VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, pretty much everything should be logged... can you give me a couple of examples of items that are not being logged? It will be an easy fix once I can see it not log something.
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you! It really is such a relief to have that behind us, it was an incredible burden on VS for so many reasons, and extremely expensive. That is how a lot of companies go bankrupt and disappear, but it looks like we made it out alive ;), and it really opens a lot of doors for us.
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great to hear, thank you!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I just realized something tonight that we should have done a long time ago... why don't we use a Tree View control so the user can easily change what is blocked and allowed?

    I am assuming that pretty much everything should be checked initially, and checked would mean block. And the user would uncheck the folders that they want to allow. Does that sound right? I have not thought it through, I just thought of this tonight while driving to Burger King to get Molly a hamburger ;).

    This would take the place of Custom Allowed (and Blocked) Folders as well, and I think there are some even cooler things we might be able to do with it once the KMD is finished.

    http://voodooshield.com/images/TV.png
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    I think that would be a great option to have.
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, I was just thinking, we could have 2 tree views, one for when VS is ON and one for when VS is OFF, that way the user can fine tune the heck out of what is blocked and what is not, and when it is and is not.
     
  7. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi Dan,
    Yes indeed - sounds good, and maybe 'the tree' could be greyed out in the 'Free version' as an incentive to purchase a license ?

    Gordon
     
  8. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,850
    I have found a detection loop with VS when trying to install a game that installs DirectX. VS will prompt when DirectX tries to install because it is a new temp file. It is detected as clean, so I hit Allow. The game attempts to install DirectX again, after several seconds, VS will pop up with the same alert, and the process repeats. The only solution appears to be to disable VS when installing a game that installs DirectX.
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly! Actually, I think it will have to be disabled by default and the user will have to enable it so they can select their folders and build the whitelist. Mainly because there is no use in enabling this feature if the user does not modify the folders... it would basically be doing nothing anyway, so there is no point in enabling it.

    It is going to take quite a bit of time to finish up, but I am off to a good start, here is a pic. Basically, when I get burned out on working on the KMD or other features, I am working on the new Custom Folders feature. Thank you!

    www.voodooshield.com/images/newcustomfolders.png
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know. What game is it? What were the paths that were blocked? Please keep in mind, whenever you are installing anything, VS should be OFF or disabled. If we can refine the blocks that you had then I certainly will, but really, VS should be OFF. Thank you!
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    I did, but with VS running it remains sluggish.
     
  12. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    Edge app keeps ticking itself back on, i have disabled it several times.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,156
    Location:
    Among the gum trees
    Are you clicking Save & Close after changing settings?
     
  14. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    pretty sure i am but ill get back to ya
     
  15. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    984
    I keep getting popups to cmd.exe with no explanation provided by Voodoo.

    Can anyone help? Many thanks.
     
  16. hjlbx

    hjlbx Guest

    Open the Developer Log... it can be found in C:\Program Data\VooDooShield.

    The cmd.exe block events should be listed as "Command Line Handler" - Block. There should also be a complete command line listed... but this is not always the case in the VS Developer Log.

    If there is a command line listed, can you post it\them for @VoodooShield ?

    Best Regards,

    HJLBX
     
  17. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    Confirmed, each time i restarts VS the app manager ticks Edge back on.
     
    Last edited: Aug 12, 2015
  18. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    984
    Thanks for the info. That seems like too many steps to determine if you should Allow or Block a cmd.exe file. Why can't the information be included in the pop up rather than going to the log file?
     
  19. hjlbx

    hjlbx Guest

    @VoodooShield

    You might want to take a look at this...

    @silver0066

    I agree 100 %. I have raised this very point... that there is currently no mechanism to view blocked events - and when one looks in the Developer Log sometimes the command line is recorded and listed while at other instances it is not...

    @VoodooShield is working on a solution... not sure if it will be quite the same level of detail as NVT ERP's Events log...

    Provide feedback to the developer...
     
    Last edited by a moderator: Aug 13, 2015
  20. l3l312

    l3l312 Registered Member

    Joined:
    Nov 11, 2014
    Posts:
    22
    On Ver 2.79beta. Win 7 64 bit

    Updated flash plugin for firefox. VS tagged installer (from adobe.com) as malicious with 53 engines detected as malware. This was in smart mode. But that's not the reason I'm posting. I hadn't upgraded since ver 2.22 final. I must say overall the program interface and prompts look very professional and pleasing to the eyes. Installed the flash plugin via VS local sandbox, no issues.

    Keep up the good work Dan.
    Best regards
    l3l312
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, sorry I have been away... I will catch up on the posts I missed soon. The new Custom Folders feature took a lot more time than I ever imagined. It is not quite perfect (there might be a small quirk or two that will not affect anything), but overall it is working great. Yeah, it took a lot of time, but the cool thing is, there are A LOT of things we can do with the new Custom Folder feature now that the foundation is in place, ESPECIALLY with VS's toggling.

    BTW, RIGHT CLICKING ON THE CUSTOM FOLDERS IS NOT FULLY IMPLEMENTED YET!!! Right click will work, but the options will are not activated yet. We have to wait until the mini filter kmd is ready, and that will be sooner than you think ;). I am hoping 2-3 weeks at the latest. But I wanted you guys to see what I had so far, and to see if you guys thought I was on the right track and see what suggestions you might have.

    The command lines should also be perfect now, if not, I will talk with hjlbx and silver0066 to figure it out (I see some suggestions above as well). They have been fixed for about a week or so, but then I started on the Custom Folders feature and never could get to a good stopping point. I just hope that nothing changed between now and then ;).

    Molly and I are going to take a break and go to the lake / park. I will check in later to see what you guys think so far. This version is pretty well tested and should be pretty darn stable. I just hope I did not forget anything little ;). Thank you, talk to you soon!

    http://voodooshield.com/images/cf.png

    https://voodooshield.com/Download/beta/InstallVoodooShieldbeta.exe
     
  22. hjlbx

    hjlbx Guest

    @VoodooShield

    I cannot thank you enough...

    The command line pane in the GUI has a GUI bug - hovering the mouse over the lines at the last CL in the list - I can expand that last empty slot in the list and enter text into it; not a big deal... just a GUI bug.

    I have my hands full over the next month, so I am not sure how much testing I can do. From a quick look it appears OK.

    One potential area of concern:

    Any conflicts between these settings in the Basic\Advanced Settings pane and the custom white-list?:

    Automatically allow files to run from Programs directory
    Automatically allow critical WIndows files to run
    Etc

    What if user keeps the above settings enabled, but then deactivates those entire directories - or individual files from those directories - within the Custom Whitelist in Utility
    Vice versa - disables the settings in Basic\Advanced Settings pane, but allows them in Custom Whitelist

    Suggestion: Enabling Custom Whitelist should automatically disable (gray out) certain settings in Basic\Advanced Settings pane of VS - to avoid "bad juju..." = big problems...

    Very Best Regards,

    HJLBX
     
  23. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    i like that VS will stay open now after saving settings!
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,756
    Location:
    Ontario, Canada
    Thanks Dan! Can you add Cyberfox to your list as I manually add it. https://cyberfox.8pecxstudios.com/ also can you change calendarofupdates.com to calendarofupdates.org also we have the Official VoodooShield Support Forum at the new COU!

    Thanks,

    Daniel :)
     
  25. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,537
    Location:
    South Wales, UK
    Hi Dan

    Great news! I have just installed v2.82 and everything appears to be fine but just one thing...I am a tad baffled (but then again with my advancing years that is not surprising) by the new customer folder functionality...I am presuming that under the tree structure 'When VoodooShield is ON' I just need to find the folders (and I can do the same to more then the 5 or 6 previously allowed) that I previously had to manually enter in the previously available 'Allow' fields, etc? And vice versa for those I want to specifically block, etc. And that the Program Files & Program Files(x86) folders not being checked is due to my having the 'Automatically allow all software from the Program Files folders' option under the Basic tab checked?

    Assuming that I am correct then I believe I have found a bugette or two; namely:

    1. If you Have the Program Files or Program Files (x86) folders unchecked and you decide to check one it bring up a prompt re. disabling the "Automatically all..." option I previously referred to, and if you click OK it does the job but return the user to the list with one of the other folders (at the same level as Program Files, etc.) exploded so that one sees the subfolder. I am assuming that this should not be happening.

    2. Also, when carrying out the above and further to replying OK to the re. disabling the "Automatically all..." option I previously referred to, I found that the folder 'ProgramData' was being included in the changes when I would have expected only Program Files & Program Files (x86) to be included.

    I appreciate that you have stated that "It is not quite perfect (there might be a small quirk or two that will not affect anything), but overall it is working great."...and it is a tour de force in my opinion...just thought I would highlight some of the small quirks I have found...to help you out in case you had not yet come across them.

    This app just gets better and better...I am just wonder as to when you will eventually run out of ideas...:D

    Regards, Baldrick
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.