VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    266
    You're Welcome, yes i tried with 2.37 also and got the same result as you did again. :)
     
    Last edited: Jul 22, 2014
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I get a continuous prompt now after VS blocked a file in Smart Mode from an external drive. You must click on the VS bubble in the tray icon when the file is blocked to trigger this bug. The prompt says, "some files are more difficult to allow than others. If you are having difficulty allowing this item, please left click on VS to turn it off, or choose the, "install" button instead of the "allow" button. I get the prompt now every time I left click on the VS tray icon. I tried shutting down VS from the tray icon, but the prompts would not allow me to shutdown VS. I got an additional prompt each time I chose Shutdown which are all frozen on my screen now. Since I could not shut down VS from the tray icon I had to reboot. I captured part of the problem on the video enclosed in this archive, but I did not capture my attempt to shutdown VS from the tray icon. https://www.dropbox.com/s/wyhqhfxgxiss8pa/Continous prompt.rar I'm using Windows 7X64 Ultimate.

    I think VS should treat external drives as userspace in Smart Mode, and block all executions from external drives. You could also make it optional by giving the user an option in the settings to block executions from external storage devices. As it stands now VS blocks some files from external drives, but allows others so there seems to be no expected behavior for how VS should treat executions from an external drive in Smart Mode.
     

    Attached Files:

    Last edited: Jul 22, 2014
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I'm operating in Always On Mode now, and I just got a bubble prompt stating that RUNDLL32.EXE is blacklisted. VS blocked it according to the VS log file. I'm using Windows 7X64 Ultimate.
     

    Attached Files:

    Last edited: Jul 22, 2014
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I plugged a flash drive into my USB drive, and I got a message saying that RUNDLL32.exe is blacklisted again. It blocked RUNDLL32.exe again. I'm operating in Always On Mode. I'm using Windows 7X64 Ultimate.
     

    Attached Files:

    Last edited: Jul 22, 2014
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Cool, cheers...good to know. Looking forward to the v2.38 or whatever is next Beta...bring it on!
     
  6. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    Command prompt problem 2.37 cmdprompt.png

    I was also wondering if anyone else using windows 8.1 or windows 7 has experienced this problem after uninstalling previous betas
    voodoo.png

    After uninstalling, there would be unnamed program via task manager start up, then it would show two instances of Voodooshield unless you delete all the registry keys manually.
     
    Last edited: Jul 22, 2014
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds good! Once VS 2.0 is completely stable, we might try to toggle based on internet activity, just to see if we can make it more predictable. I think it would be cool, but only if it worked really well. Thanks again!
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I will check into it. I created a new feature that automatically gets the email address and password from 1.30, so that users do not have to remember their password. I thought I had all of the glitches worked out, but I will try the procedure that you went through and see where the bug is. Thank you!
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    That is about right, somewhere between 15-35k. I think it depends on a lot of things, like the OS, how many processes are running, and how many items are in the whitelist, etc. Thank you!
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Novastar, the first issue is now fixed. I will check on the start up issue and see what I find. Thank you!
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am making progress on the Roboform issue. However, I have ran into a little issue. In order for VS to Allow this extension, we have to allow the command line. That normally would not be an issue, but Roboform seems to change their command line each time ;). I have a couple of ideas on how to fix this, but it will take at lease a couple of days. Thank you!

    c:\windows\system32\cmd.exe /c "c:\program files (x86)\siber systems\ai roboform\chrome\rf-chrome-nm-host.exe" --parent-window=0 chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ < \\.\pipe\chrome.nativemessaging.in.8c89d64c77d77441 > \\.\pipe\chrome.nativemessaging.out.8c89d64c77d77441

    c:\windows\system32\cmd.exe /c "c:\program files (x86)\siber systems\ai roboform\chrome\rf-chrome-nm-host.exe" --parent-window=0 chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ < \\.\pipe\chrome.nativemessaging.in.b9b952a98efbc9cf > \\.\pipe\chrome.nativemessaging.out.b9b952a98efbc9cf
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds good, thank you. Let me look into this and I will get back to you asap!
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    There are a few more system command lines that I need to add. Once I do, we will be good to go. Version 2.38 will have a prompt that will ask you to email me the command line so I can hardwire it in. I will post 2.38 soon. Thank you!
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, as soon as we figure out the command line, we will be good to go!
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Here is 2.38, it basically just has a few bug fixes... one was kind of a big bug with parsing the command lines, but it is working great now.

    It will also display a message whenever a rundll32 file is blocked, so we can finish getting all of the system command lines. I have most of them, but obviously I am missing a couple ;).

    So if you see this message, please let me know. Thank you!

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.38 beta.exe
     
  16. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is odd. Where you trying to open something when that message came up? If so, what were you opening?
     
  18. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    Just right clicking the windows 8.1 start button and selecting command prompt admin. Looks good besides that
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ooops, hehehe, that's an easy fix ;). Basically, I completely recoded all of msiexec, cmd and rundll32 parsing (this allows VS to get the command line arguments, so it can allow only specific items that are associated with these files), but I completely forgot to add just the plain command prompt without arguments.

    Thank you for letting me know, it is a super simple fix!
     
  20. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Running 2.37 in Win 8.1/64

    Getting regular messages about rundll32. Don't know what is calling them but I ignore them and all seems to work.

    After installing yesterday I could not get Task Manager to load. VS was blocking it. Shutdown VS and restarted. Since then has been ok.

    Will 2.38 later.
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I think if you uninstall 2.37, reboot, install 2.38 and reboot once more, it should work properly. In 2.38, if VS blocks a system rundll32, it will give you a message that tells you exactly which system rundll32 is being blocked. Please let me know which rundll32 is being blocked, and I can add it to VS.

    I am working on an option that will allow users to manually "whitelist" rundll32 commands, but I would like to hardwire as many of the system ones as possible.

    That is odd that the task manager is being blocked. I would be curious what is causing that, but 2.38 should let us know exactly what is going on. Thank you!
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Cheers, Dan

    Looks like another busy night giving this version some wellie...hope to get to it after dinner (which should be in just a moment...Yum):D
     
  23. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    I have been noticing that after i shutdown VS task manager shows nothing running. However Webroot shows "voodooshieldservice" as still running when I click "control active processes"

    both process are set to allow.
     
  24. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I uninstalled v2.37 beta and rebooted, and then installed 2.38 beta. That finally got rid of ignore/retry scenario that I reported previously.

    However, I am now back to my license expiring on 31 July 2014.
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds great, thank you!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.