Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.
The Dan intended action of a setting are known only to Dan
BTW, when you double click to add the path, it only allows you to select a folder, not a file.
So, you're testing 200,000+ new malware a day....?
Were there more than 2 people that did not understand what that setting meant?
and nothing stops me from adding....c:\program files (x86)\google\update\googleupdate.exe
Believe me, if someone could bypass VS, everyone would know about it. Bypass it.
Yeah, good point, I will add an error handler, just in case someone does not read the heading "Custom Blocked Folders". So basically, if the path ends in an extension instead of a folder, VS will display a message box that says "The Custom Blocked Folders option is for Custom Blocked Folders only, not files. Please select a folder like it specifies above".
Well, then you've got a gold mine.... I'll run FREE .... as VS cannot be bypassed. Correct ? VS FREE cannot be bypassed. Correct ?
Cool, if you found a hole, please let me know! I will be extremely curious what finally bypassed VS!
Correct me if I'm wrong, but didn't WildbyDesign posted a way to bypass it?
I'm running the latest version on win 8.1 with Avira. All ok except rundll32 pop up. Can I just allow?
Hehehe, no, he was the closest though. His method involved copying the virus to a certain folder (I do not remember which one). I replied to him something like "well, you are close, now you just have to somehow get that file to that folder, then it is bypassed."
It depends on what it is, but in general yes. The best thing to do is to just put VS in training for a little while is use your programs heavily for 5 minutes or so. Be like... "I use this...I use this..." and click on every program you use. Then put it in smart mode or always on, then you are good to go. BTW, if you or Azure need a free Pro license, email me at firstname.lastname@example.org. Thank you!
Seriously, if anyone ever finds a security hole, please let me know!
What I do know is this... 80% of my local clients run VS, and they simply DO NOT get viruses anymore (essentially for the last almost 4 years.)
A very, very old version of VS had a hole where something snuck through (it was a simple bug in the code), and it affected one very angry user on here, although VS helped by minimizing the damage. And I had a client that had the exact one slip through. But that hole has been long patched. Other than that, VS has never been bypassed... if it had, believe me, we would be the first to know. We even did the VoodooShield Challenge to see if someone could bypass it. Someone might bypass VS at some point, but I do not think it will be anytime soon.
So out of my hundreds of local clients who run VS and the many thousands of VS customers around the world... VS has not been bypassed in at least 3 years (the only 2 exceptions are above, and that has been fixed). You should see the computers that have been running VS for 2-3 years... they look like brand new when I go to install a printer or whatever.
The reason VS is so effective is because it is a very tight lock, but even more importantly, it is simple and user-friendly enough for the average and computer novices to USE EFFECTIVELY. So when people doubt VS's effectiveness in the real world, I just laugh, and laugh because if they see what I see on a daily basis, they would have been a believer 2-3 years ago.
The last I knew, to get a representative sample, you need around 2,000 or so samples (customers). Well, we have a lot more customers than that, so it is proven mathematically.
BTW, we have talked about this before... I am not here to argue. If you want to joke, that is one thing, but if you are just trying to be a pain, I really do not have time for that. I am here because the guys at wilders and I have been working on VS together for close to 4 years. While it has been a lot of work for everyone, it has also been a lot of fun. If you want me to respond to your posts, please keep them intelligible, nice and make sense.
I am going to get something to eat. I cannot wait to see how you break VS! Thank you for trying (seriously)!
Emailed you, thanks.
I will find the exact pop up message for you. I've seen it somewhere before in these forums.
Hmmm, I did not get the email yet so please send it again. I will check it when I get back a little later. Thank you!
Ok sent it to Dan at Voodooshield this time. Hope you get it.
Found the pop up. It's on page 182. I'll try to get an image. Post 4529
Is this in regards to the feature you changed the description for. If it is then I don't anyone would have understood it because the description was not accurate until you changed it.
What is ES?
ADD A Lock To Your Computer makes more sense to me. I will try to think of a description to make the user associate the Lock with an AV.
I agree with you! I would like to see someone bypass VS via the Malware route never mind copying it to a Whitelisted area like Program Files or Windows do it from the user space like the download folder, desktop and Appdata\Local\Temp.
I think most users use VS with the setting "automatically allow all software from the Program Files Folders". If an exploit dropped a payload into the Program Files Folders with any software that does not prevent applications from writing, or executing in Program Files it is possible for an infection. I would have had a test machine to do some malware testing since last week if Storage Craft would do their job, and sort out my license problem. I payed a fortune for Shadow Protect imaging software, and can't even use it. Their support is horrible now. I'm not sure what happened to them.
My settings here #5891 + Do not Whitelist AppData...checked. I have removed long standing check from Disable left clicking [..]. I think left click option does not apply to me. Allowing Whitelist of temp files seems counter intuitive to me as malware likes temp files. The "Do not" seems out of place in a sea of Automatically allow...
What was the result of you disabling automatically allow specific critical windows processes? Did you have any problems?
Well I don't think that is the entry point for an Exploit and it still has to execute and that happens in the User Space as far as I know. Dan will correct me if I'm wrong.
Separate names with a comma.