VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    The Windows folders that VS allows are windows protected folders, and VS's Anti-Exploit should take care of the exploits... So what comes first, the chicken or the egg?

    Sorry, but this topic has been discussed WAY to many times for me to want to start another conversation about it. I will say this... AFAIK, this is a common feature among software that is similar to VS, but for some reason I am constantly asked this question. I would be curious how other software vendors reply to this question, if anyone knows, please let me know!

    VS protects the user space even when it is OFF (In Smart and Always ON mode)... so non-whitelisted files will not execute if they are in the user space when VS is OFF (Smart or Always ON).

    Cool, your license is good to go, thank you!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    You guys will get a kick out of this. I just received a phone call from one of the "Microsoft Tech Support" scammers that told me my computer was infected. I was really excited because my clients always get these calls, but it was my first one. Anyway, so I asked him how he knew my computer was infected, and he said that they knew because the virus was highly prevalent in my area. Anyway, I played dumb and messed with him some more. Then I told him that I was the guy who started VoodooShield, and that I knew what he was doing was a scam. And he laughed at me and said, "yeah, right, you are the guy that started VS... whatever." And I was like "really, I promise." Anyway, I was just happy that he had heard of us ;). I hope he reads this, if so, please feel free to post something!!! Anyway, have a great weekend everyone, I will talk to you soon!
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,374
    Location:
    Among the gum trees
    It was me! :shifty:

    But seriously, I get them all the time. I've told them in the past that I'm a malware creator and if they wanted I could send him some worms. They usually hang up after this. :D
     
  4. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    There are few nice YT videos with scammers....I always enjoy watching them...
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
    Not sure if it's worth reporting in view of upcoming version 3, but oddly after installing 2.86b, the desktop shortcut doesn't work (permissions?), and I don't see the added web apps (Cyberfox, etc.). Maybe it's just my setup, but I tried installing twice with same result.
    Edit: I think the first issue may be something on my laptop, but it is strange that the 4 extra web app entries don't show?
     
    Last edited: Sep 5, 2015
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,603
    Location:
    South Wales, UK
    Hi Dan

    What you say is interesting...but to be honest I set VS to Scan & Allow and I have not moved off that since it first appeared...IMHO it provides the best balance between usability & protection.

    Regards, Baldrick
     
  7. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
  8. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    84
    Location:
    UK
    See post 7731
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,374
    Location:
    Among the gum trees
    Can't you manually add them until v3 is released?
     
  10. TNO_sec

    TNO_sec Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    47
    @VoodooShield
    This is interesting. Your replies make sense and I actually have a hard time thinking of any realistic way to bypass VoodooShield. Seems like the program provides what I consider “above AV security”, comparable to the HIPS I normally use. The difference? VoodooShield is so ease to use that I can recommend it to others. That's significant!

    VoodooShield Anti-Exploit? That's something I have not found any information about on your site or elsewhere. Do you mean that it will stop the exploitation by preventing the payload from executing? Or is it literally an anti-exploit comparable to Microsoft EMET and Malwarebytes Anti-Exploit?

    I understand you get the same questions a lot. Perhaps they should be added to your FAQ, or to some technical document. I only ask these questions because I could not find the answers on your website, and I fully understand that it can be annoying to keep repeating oneself. But if the information is already out there I'd love to get a link, because I have not been able to find it myself.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,603
    Location:
    South Wales, UK
    Hi TNO sec

    Did you happen to see the following in the FAQ section of the VS website? I am wondering if it may go some way to answering your question about VS Anti-Exploit:

    "But what about exploits? (The most common FAQ)
    Think of exploits as a pathway for a virus. When the malicious code spawns a process, it is killed. Here is an example of VoodooShield protecting a computer against a particularly bad exploit. http://www.youtube.com/watch?v=RInvpez9-OE&feature=youtube"

    Regards, Baldrick
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
    In Smart Mode, if I run any portable .exe from my C:/PortableApps.com/PortableApps/ the pop-up shows e.g. 0/57 in VirusTotal, with the option to 'Block', 'Sandbox' or 'Install'. Shouldn't the Install rather be 'Allow'?
    Or is there something I should change in settings?
     
  14. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,603
    Location:
    South Wales, UK
    Hi paulderdash

    I get the same with my portable apps...but as I run permanently in Scan mode I only get notified when VS needs to highlight that there is a possible query back from VirusTotal...but in all such cases it is a case of looking at a number of factors such as to whether the item is digitally signed or not, do you know or expect the item to be running or attempting to 'install', etc.? If the answer is that you know/where expecting the item concerned, you trust the supplier, etc., then click on 'Install' which if effectively the same as 'Allow' in this circumstance. That is what I do...quite happily. :)

    Regards, Baldrick
     
  15. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    Hi, @VoodooShield
    I have not read all the posts in this thread, and I apologize if my problem in the following has already been answered.
    My problem is about rundll32.
    In version 2.75, the default settings will blacklist rundll32.exe when VS is ON.
    And I have not found any default command-line whitelist items for allowing rundll32 to carry out some operations essential for the system.
    So I hope to know how VS ensure that the system will not be interrupted after rundll32.exe is blacklisted.
     
  16. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    Hi, I've been trying to install VoodooShield on my desktop, but I can't download the needed files...
    Capture0.PNG
    Capture.PNG
    I even turned off my firewall and tried to get a connection, but no joy.. any workarounds that I could try?? cheers..

    downloaded files from Microsoft....s'all good..
     
    Last edited: Sep 12, 2015
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,374
    Location:
    Among the gum trees
    The first thing I would try is a restart. It may not help but it can't hurt.
     
  18. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    The poster said they already downloaded the files from Microsoft. They was just reporting the issue to VS.
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey everyone... VS 3.0 beta is almost ready! Our new developer, Vlad is going to be joining our discussion here, that way you can give him feedback directly, and I will be around as well.

    When I get a chance, I will reply to any posts that I missed, but I just wanted to let you guys know that we are close! Thank you, talk to you soon!
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,072
    Location:
    Ontario, Canada
    Awesome Buddy glad to have Vlad aboard!

    Cheers,

    Daniel :)
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,374
    Location:
    Among the gum trees
    Here's one you may of overlooked.
    https://www.wilderssecurity.com/threads/voodooshield.313706/page-309#post-2521913
    Never mind, I'm getting by without VS for now.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
  24. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,603
    Location:
    South Wales, UK
    Hi Dan

    Excellent news...just please ask Vlad to be gentle with us (his reputation precedes him...:argh:)

    No seriously...that is seriously good news.

    Regards, Baldrick
     
  25. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    Hi there
    I develop VoodooShield 3.0 beta for now.
    If you have any feedback or questions regarding that, I'll be glad to hear it and will try to help
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.