VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, it works great with 8.1! Thank you!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, the free version is quite limited, but it does everything that 95% of users would ever want to do. I was actually going to make it even more limited than it is, but I conceded and added a few things to it that I did not initially want to add. But the way I see it, $20 per year is pretty darn cheap to block essentially 100% of all zero days (and everything else), especially when the industry standard is around a 5% detection rate for zero days ;).

    I kind of regret even offering a free version because it kind of backfired on us, and A LOT of people were upset that it did not have certain features.
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,100
    Location:
    Ontario, Canada
    It's not a download link?
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sorry about that... I knew I was forgetting something ;). You should be able to right click and "Save Target as"

    Or just download it from here, this will be easier. BTW, it might not work in all versions of Windows or IE. I tried it in Windows 8.1 and it did not work, they must have changed the security settings to not allow this kind of stuff. But it should work in Windows 7, IE 11, and all prior OS's.

    http://voodooshield.com/artwork/JSExploit.zip
     
    Last edited: Nov 23, 2014
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,100
    Location:
    Ontario, Canada
    It works! VS blocked it! :)
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, you can even uncheck the CMD setting in Settings / Tweaks, and VS will block Test.exe too!
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am looking into the service issue... I think that is the last issue besides the non English Windows issue that Plamen found.

    The error messages you posted will help a lot, so thank you for posting those! I am going to look into this a little more and one way or another we will get this fixed! Thank you!

    Edit: I THINK I figured out why the service is not starting on some computers, please try this version. There are a couple of other small changes, but overall it is about the same. BTW, I was going to add the Chrome x64 to the default web apps, but when I downloaded the 64 bit version of Chrome, the process was called Chrome... so if anyone experiences something different for Chrome 64 bit, please let me know!

    Here is the new version, I am hoping the service is completely fixed. I think there is about a 90% chance that it is!

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.14 beta.exe
     
    Last edited: Nov 23, 2014
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,100
    Location:
    Ontario, Canada
    2.14 Beta working good here and installed over top and rebooted! :)

    TH
     
  9. Yep, I would seriously re-think the product positioning.

    Cut down on functionality e.g. freeware version offering some sort of smart software restriction: allow everything to run from UAC protected folders (Windows and Program Files), block everything outside it. Set a simple default block with balloon question to check at VT, Block or Allow.
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you!
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I definitely agree, thank you! It would be kind of funny to see the reactions if we did this though... I mean, we were crucified because we did not have an option to edit the whitelist in the free version ;). I can just imagine what they would say if we did this ;). But really, a free product should be extremely limited, and only should have the basic features and functions that it needs to work properly and to demonstrate the product. Thank you!
     
  12. DX2

    DX2 Guest

    What about implementing a password lock, so it can't be shut off?
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,176
    Location:
    .
    EDIT: I now know Conversation = PM
     
    Last edited: Nov 23, 2014
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    Are you using the free version? There already is a password lock in the premium version. You just have to right click on the tray icon.
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    I'm still using beta 2.13. It has been running great. The only thing I have had issue with so far is sometimes I have to try to execute a file twice before receiving the bubble from the tray icon to allow it. I think maybe some tweaking is needed.
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    The executable is still chrome.exe, regardless. But the strange thing, though, is that they still install the 64-bit Chrome into the exact same location as the 32-bit: C:\Program Files (x86)\Google\Chrome\Application
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,176
    Location:
    .
    I have added check to "Do not Whitelist items in the AppData Directories"
    My thinking is that's a common place for malware to hide.
    Comments?
     
  18. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Absolutely, especially Temp folder and such.

    Although you will have to train it for normal program updates, like Chrome, Firefox, etc. That may be time consuming, but you should have better control that way.
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,176
    Location:
    .
    Thanks so much for your interest.
    Just Registered VS so, getting familiar with Settings not available w Free Version.
    Does Basic Setting ~ Automatically allow all software from the Program Files folders mean "all" or just those in my snapshot.
     
  20. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Literally means all. Anything else executed from there will automatically be allowed and added to snapshot, including if a malicious executable is run from there as well.

    Windows directories, on the other hand, is not given full access. VS devs hand selected certain executables to allow from there.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    Changes were made to VS that makes VS block executions from the AppData Directory even with that option unticked. I verified this by testing it for myself a few months back. I haven't checked recently though. Dan at one time said he may remove that option because VS blocks executions from AppData folders regardless if it is ticked, or not now. Yes, malware does love to hide there though.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,176
    Location:
    .
    Not sure I like "all". My snapshot seems to only contain the Program Files from Training and that I prompted. So, what happens if I uncheck "all". VS will prompt?
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,176
    Location:
    .
    My snapshot only has one AppData\temp from Kaspersky Security Scan that I installed today before I registered VS.
    Firefox was trained with Free VS and I find no AppData re Firefox. So, maybe VS does block AppData regardless. Since VS Free has no user Settings. No idea what Free VS default is.... Now, with Registered I can see Settings.
    Don't know about allowing "all" from Program Files or AppData. Seems peculiar to allow temps that will be deleted anyway. I'm sure temps are necessary but are they necessary in my snapshot.
    In Theory VS was installed on a clean machine. So, default settings is to allow "all" Program Files.
    Comments?
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I see what you mean, it was an easy fix. It will be included in the next version! Thank you for pointing that out!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Wow, very odd, it is like that on my system too... weird.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.