Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.
You're Welcome, yes i tried with 2.37 also and got the same result as you did again.
I get a continuous prompt now after VS blocked a file in Smart Mode from an external drive. You must click on the VS bubble in the tray icon when the file is blocked to trigger this bug. The prompt says, "some files are more difficult to allow than others. If you are having difficulty allowing this item, please left click on VS to turn it off, or choose the, "install" button instead of the "allow" button. I get the prompt now every time I left click on the VS tray icon. I tried shutting down VS from the tray icon, but the prompts would not allow me to shutdown VS. I got an additional prompt each time I chose Shutdown which are all frozen on my screen now. Since I could not shut down VS from the tray icon I had to reboot. I captured part of the problem on the video enclosed in this archive, but I did not capture my attempt to shutdown VS from the tray icon. https://www.dropbox.com/s/wyhqhfxgxiss8pa/Continous prompt.rar I'm using Windows 7X64 Ultimate.
I think VS should treat external drives as userspace in Smart Mode, and block all executions from external drives. You could also make it optional by giving the user an option in the settings to block executions from external storage devices. As it stands now VS blocks some files from external drives, but allows others so there seems to be no expected behavior for how VS should treat executions from an external drive in Smart Mode.
I'm operating in Always On Mode now, and I just got a bubble prompt stating that RUNDLL32.EXE is blacklisted. VS blocked it according to the VS log file. I'm using Windows 7X64 Ultimate.
I plugged a flash drive into my USB drive, and I got a message saying that RUNDLL32.exe is blacklisted again. It blocked RUNDLL32.exe again. I'm operating in Always On Mode. I'm using Windows 7X64 Ultimate.
Cool, cheers...good to know. Looking forward to the v2.38 or whatever is next Beta...bring it on!
Command prompt problem 2.37
I was also wondering if anyone else using windows 8.1 or windows 7 has experienced this problem after uninstalling previous betas
After uninstalling, there would be unnamed program via task manager start up, then it would show two instances of Voodooshield unless you delete all the registry keys manually.
Sounds good! Once VS 2.0 is completely stable, we might try to toggle based on internet activity, just to see if we can make it more predictable. I think it would be cool, but only if it worked really well. Thanks again!
Cool, thank you, I will check into it. I created a new feature that automatically gets the email address and password from 1.30, so that users do not have to remember their password. I thought I had all of the glitches worked out, but I will try the procedure that you went through and see where the bug is. Thank you!
That is about right, somewhere between 15-35k. I think it depends on a lot of things, like the OS, how many processes are running, and how many items are in the whitelist, etc. Thank you!
Hey Novastar, the first issue is now fixed. I will check on the start up issue and see what I find. Thank you!
I am making progress on the Roboform issue. However, I have ran into a little issue. In order for VS to Allow this extension, we have to allow the command line. That normally would not be an issue, but Roboform seems to change their command line each time . I have a couple of ideas on how to fix this, but it will take at lease a couple of days. Thank you!
c:\windows\system32\cmd.exe /c "c:\program files (x86)\siber systems\ai roboform\chrome\rf-chrome-nm-host.exe" --parent-window=0 chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ < \\.\pipe\chrome.nativemessaging.in.8c89d64c77d77441 > \\.\pipe\chrome.nativemessaging.out.8c89d64c77d77441
c:\windows\system32\cmd.exe /c "c:\program files (x86)\siber systems\ai roboform\chrome\rf-chrome-nm-host.exe" --parent-window=0 chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ < \\.\pipe\chrome.nativemessaging.in.b9b952a98efbc9cf > \\.\pipe\chrome.nativemessaging.out.b9b952a98efbc9cf
Sounds good, thank you. Let me look into this and I will get back to you asap!
There are a few more system command lines that I need to add. Once I do, we will be good to go. Version 2.38 will have a prompt that will ask you to email me the command line so I can hardwire it in. I will post 2.38 soon. Thank you!
Yeah, as soon as we figure out the command line, we will be good to go!
Here is 2.38, it basically just has a few bug fixes... one was kind of a big bug with parsing the command lines, but it is working great now.
It will also display a message whenever a rundll32 file is blocked, so we can finish getting all of the system command lines. I have most of them, but obviously I am missing a couple .
So if you see this message, please let me know. Thank you!
http://www.voodooshield.com/freeoffer/Install VoodooShield.2.38 beta.exe
Hmmm, that is odd. Where you trying to open something when that message came up? If so, what were you opening?
Just right clicking the windows 8.1 start button and selecting command prompt admin. Looks good besides that
Ooops, hehehe, that's an easy fix . Basically, I completely recoded all of msiexec, cmd and rundll32 parsing (this allows VS to get the command line arguments, so it can allow only specific items that are associated with these files), but I completely forgot to add just the plain command prompt without arguments.
Thank you for letting me know, it is a super simple fix!
Running 2.37 in Win 8.1/64
Getting regular messages about rundll32. Don't know what is calling them but I ignore them and all seems to work.
After installing yesterday I could not get Task Manager to load. VS was blocking it. Shutdown VS and restarted. Since then has been ok.
Will 2.38 later.
I think if you uninstall 2.37, reboot, install 2.38 and reboot once more, it should work properly. In 2.38, if VS blocks a system rundll32, it will give you a message that tells you exactly which system rundll32 is being blocked. Please let me know which rundll32 is being blocked, and I can add it to VS.
I am working on an option that will allow users to manually "whitelist" rundll32 commands, but I would like to hardwire as many of the system ones as possible.
That is odd that the task manager is being blocked. I would be curious what is causing that, but 2.38 should let us know exactly what is going on. Thank you!
Looks like another busy night giving this version some wellie...hope to get to it after dinner (which should be in just a moment...Yum)
I have been noticing that after i shutdown VS task manager shows nothing running. However Webroot shows "voodooshieldservice" as still running when I click "control active processes"
both process are set to allow.
I uninstalled v2.37 beta and rebooted, and then installed 2.38 beta. That finally got rid of ignore/retry scenario that I reported previously.
However, I am now back to my license expiring on 31 July 2014.
Sounds great, thank you!