VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, I think 2.78 should be working perfectly, if not, please let me know! If you continue to have problems, you might want to delete all of the .dat files in c:\programdata\voodooshield, and start from scratch. Sorry it took so long to fix this one... I never could reproduce it until you sent me the detailed description. That, and I installed the 64 bit version of PeaZip... from what I remember, I could never get the 32bit version to mess up. Thank you!
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I am in the my VS snapshot, but I have shutdown VS for the time being due to my rundll.exe and CPU usage problem....But, have been updating a few beta versions of other software, and being monitored by SpyShelter.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I don't know if this is allowed, but this the current state of rules with SpyShelter, recently. I am not sure what it all means, but it seems OK.

    ScreenShot_SpyShelter_rules made_01.gif
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, keep in mind that VS still protects the entire user space when it toggles to OFF... basically it kind of does a Scan & Allow when it toggles to OFF.

    I added the rundll32 command lines over a year ago... I went through ALL of the control panel functions and a lot of the windows management type stuff and hardwired most of them. I think we have over 100 or more hardwired in. But there will still be some that have to be manually allowed by clicking Allow when VS blocks them... especially on certain hardware as you mentioned. It is pretty important that we hardwire and automatically allow as much of these as we can since this is one of the main attack vectors that a lot of the modern malware uses... and it is difficult for most people to know whether they should allow the command line or not, especially since there is no blacklist scan. Maybe we can implement some kind of cloud based feature for rundll32 in the future.

    You said "In fact, I am befuddled as to exactly why the vast majority of users cannot grasp that an anti-executable (and virtualization) are the only logical solutions to malware these days." Obviously, I could not agree more... that is what VS is all about ;). Just over 4 years ago I realized that it is absolutely necessary to lock our computers while a web app is running... and I am even more convinced now that at least for the foreseeable future, we have to lock our computers if we are serious about not becoming infected. Some people want to lock their computer all of the time... and I can completely understand and appreciate that, especially if they are advanced users. But I think for the less advanced users, it is absolutely vital to safely allow as many of the good items without prompting them, otherwise they become numb to the prompt and just click Allow. Thank you!
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am all ears, so what do you have in mind ;). Thank you!
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is odd. Let me see if I can reproduce that. Thank you!
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you guys!
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly... the hash is changing. There is no safe way around that because malware would then be able to spoof legitimate updates. The 3 weeks training just disables the auto allow of Program Files and specific critical windows folders... just to lock the computer down even more. It really is not necessary, I just added it because some non-wilders people were complaining about how VS auto allows this stuff... even though most security software does as well, but they just do not have the option to enable or disable it. Thank you guys!
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Thanks Dan getting it installed now!

    Daniel :)
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not sure sure what you mean... maybe someone who is familiar with SpyShelter can help. Time for dinner, have a great night!
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
     
  13. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    The fact that I posted the screenshot. That is what I was concerned about...If I was wrong to post it.
     
  14. hjlbx

    hjlbx Guest

    BUG

    W8.1 x86-64

    v. 2.78beta

    All vulnerable processes\interpreters can be executed and run despite being black-listed !!!

    MALWARE PERMITTED TO RUN in both Smart and Always ON modes !!!!!!

    See PM for all VS Program Data items...
     
    Last edited by a moderator: Jul 21, 2015
  15. hjlbx

    hjlbx Guest

    BUG

    W8.1 x86-64

    v. 2.78beta

    Quarantine item list is "grayed-out" and empty.
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It is working on my end, is anyone else having a problem? I think you just need to exit out of VS and delete all of the .dat files in c:\programdata\voodooshield. And possibly reboot the computer.
     
  17. hjlbx

    hjlbx Guest

    Deleting VS .dat files completely disables Pro license; cannot reactivate Pro version.

    VS.PNG
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, it resets everything. I was suspecting for a while that you were having some kind of sqlite database corruption, that is why I suggested that if something was not working right, you might try to delete all of the .dat files and start over. The main reason I suspected that is because the rundll32 command lines were not working correctly for you, but they have been working great for at least a year now. It is very uncommon, but once in a while, users who upgrade and use VS a lot sometimes have issues with database corruption and we have to reset it. It used to happen quite a bit, after we implemented sqlite initially, but since then we have worked out most or all of the bugs.

    Anyway, if you do not know your account information, shoot me an email and I can look it up for you, or if you know the email address you used for your account, you can do it here:

    https://voodooshield.com/Account/ForgotPassword/
     
  19. hjlbx

    hjlbx Guest

    I know my user data, but VS will not reactivate Pro license. Keeps returning error message posted earlier. When close VS get "Database missing" error message.
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ok, completely exit out of VS and make sure it is not running in the task manager. Then delete all of the .dat files, then restart VS... or better yet, restart the computer. If for some reason that fails, just uninstall VS, then delete all of the .dat and .log files, then reinstall VS and reboot.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    @hjlbx, Yeah that makes sense. Ta!

    @VoodooShield ,

    I've installed v2.78 over 2.75, everything seems to be working fine. I haven't tried the new sandbox yet so can't comment on it. :thumb:

    Thanks.
     
  22. Cyrano2

    Cyrano2 Registered Member

    Joined:
    Mar 19, 2010
    Posts:
    131
    Location:
    Spain
    @VoodooShield

    When I was talking about "Custom read-only folders" I was thinking on a more granular control on permissions for folders. Like another program I use, Secure Folders. With it, you can "lock down" a folder (you can't even enter), make it "read-only" (you can view its contents), "no-execution" or "hidden". All with a white list of allowed programs.

    I really know that all this is a different point of view of security, but it really gives you a lot of control of what you want to protect and not (thinking on ransomware).

    Anyway, keep up with your efforts. You're making something different here ;).
     
  23. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi DAn

    Late to the party as usual...LOL. I will be getting this little beauty installed on both Win7 & Win8 system shortly and will certainly feedback if I come across any anomalies...time for you to put those never settling feet of your up...and to open a beer. ;)

    Regards, Baldrick
     
  24. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Thanks for the new beta Dan.
    I've installed ver 2.78 beta over the top and it's running smoothly so far.
     
  25. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    As I can see you are using XP...so why another HIPS in system (SSM)? You probably have temporary rules also (updates)...you can use command "cleanup rules" to remove non-existent entries from the list.
    BTW - for me you have in background - MBAE, WSA, KPCD and perhaps SSM...it is not to much?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.