VoodooShield/Cyberlock

Thank you for letting me know... I think this is fixed, but can you please send me your DeveloperLog.log from the C:\ProgramData\VoodooShield folder just in case (support@voodooshield.com)? Thank you!

 

I think I know what you mean... do you mean the Windows Store apps? If so, I believe they are in Windows Protected Folders, so if that is the case, there really is no reason to block them since malware cannot write to these folders anyway. Either way, please let me know and we will figure it out. Thank you!

 

Cool, thank you for letting me know. Did uninstalling and reinstalling fix the issue?

 

@VoodooShield

Would you please elaborate a bit further ? How is this connected to setting: Temporarily allow by publisher \ digital signature until reactivation."

Thanks,

HJLBX

 

Cool, thank you for letting me know. Yeah, the best thing to do is to put VS in Disable / Install Mode or Training whenever you install new software. Then again, I think every security software would recommend disabling all security software when installing new software.

 

@VoodooShield

If user chooses VS settings that block Windows apps, then VS will block Windows apps. No problem.

Problem is that for users that do not know any better, within the Windows app itself, the user has no idea that VS just blocked the app - since Windows apps do not close when blocked by VS - nor does VS block take user automatically back to desktop to see VS block notification.

In other words, VS alerts do not remain "On-Top" when using Windows Apps; VS block is hidden.

Toast or audible alert would let user know VS has blocked Windows App.

Am I explaining clearly?

Best Regards,

HJLBX

 

The service does not need to be shut down, just the GUI. If you are still having problems, please let me know, thank you!

 

Cool, yeah, we can develop this a little more in the future, especially after we implement the mini-filter driver because then VS will be able to detect all files, not just executables. Thank you!

 

Well, I doubt we ever implement a Once / Permanent feature, mainly because the whole point of VS is that malicious code should never be allowed to run on a system, not even once. Is there an advantage to only temporarily allowing something? If so, then we can add that... I have just never seen the point in doing so, and we want to keep things as simple and user-friendly as possible for less advanced users.

As far as blacklisting goes, I am planning on adding that sometime soon. Thank you!

 

Cool, thank you!

 

I just set all of my settings to how you have yours, and it is logging properly. Are there certain files that are not working correctly?

 

Sure... VS never automatically allows by digital signature on the initial block, mainly because there are too many forged digital signatures now days. But if VS blocks something that has a digital signature, VS will read the digital signature and temporarily allow that digital signature, mainly so it can automatically allow the child processes by digital signature. Then after VS goes to sleep (deactivated), the temporary digital signature is cleared. Or, if a new item is blocked with a different digital signature, VS will allow child processes of the new digital signature, but not the old one. I hope this makes sense, but if not, please let me know!

 

Yeah, I see what you mean. If the Windows Store apps are all installed to a Windows Protected Folder, then we should not block them either way, right? Or should we? Thank you!

 

Cool, thank you Gordon!

 

Cool, thanks for letting me know! Yeah, as soon as we are sure that they work well together, I will add it to the Web Apps tab. Please let me know when they are working perfectly together and I will add it. Thank you!

 

Thank you Baldrick!

 

Sure, thank you colorado13! The goal was to have a fully functioning version of VS with Windows 10 the day that 10 came out. I think I finished and uploaded it at 11:57pm, so we had 3 minutes to spare . There are a couple of small things I need to change and add for 10, but overall it is working extremely well with 10... I think better than any of the other OS's.

 

Sorry, I was not suggesting that the publisher of the digital signature changes. I was saying that, for example, if someone is installing Microsoft Office, the current temporarily allowed digital signature is Microsoft. So if someone installs another MS product right after they install Office, it would be allowed (not that this would happen that often... this feature is meant for child processes of the initial file that was allowed). But after the user installs Office, say they install Firefox... then the temporary digital signature is no longer Microsoft, it is Mozilla.

Yeah, I agree, blanket allow policy by publisher can be dangerous in my opinion. The initial process should be blocked, but when the user allows this initial process, then all of the child processes with matching digital signatures should be allowed... temporarily, not permanently (like added to a digital signature whitelist).

 

Cool, please send it and I will take a look.

 

Actually, I just tested this and I see what you mean. There is a bug when "Automatically allow specific critical Windows processes" is unchecked. I will fix this asap, but really, do we even need that as an option?

 

Thank you guys for all of the congratulations, I really appreciate it! I hope to be posting some more good news very soon .

BTW, I see a couple of people might need a VS Pro license, if so, please email me at support@voodooshield.com and I will set that up for you.

 

@VoodooShield

Next wide-open frontier for malware authors is malicious Windows apps and browser extensions...

For maximum system lock-down, please keep VS setting that allows user to choose to block or allow I block all Windows app installs by default... then again, I use only pre-installed Microsoft apps and never install anything else.

Best Regards,

HJLBX

 

Dan,
On my Win10 machine I keep seeing the Mail app keeping VS in an On state. How do I stop the Mail app running and keeping VS on?
Thanks.

 

I will see what I can do... the Windows Store Apps are quite different from other standard executable files. And I just checked, it is EXTREMELY locked down, even more so than the standard Windows Protected Folders. But either way, I will check it out. Thank you!

 

@VoodooShield

I think it is needed... since VS allows "critical files" by System directory (path). Is that not correct ?

System32 and System64 are not protected folders by default in Windows OS.

A lot of Microsoft files are not digitally signed. Plus, digital signatures can be stolen and counterfeited.

So all of these facts combine to create one big potential infection...

What do you think?

HJLBX