VoodooShield/Cyberlock

You said "your typical AV is only effective on typical viruses." and that is simply not true. Besides 90%+ of the products available on the market today does not solely rely on signatures to detect malware, there are several layers. And most of the big names are usually backed up by a back-end cloud system using heuristics, reputation etc etc...to detect new threats, no local signatures involved.

"and tested by anti-virus researchers before they can add a new threat to database definitions."

If you think that's how it works today then you can continue to believe that as far as I am concerned.

"if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything"

It all depends on the product and what features it has. You can even use some AV's as anti-exe if you like.
I don't know why I am telling you all this as you don't seem interested to hear it anyway.

"Your AV doesn't work!"

Last time I checked it worked fine.

I am not sure but to clarify.
If you think I am bashing VoodooShield then you got the wrong end of the stick.

 

Hi,
I use USB's quite alot and run VS in Smart mode, and can confirm that in 2.13 beta the VS shield always toggled to USB mode on insertion of USB. I now run 2.14 beta and it doesn't toggle anymore so a bug seems to have appeared in this beta.

 

Guess, I just spend too much time reading content of Security app Forums and Malware Removal Forums.
Lets agree to disagree.
Cheers

 

Mhm maybe that's it, but on the other hand I do that too
Sure we can agree to disagree no hard feelings, Cheers!

I only wanted to clarify the "typical viruses" part that's all.

 

Yeah...I went back over my steps and found v2.12...VS Smart Mode Off does toggle to USB Mode upon insertion of USB.
Also, found out with v2.12 that VS desktop shortcut does not Enable VS. I Disabled Protection to install VS beta v2.13. VS prompted to close VS. Found VS EULA had not changed regarding personal identifiable information...so, I canceled install. Tried to Enable / Start VS from Desktop shortcut ~ no response. Had to restart to bring back VS Icon. I do run with UAC on. Haven't found way to avoid UAC warning. So, I turned UAC back on. Maybe having UAC on does something to VS shortcut. EULA does state "VoodooShield™ works best with UAC disabled, and on computers whose user accounts run as administrator". I've got the admin part covered. Anyone know (or is it proprietary) if I'm running VS in a degraded state with UAC on. TIA

 

Yes, no conflicts.

 

COOL

 

Like to see VS protection extended to browser add-ons.
malicious browser extensions
Comments?

 

I personally haven't seen or heard of any conflicts between UAC and VS. I always have UAC on highest setting possible along with VS and have had no issues. I believe the reason why VS has done this (or suggested this) is because VS does cover most of the job the UAC does and makes UAC almost irrelevant, and the goal of VS is to make the computing experience for the user secure yet less complicated. Meaning, not having to deal with UAC prompts as well as potential prompts from VS depending on the executable. They want to lock down the systems for their users in a way that is less confusing for those average everyday computer users.

But since there is really no conflicts, I would suggest keeping UAC enabled, as long as you don't mind the prompts. I personally like to know what is going on in my system and have full control. And since VS Free version allows all to run from Program Files folders, having UAC enabled gives some extra protection there. For users who like full control and like being more thorough, I would keep UAC enabled. For the majority, those everyday average computer users it is probably fine to let VS disable UAC and keep things simple because those users would not know the correct choice for UAC prompts anyways since they tend to keep on clicking just to get done whatever they need to get done.

 

Hey, sorry I have been busy working on the new version, but I will catch up on the conversations soon!

Here is the latest version. VS now includes a feature that allows by Parent Process, which makes VS run UNBELIEVABLY SMOOTH! It is quite similar to Publisher / Digital Signature feature. I have not added an option in Settings to turn this feature OFF, but I cannot imagine anyone ever wanting to turn this feature off for any reason. But if you guys think I should add an option to turn the Parent Process feature off, please let me know!

MOST IMPORTANT!!! Please make sure nothing slips through VS after the addition of this feature. While adding this feature, I had to make sure that, for example, explorer.exe was not considered a valid Parent Process, because otherwise, everything would be allowed, since explorer.exe is the parent process to the majority of the processes. So I just want to make sure that nothing else is considered a valid parent processes that should not be, because it would allow items to slip through. I think the way I did it will work very well, and so far nothing has slipped through, but if you find something, please let me know! Thank you!

Edit: I removed the link to the latest version until the bug is fixed.

 

Dan this just over writes 2.12?

 

As usual WBD ~ Great Reply ~ Thanks
I prefer UAC prompt also...feel naked without it. Just didn't know why Desktop short cut would not respond. As I wrote...I had Disabled Protection and closed VS. VS Icon gone. Attempt to use VS shortcut to bring VS back. No response. Had to restart.
Had no idea what to attribute this to other than EULA language re VS works in optimal state with UAC disabled. quote EULA <<VoodooShield™ was designed to be a better alternative to the Microsoft Windows User Account Control (UAC). While VoodooShield™ is compatible with UAC, VoodooShield™ works best with UAC disabled, and on computers whose user accounts run as administrator. During installation, VoodooShield™ will disable UAC so it can run in an optimal state.>>
Fairly straight forward language. "compatible vs works best in an optimal state"

1) So, shortcut should be able to bring back VS? Wonder why I had no response...
2) If malicious code tries to manipulate whitelisted programs to deliver payload. VS blocks whether I'm in a web facing app or not ... Like if I open a malicious pdf offline.
3) Do you know if browser extensions are protected malicious browser extensions
3) Under Tweaks ~ why are those 8 items checked by default ~ Not to whitelist.
Registered VS 2.12

 

Yeah, you can either uninstall the old version or just over write it... it should work fine either way! Thank you!

 

So, 2.13b beta comes out after 2.14?

 

Did I post 2.14 beta? I do not remember doing so. 2.14 was a special version that was helping me to fix the non-English Windows issue.

2.13b beta is the latest and has all of the features.

 

Okay...Thanks

 

Hey Dan! Anything that improves system performance with any software is something that I am always happy to hear.

Now the only thing is, I don't necessarily understand how this new feature works. Could you please explain in a bit more detail how this new feature works with regards to spawning new processes and so on? Also, how does it make for better performance?

Thanks Dan. I'm always the thorough type of person who likes to know exactly how things work, as opposed to just knowing that it does work. I like to tinker and understand. Looks like you are working hard again, but looks like you are enjoying that time so that is a good thing. Keep up the great work.

 

v2.13b beta detected as Threat by VS 2.12 cloud scan
11/26/2014 2:36:53 PM Blocked install voodooshield.2.13b beta.exe c:\users\bjms\desktop\install voodooshield.2.13b beta.exe
second attempt Quarantine ~ Mal/Generic-S
11/26/2014 3:11:31 PM Blocked install voodooshield.2.13b beta.exe c:\users\bjms\desktop\install voodooshield.2.13b beta.exe

 

Good to know and Thanks Dan!

Daniel

 

Sure... basically if a new process is allowed, and spawns a child processes, then the child process is allowed as well, since any child process of the allowed parent process is allowed.

It does not happen a lot, but sometimes processes spawn other processes... for example antivirus updates. In theory, if your traditional antivirus spawns a new update, it should automatically be allowed now. Another example is when the user is installing new software, a lot of times the parent process will spawn several executables.... so they should all be automatically allowed now.

As I was saying, we have to be very careful to not allow something like explorer.exe to automatically spawn a child process, otherwise something can slip through. I am pretty sure that nothing is going to slip through, but we should know in a couple of days if we need to tweak it a little. The reason I say that is because malware should never be allowed to run in the first place, so it is stopped long before the processes is evaluated for its parent process. Thank you!

 

Hehehe, did I post a link on here for 2.14? I do not remember doing that.

Either way, 2.13b beta is the most recent.

 

Kwel! Maybe that BUG that CET was saying will be gone? USB issue?

 

Thank you so much, Dan. I didn't want to quote your whole post and take up too much room here. But from reading your whole post I got a much better understanding of what you meant with this new feature. Great idea, by the way. And it makes sense to give permission to those child processes as well. It's great that this has improved performance as well, as you say. I will test this later on tonight. Thanks again.

 

Hehehe, not in that version, but I just now fixed it . It will be fixed in the next version! Thank you!

 

Sure, thank you!