VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I could not get VS to create a new whitelist so I clicked on settings to reset my whitelist to see if that would work. Note that my account did not show any whitelist at all at this time in the cloud. When clicking on settings VS said I was using an unregistered version. I had to enter my email, and password again. I think that may have something to do with why VS did not create a new whitelist. It lost my login credentials somehow. I know I entered them when installing VS. Maybe it had something to do with Shadow Defender again. Dan, have you tested VS yet with SD?
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you Antarctica, I appreciate that!
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, if Cutting_Edgetech and TH both like the idea of using that shield for Disable Protection, I like the idea too. I like the idea anyway, but I wanted to think about it a little before we made the change. Thank you guys for you help!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yes, we have tested with hundreds, probably thousands of pieces of malware and nothing slipped through. And 2-3 other people have tested with 600+ and they had the same result.

    I am curious about the malware that killed IE... VS should have killed that before it killed IE. Is there any chance that you can compress that file and email it to me at support@voodooshield.com? I really would like to test this and see why it is killing IE.

    The other 2 developers who are much better than I am at writing code have taken an extended break, but there are things that one of them needs to do, so hopefully he can start this weekend. He is going to look into the kill methods that Fabian recommended. While VS's kill method is effective, I think we might be able to do even better.

    We are also going to start development for running the engine as a service, along with a couple of other things. I have a fix for the cmd / msi, but I think the other developers will have a better solution than what I came up with.
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    When you say that you purged your whitelist, do you mean in the appdata folder, or online, or did you click the Reset Whitelist button? You should be able to uninstall VS, and then reinstall it, and it will still have the same whitelist. I will double check that right now. I will add a feature to the installer that asks the user if they would like to remove their settings and whitelist as well.
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, please keep in mind that VS does not upload the whitelist to the server until you exit out of VS. This might be why it does not make sense.

    Resetting the whitelist should not remove your registration, I will double check that as well. If you click the Default Settings button, that will remove your settings and registration, but not your whitelist.

    I haven't had a chance to try SD. But if I am understanding how SD works, in theory, when you are in Shadow Mode, anything that is added to your local whitelist will not be added after you reboot to exit Shadow Mode. However, please keep in mind that when you exit VS (or restart the computer), VS will upload the local whitelist to the server. So after your computer reboots and VS starts, it downloads the whitelist from the server, and that will contain the newly whitelisted items. Does that sound right?
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, how did you get the expired icon to come up? ;)
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Also, please keep in mind, if VS is Always ON, it is not taking snapshots to add to your whitelist. I am not sure if this will help to make sense of everything, but I thought I would mention it. If you want VS to take snapshots, it needs to be in Training or Smart (Off) Mode.
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I just tested VS, and I see what you are saying now, I definitely see that bug. VS 1.26.3 is not remembering whitelisted items. Let me check it out, it should be an easy fix. Thank you catching that!
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I know you needed to make sure I understood when VS creates a whitelist, but I was already aware of that. I reset all the whitelist VS created, and rebooted. Then I placed VS in training mode for about 30 minutes, and then rebooted again in training mode. I think it had something to do with VS losing my credentials so it did not know what account to upload the whitelist to.
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Wait until you try VS, and Shadow Defender together. Everytime I use the two together I run into a different problem. In the past VS uploaded it's whitelist to the cloud when running in Shadow Mode. Lately it has not been adding to the whitelist while in Shadow Mode. I never know what to expect with VS when using it with SD. Sometimes it can be difficult to find a pattern to say there's any specific bug. I will repeat a group of actions that lead to causing a specific problem, and will find an entirely different problem instead. It has to have something to do with the communication from the VS appdata file to the cloud. Maybe since the file is not retaining the changes made locally for the whitelist in the cloud after rebooting in Shadow Mode it causes either the local file to become corrupt or the whitelist itself in the cloud to become corrupt. Does VS compare the local file in the appdata folder with the whitelist in the cloud after rebooting? If it does then I believe that is what is causing the whitelist to be ignored, and in other cases causing the whitelist not to retain the changes being made while in Shadow Mode. All changes made to that file locally in the appdata folder will be discarded after rebooting, and if X application was added to the whitelist in the cloud while in Shadow Mode then that will no longer be reflected in the config file in the appdata folder. Is the file in the appdata folder suppose to be the same as the whitelist in the cloud?

    Updated: I guess I should just say that the file in the appdata folder is out of sync with the whitelist in the cloud leading to issues. Ignoring the whitelist, and failing to add to the whitelist etc.. I can not be for sure without knowing how the two function together. That would be my guess anyways.
     
    Last edited: Aug 16, 2013
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,057
    Location:
    Ontario, Canada
    Come on you know how :p Clean reinstall and before adding my credentials and I wanted to bring the Icon to full opaque and couldn't until I added my Credentials.

    Daniel ;)
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yes, there is something a little strange going on here. I am getting close to figuring it out. Thanks again for finding this bug!
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Btw.. if it is a sync problem is causing the conflict between VS, and SD then I believe the easiest way to avoid a conflict is to have VS sync from the cloud, and use the cloud whitelist to overwrite the local list each time. I'm only taking a shot in the dark though because I do not know for sure how the two communicate, and function together.
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yes, I will need to check out SD soon and see how it works with VS. The file in the appdata folder is only the same as the whitelist in the cloud when VS is started or stopped. Although, at some point we might make it update and sync more often, especially when we add the native whitelist editing.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    OOOhhhh, hehehe, I thought for some reason your subscription expired, like there was a problem on the web server. I was thinking "TH should not be seeing an expired icon".
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,057
    Location:
    Ontario, Canada
    If it was expired I know the guy to talk to. :D
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I used the remove computer button online to remove the 3 whitelist that was listed for my account.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    No problem!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, I think the problem that Cutting_Edgetech tech discovered was on the web server. I emailed them and hopefully they will have it fixed soon. The problem was that the whitelist was not being uploaded, but it was being downloaded. So it would overwrite your current whitelist. Anyway, it should be fixed soon, if not, I will look into it more tomorrow. Thanks again for everyone's help!
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I'm getting ready to retire soon. I thought I might study a little before I fall asleep.
     
  22. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    When I suggested changing the colour I was really thinking of the user who might be unaware that it was off and it would bring it to attention. But using my computer for office work yesterday I appreciate the comments by others that it would be distracting.

    I don't really understand the reasoning for VS to switch on and off. Looking at the task manager it consumes more CPU resource Off than when On.
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    If I've understood correctly how it works, it's so it can continue training quietly in the background while it's off, without bothering the user.
     
  24. KiwiChristchurch

    KiwiChristchurch Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    6
    May I ask what the startvs.exe process does?
    I have found that the startvs.exe has a much higher cpu usage and cycles than the VoodooShield.exe process. I am thinking this may relate to the much higher temperatures I experience on my laptop than usual.


    Thanks!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yes, what pegr said below... it just makes it easier to train VS what to allow. Smart / Off mode does use more cpu cycles because it it doing a lot more than in any other mode. It is watching for browsers, protecting the user space, allowing new processes, and all kinds of things. Whereas Always ON is simply just killing anything that is not on the whitelist. I prefer Smart Mode myself, but a lot of people prefer Always ON, especially after using VS for a few days when it is well trained.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.