VoodooShield/Cyberlock

Hey Baldrick, as far as the browsers go, you can just add a Custom Allowed Folder Settings / Custom... something like "c:\browsers".

I have never heard of the folder "c:\windows\sysnative", where is that coming from? You can also add that folder to Custom Allowed Folders as well.

The previous versions of VS should have blocked these folders as well. Are they new folders? Thank you!

 

Thank you guys for the help! I think I just need to add "c:\windows\sysnative" to the windows allowed folders, after I find out if it is a windows protected folder or not. But that is really odd, I do not have that folder on my system, and have never heard of it. I will research it some more and have a fix sometime tonight or tomorrow. Basically, assuming that it is a windows protected folder, I will just add it to the list of other windows protected folders, (eg, system32, syswow64, etc), then I am sure it will work great. I tested this version on 3 systems for 3 days, and this did not appear at all. It must be because the cpn is now seeing the system folders / files that it did not see before. Anyway, it will be an easy fix, sorry about that!

 

Hehehe, I tried to download the filehippo update checker, thinking that I would see the sysnative folder, but it is nowhere to be found! I will research that folder and figure out what to do.

Thank you everyone, sorry about that!

 

C:\Windows\Sysnative is simply an alias for C:\Windows\System32 allowing a 32-bit application to access 64-bit apps on 64 bit Windows. It does not work for 64-bit processes (since they can access system32 directly). It was introduced in Vista. It's related to the file system re-direction feature.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384187(v=vs.85).aspx

 

Cool, thank you for the info! I do not have the sysnative folder on any of my computers, and I do not ever remember seeing that folder before. It is odd because since I have been working on VS, I have had to figure out what a lot of the folder do specifically, and I have never seen that one.

This should fix the issue, although I obviously cannot test to be sure since I do not have that folder .

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.64 beta.exe

 

Should, I update or stay at 2.63 beta, since I know on XP, it is not applicable.

 

Yeah, exactly, it is not applicable to XP, so you can skip this one. There are 2 small bugs that I am aware of so I will fix those, along with anything else you guys find, then you can update.

The two bugs that I am working one are:

1. The registration issue if there is not an internet connection. Although that might be fixed now... it is hard to test because there is not a good way to simulate a wireless connection not fully connecting.

2. When the user drags and drops to VS, it works, but the Sandbox and Allow buttons prompt the user twice.


Thank you guys!

 

Thanks...I am lazy, so less uninstalling and installing the better, for this ancient system.

 

However, I do notice that when I access settings, then Web apps tab, there is a sudden increase in CPU usage to about 25%, fluctuating.

 

Well 2.64 is running well and your Right I need to re-register after second reboot on my Laptop and why does it go into Smart Mode after the second reboot automatically? I will give it a go and let you know if I find any issues!

Thanks,

Daniel

 

Just got another Block from: 13/09/2014 9:05:49 AM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe

 

Ooops, I just noticed something, thank you TH! Since rundll32 is blacklisted when VS is ON, it will block it, if the path is c:\windows\sysnative\rundll32.exe. It should be an easy fix. Is there anyway someone can email me a screenshot of the contents of the c:\windows\sysnative\ folder? I want to make sure VS does not blacklist anything else in that folder.

Edit: Ohhh, I see, the c:\windows\sysnative\ folder does not actually exist, it is just an alias like Defenestration mentioned. Let me see what I can do.

 

Yeah, it is because VS is detecting the active Web Apps. I will see if I can do something about that. Thank you!

 

I can make it so that VS does not go into Smart Mode automatically. Basically, on First Run, it is set to start in Training Mode. Then anything after first run, it will start in Smart Mode, unless Always ON has been selected, then it starts in Always ON. So whenever it is started again, it will either start in Smart or Always ON. But I can remove that code so that it starts in whatever mode it was in previously. What do you guys think?

 

Hopefully this will fix the sysnative issue for rundll32. If VS blocks any of the other blacklisted items that use this virtual folder, it will be an easy fix (wscripts, cscripts, msiexec, xcopy, cmd, regedit, regsrv32, taskkill, etc.)

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.64 beta.exe

 

Hi Dan, just got back and seen all of this. .64 will be installed within the hours and then given some wellie...as usual.

Regards, Baldrick

 

I think start in whatever mode it was in previously.

 

.64 is still blocking c:\windows\sysnative\rundll32.exe

 

Ok, cool, we can have it start in the previous mode. I think the sysnative issue will be easy to fix, but can you tell me how to trigger it? Thank you!

 

Hi Dan

Well, I seem to get it every time I start one of the browsers that I have installed in a folder whose path is C:\Browsers. I would suggest that you set up the same and stick a portable version of a browser in there and then try to run the browser in question.

 

You should be able to trigger it by creating a simple 32-bit executable which executes "c:\windows\sysnative\rundll32.exe" (eg. using CreateProcess() ) and run it on a 64-bit Windows or Vista or later.

 

Cool, thank you guys, I will try one of those and see if I can reproduce it. Once I can, it should be super easy to fix.

 

VS 2.63 works without issue on my Vista together with SpyShelter and Shadow Defender...is necessary change it into 2.64?

 

still getting issue with 2.64
c:\windows\sysnative\rundll32.exe

now when launching Internet Explorer and using File Hippo 'Update checker'

 

No, the only change in 2.64 was trying to fix the sysnative issue. I downloaded both of the portable browsers and put them in the same folder as Baldrick, but I have been unable to reproduce this issue. Once we can reproduce it, it should be super simple to fix, but so far no luck on figuring out what triggers it. I will try the other option that Defenestration recommended, or better yet, I will tell the new developer about the issue, and hopefully he can fix it. He is working on the kmd right now, but this should be a quick fix.