VoodooShield/Cyberlock

Thank you Baldrick, I appreciate that . It truly had the time of my life working on VS and interacting with you guys. There were tremendous obstacles and challenges, but it was incredibly fun and exciting at the same time. Thank you for all of your help!!!

 

No comment from the peanut gallery . I will not be discussing this topic anymore on wilders. I apologize if I offended anyone... things did get a little out of hand. If someone does eventually post a PoC that actually works, please PM me and I will check it out. I will then post on their blog one of 2 things. Either "great job... I KNEW there was something". Or I will post something that resembles my reply from the blog that you listed above.

 

Thank you, I appreciate that! VS 3.0 is ready, but Vlad still has to see what it is going to take to make it work with XP. Sorry about that, I hope he will be able to make it work very soon.

 

Hi schmidthouse, welcome to the VoodooShield? thread! Thank you for your compliment!

 

VS 3.0 is ready and Vlad will be posting it very soon (within the next 12-24 hours)... Vista and above for now. Can someone please take it for a good test drive with Sandboxie? I am not all that familiar with Sandboxie, but it should work great with it. Thank you!

 

@VoodooShield

Got it...

 

Hi Dan

Will most certainly give V3.0 a good going over and report back here anything untoward or the like...you know us...we like a good beta...especially for one of our most favouritest security apps...

Have a good rest and hope to hear back from you sooner rather than later.

Regards, Baldrick

 

VoodooShield 3.00 Beta Release
Hello, I'm glad to announce that the first 3.00 Beta version of VoodooShield is ready and available for downloading and trying.
You can download it from https://voodooshield.com/Download/beta3/InstallVoodooShield.exe
It's recommended to turn off or uninstall any old versions of VoodooShield prior to installing the new version.

System requirements:

• Windows Vista sp1 and above (XP wasn't tested!)
• .NET 2.0/3.5 and above

What's new in VoodooShield 3.00 Beta:

• AppCertDlls mechanism was replaced by Kernel mini-filter driver + service
• Improved logic of the new process handling. Fixed many bugs there, especially in handling command lines and approving by parent process
• Version update flow was changed
• Installer improvement - no more internet connection is needed for downloading VC++ runtime and .NET.
• No any additional .NET installation is required
• Bugs were fixed

There are still some features missing in the first beta, but they will be implemented in future versions.
I will be available for the next 3-4 days for your questions or comments regarding 3.00 Beta functionality/issues/bugs and will be happy to get some feedback.

Have a good day,
Vladimir

 

Shalom Vladimir

Many thank for the release. I will get this installed on both my 64 bit & 32 but versions of Windows 10...and give it an initial run. If we find any issues how would you like them reported back to you? Via this thread or by some other means, etc.?

Regards, Baldrick

 

@VladimirM Welcome to Wilders. Congratulations on all of your hard work!
Lots of exciting changes to explore.

 

Hello, Baldrick

You can report by one of the following ways:

• Fill bug report http://goo.gl/forms/udIYrtXd5Y
• PM me or Dan
• here in thread

Thanks for your contribution

 

Thank you!
There will be even more changes in the near future.
Stay tuned!

 

Installed fine in my VMware Player with Windows 7 32-bit SP1.
2 processes running with 30-45 MB of memory consumption (Private Working Set).

GUI looks and feels the same as in v2-ok.
Registration and snapshot both went fine.
Executed one malware sample....it was auto-blocked due to the high VT detection ratio-ok.
Clicked on baloon message and selected Quarantine-ok.
Restored, executed again, selected local Sandbox, malware crashed-ok.
Executed again, selected Cuckoo Sandbox-it takes forever to finish the analysis.

So far, so good....Cuckoo sandbox feature needs to be tested more....

 

Thank you for the valuable input!

Cuckoo indeed is planed to be fixed (maybe partially rewritten) in one of the next releases

 

Questions:
1. What happens when we select Local Sandbox? It looks like the file is executed but nothing shows on screen....
2. Should Local Sandbox work like Sandboxie, Comodo's sandbox or ...?
3. Are you planning to make an option in VS GUI called "Sandbox" that would show all processes running inside?

 

Hi Vladimir

Many thanks for the response. One other initial question if I may? Can one import & use, with v3.0, a config set created & exported under v2.86? Or does one have to start one's configuration process from scratch?

Regards, Baldrick

 

+1

 

Do you mean the settings and whitelists? Their format wasn't changed, so it should work fine with VS 3.0. Currently installing VS 3.0 doesn't erase those files, so there shoukd not be an issue with the settings import

 

FYI....
Chrome was still on v42 in my VM and I went to update it internally.
During Chrome restart, VS alerted me about it (Smart mode).
I allowed it and it was successfully updated.

Should installer file be whitelisted? It is digitally signed.

 

i still didn't get a chance to work on a sandbox part, so it's better to ask Dan about implementation. Or I could check and back to you later

Sandbox GUI is not planned for now AFAIK

 

Seems like a bug. can you PM me more information (used exe, command line, VS mode, etc ) and I'll take a look

 

Hi Valdimir

Those are precisely what I was referring to...albeit by the incorrect terms...so apologies for that.

Indeed, I have tried one approach and even after uninstalling v2.86 and clean installing v3.0 the information is retained. Next I will try a really clean install (a la Triple Helix ) by also deleting the Voodooshield folder in \programdata\, and then try an import of the saved settings & whitelist.

But so far everything is running fine here under Win10 64 bit...now off to try it out under Win10 32 bit.

Regards, Baldrick

 

Yes it should be, I will check, can you email me the log from C:\Program Data\Voodooshield\DeveloperLog.log to admin@makarov.co
thanks in advance

 

Thanks a lot. I will check and let you know

 

There is a plan to add "clear settings" option to installer/uninstaller, so in future nobody will need to manually delete them