VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is sooo odd, I have tried to reproduce the error, but so far no luck. Thank you for letting me know though ;).
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,961
    Location:
    Ontario, Canada
    Same here Dan with IE.
    13/09/2014 5:24:09 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    13/09/2014 5:24:09 PM Allowed iexplore.exec:\program files\internet explorer\iexplore.exee8ad685fe1a1f58eaa1e27400d67c0f404780d8448c15ca0fe0de4e458f38a13
    13/09/2014 5:24:08 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe

    Found some info here: http://stackoverflow.com/questions/4703635/rundll32-exe-equivalent-for-64-bit-dlls

    Thanks,

    Daniel :)
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,961
    Location:
    Ontario, Canada
    Couple more opening IE11 just now but everything else seems good! Re-registration on reboot it doesn't happen every time on my Laptop so your close there and shouldn't your system remember the registration on reboot without the need to contact the Cloud? How about if I want to use my laptop or even Desktop offline?

    14/09/2014 12:40:28 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 12:31:02 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:14:50 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:14:44 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:55 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:51 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:51 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:50 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:50 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:50 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:23 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 1:13:22 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 12:51:13 PMBlockedrundll32.exec:\windows\system32\rundll32.exef5691b8f200e3196e6808e932630e862f8f26f31cd949981373f23c9d87db8b9
    14/09/2014 12:51:13 PMAllowedwerfault.exec:\windows\system32\werfault.exee59c349b964f585c27f63fbf7c1b5d7c6cf8cc958bd35100a36d57542dc13972
    14/09/2014 12:40:28 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe
    14/09/2014 12:31:02 PMBlockedrundll32.exec:\windows\sysnative\rundll32.exe


    Thanks,

    Daniel
     
    Last edited: Sep 14, 2014
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for the info! I cannot seem to invoke anything from that folder, so I emailed our new developer to see if he can help.
     
  5. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    Hi all! After long time of lurking in this thread, I decided to explore it a little bit. Installation was a breeze and Dan's email responses are extremely fast :thumb:

    Everytime my Win7 machine boots up VS gives me a balloon about blocking cmd program without mentioning any specifics, urging to click on notification to find out more. Clicked, got pop up about "some programs are harder to block than others".
    I looked into
    • C:\Users\<user name>\AppData\Roaming\Microsoft\Windows\Start Menu
    • C:\ProgramData\Microsoft\Windows\Start Menu
    And msconfig/startup but didn't find anything suspicious and it would be much easier to figure out what is going on if VS would give details about name or place of blocked program.
    Thanks.
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, I still have not figured out how to trigger a process from a sysnative path, but I think I figured out what was wrong. Basically, VS checked to see if the file existed before evaluating it, to see if it was allowed to run. Well, since it did not exist in the sysnative folder, it just automatically blocked it. I cannot remember why I put that check in a few months ago, but I am testing it now and it seems to be working great. Please let me know, thank you!

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.64 beta.exe
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hi Yura, if you right click on VS and choose View Log / Snapshot, it will give you the details on what was blocked. Please try the latest version, and if you are still having issues, let me know what it blocked and we can figure it out. Thank you!
     
  8. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,555
    Location:
    South Wales, UK
    Hi Dan

    Thanks for that. That sounds like that should fix that one. Have uninstalled the previous v2.64 and installed this latest version (I assume that you meant to keep it as v2.64?) and am trying it out now....and will get back to you if this has put paid to the blocking of the browser launches from C:\Browsers, etc.

    Regards, Baldrick

    EDIT: Just tried all the browsers that were having issues previously and they all launch as expected...so tentatively I would say that is sorted as far as I am concerned...Good Job...:thumb:
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,961
    Location:
    Ontario, Canada
    Still having the same issue with the latest 2.64 Beta.

    Daniel

    15/09/2014 1:41:21 PM Allowed iexplore.exe c:\program files\internet explorer\iexplore.exe e8ad685fe1a1f58eaa1e27400d67c0f404780d8448c15ca0fe0de4e458f38a13
    15/09/2014 1:41:21 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:41:09 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:41:09 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:41:09 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:41:08 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:41:08 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:40:54 PM Allowed iexplore.exe c:\program files (x86)\internet explorer\iexplore.exe 32c97ab4581c6e6d0470b4f4159c6db4d4e7306d2f2c398a128f1dd26f53110c
    15/09/2014 1:40:52 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
    15/09/2014 1:40:51 PM Blocked rundll32.exe c:\windows\sysnative\rundll32.exe
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Installed 2.64/3 over the top of 2.63 in Win 8.1/64

    On reboot when VS loaded it had lost all its settings

    Set The Bat in Apps to be allowed and it was blocked by VS.

    It allows Avast to load but blocks it from updating and causes it to freeze.
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Balrick, I think the best thing you can do as far as the C:\Browsers issue is concerned is to either put that folder in the Program Files folder (since everything is allowed in this folder), or add the C:\Browsers path to Custom Allowed Folders in Settings / Custom. Thank you!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is a bummer. I am going to have to figure out a way to trigger the sysnative folder. Thank you for letting me know!
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know. Yeah, right now, VS automatically resets all of the settings during installation, but this is just for the beta. The web apps feature just makes it so that VS will toggle with that web app, it does not whitelist it. Although, it would be cool to automatically whitelist the web app when it is selected. I think I will do that once we work out these last couple of bugs. I am sure the Avast issue is related to these other issues.

    I will talk to the new developer and we will get a game plan together, sorry about all of the trouble!
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
  15. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,961
    Location:
    Ontario, Canada
    WoW Dan what did you do with this version it's working as it should and I did a few reboots and nothing from c:\windows\sysnative\rundll32.exe at all and I have opened IE11 many times it looks like VS is back! :) But I will keep testing!

    Thanks,

    Daniel :)
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know! Well, believe it or not, rundll32.exe was blacklisted in one part of the code, and I never noticed it ;). So I just deleted that one line of code and it seemed to have worked! Sorry it took so long to fix.
     
  17. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    2.65beta working great on Win 764bt and Win 8.1 32 bit windows tablet. Have not seen any issues with sysnav.

    One thing i did want to bring to your attention. It seems VS uses as much as or more than 100,000k in memory. My system still feels as snappy as im used to so i guess its not an concern :)


    also. when VS is active with FireFox open, if i launch Malwarbytes I get 1 blocks.


    9/17/2014 4:35:04 AMBlockedregsvr32.exec:\windows\system32\regsvr32.execa24aef558647274d019dfb4d7fd1506d84ec278795c30ba53b81bb36130dc57
     
    Last edited: Sep 17, 2014
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds good, I will fix the memory issue. I was trying a different method to flush the memory after VS blocked something, but it looks like the old method is better. I will also fix the regsvr32 issue. Thank you!
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,961
    Location:
    Ontario, Canada
    2.65 is working awesome Dan great Job! Now how about the re-registration on boot up for Laptops can't the PC save the credentials locally as I said before how about if I want to run my laptop offline?

    Thanks,

    Daniel :)
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds great, thank you! I will work on the registration issue today!
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,875
    Also, I installed 2.65 earlier this evening. Seems OK...no CPU usage problem that I described for 2.63.

    Just the registration problem, that you are going to fix. :)
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,555
    Location:
    South Wales, UK
    Hi Dan, .65 up and running here, and as TH stated no sign of the sysnative issue here...all looking good so far...but need to give it some wellie...as per usual, and then will look to report back. :thumb:

    Regards, Baldrick
     
  23. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    Don't know if it's how it is supposed to be or not but when I play youtube video after some time VS goes into OFF mode.
    Additionally when screensaver turns on the shield starts to blink like mad conflicting with something I guess.
    http://i.imgur.com/hE8HPgT.png

    I know that VS shield looks nice and has psychological effect ensuring safety when user looks at it in the corner of desktop but it's very distracting when watching movies and should it turn itself off when browser is open?
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sounds great Tarnack and Baldrick, thank you!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.