VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,998
    Location:
    .
    The Dan intended action of a setting are known only to Dan
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, when you double click to add the path, it only allows you to select a folder, not a file.
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,998
    Location:
    .
    So, you're testing 200,000+ new malware a day....?
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Were there more than 2 people that did not understand what that setting meant?
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,998
    Location:
    .
    and nothing stops me from adding....c:\program files (x86)\google\update\googleupdate.exe
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Believe me, if someone could bypass VS, everyone would know about it. Bypass it.
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, good point, I will add an error handler, just in case someone does not read the heading "Custom Blocked Folders". So basically, if the path ends in an extension instead of a folder, VS will display a message box that says "The Custom Blocked Folders option is for Custom Blocked Folders only, not files. Please select a folder like it specifies above".
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,998
    Location:
    .
    Well, then you've got a gold mine.... I'll run FREE .... as VS cannot be bypassed. Correct ? VS FREE cannot be bypassed. Correct ?
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, if you found a hole, please let me know! I will be extremely curious what finally bypassed VS!
     
  10. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,329
    Correct me if I'm wrong, but didn't WildbyDesign posted a way to bypass it?
     
  11. funkymonkeyboy

    funkymonkeyboy Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    73
    I'm running the latest version on win 8.1 with Avira. All ok except rundll32 pop up. Can I just allow?
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, no, he was the closest though. His method involved copying the virus to a certain folder (I do not remember which one). I replied to him something like "well, you are close, now you just have to somehow get that file to that folder, then it is bypassed."
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It depends on what it is, but in general yes. The best thing to do is to just put VS in training for a little while is use your programs heavily for 5 minutes or so. Be like... "I use this...I use this..." and click on every program you use. Then put it in smart mode or always on, then you are good to go. BTW, if you or Azure need a free Pro license, email me at support@voodooshield.com. Thank you!
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Seriously, if anyone ever finds a security hole, please let me know!

    What I do know is this... 80% of my local clients run VS, and they simply DO NOT get viruses anymore (essentially for the last almost 4 years.)

    A very, very old version of VS had a hole where something snuck through (it was a simple bug in the code), and it affected one very angry user on here, although VS helped by minimizing the damage. And I had a client that had the exact one slip through. But that hole has been long patched. Other than that, VS has never been bypassed... if it had, believe me, we would be the first to know. We even did the VoodooShield Challenge to see if someone could bypass it. Someone might bypass VS at some point, but I do not think it will be anytime soon.

    So out of my hundreds of local clients who run VS and the many thousands of VS customers around the world... VS has not been bypassed in at least 3 years (the only 2 exceptions are above, and that has been fixed). You should see the computers that have been running VS for 2-3 years... they look like brand new when I go to install a printer or whatever.

    The reason VS is so effective is because it is a very tight lock, but even more importantly, it is simple and user-friendly enough for the average and computer novices to USE EFFECTIVELY. So when people doubt VS's effectiveness in the real world, I just laugh, and laugh because if they see what I see on a daily basis, they would have been a believer 2-3 years ago.

    The last I knew, to get a representative sample, you need around 2,000 or so samples (customers). Well, we have a lot more customers than that, so it is proven mathematically.

    BTW, we have talked about this before... I am not here to argue. If you want to joke, that is one thing, but if you are just trying to be a pain, I really do not have time for that. I am here because the guys at wilders and I have been working on VS together for close to 4 years. While it has been a lot of work for everyone, it has also been a lot of fun. If you want me to respond to your posts, please keep them intelligible, nice and make sense.

    I am going to get something to eat. I cannot wait to see how you break VS! Thank you for trying (seriously)!
     
    Last edited: Feb 18, 2015
  15. funkymonkeyboy

    funkymonkeyboy Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    73
    Emailed you, thanks.

    I will find the exact pop up message for you. I've seen it somewhere before in these forums.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, I did not get the email yet so please send it again. I will check it when I get back a little later. Thank you!
     
  17. funkymonkeyboy

    funkymonkeyboy Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    73
    Ok sent it to Dan at Voodooshield this time. Hope you get it.

    Found the pop up. It's on page 182. I'll try to get an image. Post 4529
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Is this in regards to the feature you changed the description for. If it is then I don't anyone would have understood it because the description was not accurate until you changed it.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    What is ES?
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    ADD A Lock To Your Computer makes more sense to me. I will try to think of a description to make the user associate the Lock with an AV.
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,044
    Location:
    Ontario, Canada
    I agree with you! I would like to see someone bypass VS via the Malware route never mind copying it to a Whitelisted area like Program Files or Windows do it from the user space like the download folder, desktop and Appdata\Local\Temp.

    TH
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I think most users use VS with the setting "automatically allow all software from the Program Files Folders". If an exploit dropped a payload into the Program Files Folders with any software that does not prevent applications from writing, or executing in Program Files it is possible for an infection. I would have had a test machine to do some malware testing since last week if Storage Craft would do their job, and sort out my license problem. I payed a fortune for Shadow Protect imaging software, and can't even use it. Their support is horrible now. I'm not sure what happened to them.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,998
    Location:
    .
    My settings here #5891 + Do not Whitelist AppData...checked. I have removed long standing check from Disable left clicking [..]. I think left click option does not apply to me. Allowing Whitelist of temp files seems counter intuitive to me as malware likes temp files. The "Do not" seems out of place in a sea of Automatically allow...
     
    Last edited: Feb 18, 2015
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    What was the result of you disabling automatically allow specific critical windows processes? Did you have any problems?
     
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,044
    Location:
    Ontario, Canada
    Well I don't think that is the entry point for an Exploit and it still has to execute and that happens in the User Space as far as I know. Dan will correct me if I'm wrong.

    TH
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.