then prompts me whether I want to allow it again. I also tried learning mode, but that does not work either. I really don't believe it would be safe to automatically allow it anyways since it belongs to windows installer service. I have decided at this point not to allow it from a security point of view. If I'm installing software or updating software then I shut down VS, and it would not be a problem then anyways. I just want to make sure this is not a bug, and is expected behavior. Hkcmd cannot be added to the white list either, and it is also being blocked very frequently. I want to verify this is expected behavior as well. I have been busy with work the last few days, and have not had time to email VS staff. I hope I have time tomorrow. I would like to have a list of processes that are automatically blocked when VS's protection is set to always on. It would be helpful for me since I like testing for bugs to improve the software I use.
     
  9. VoodooShield

    VoodooShield Developer

    Joined:
    Dec 9, 2011
    Posts:
    4,876
    Location:
    United States
    Actually these issues are already resolved in the next version, which should be available within a week, hopefully sooner. The logs and the snapshot are encrypted, but we can add more features to the User Log screen after this next version. Version 1.07 has some really cool features, I think you will be surprised!
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Thank you! Sorry for posting support here at Wilders. I was not aware VS has an official support forum at Calender of updates. Thanks for the PM!
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I started two threads at calender of updates, and then I read the one thread VS has there. It seems no one is using that forum. Should I copy, and past my post over here to Wilders Security Forum? Which forum do you prefer to use VS?
     
Loading...
Thread Status:
Not open for further replies.