VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. hjlbx

    hjlbx Guest

    @VladimirM

    v. 3.01 bet

    I have script that will bypass. Please send me a PM so I can get file to you.

    It appears User Space protection and Auto-Quarantine settings are boinked...
     
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Vald

    Am afraid that I am NOT seeing what Dzp5t and ghodgson are stating re. the custom folders...in terms of the installation here the Custom Folders option is staying resolutely BLANK/unavailable despite having been in and out of whitelist/userlog/command options...so as far as I am concerned...if I am not doing anything incorrect...there is a bug here.

    Also, just noticed that the Uninstall Voodooshield that was available under Start Menu > All Programs (am running Windows 10 64 bit) is no longer available...is that a feature or another bug/omission?

    Also, also, have noticed that the option to check/uncheck "Automatically allow Windows Store app installations" is greyed out/not available. Not sure if that is meant to be the case or not but thought I would mention it.

    Regards, Baldrick
     
  3. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi Dzp5t

    Am running Windows 10 64bit and what I am seeing is as follows even after going onto the folders mentioned:

    upload_2015-10-3_14-39-7.png

    I think that I will uninstall and then reinstall just in case it was a faulty install.

    Regards, Baldrick
     
  4. hjlbx

    hjlbx Guest

    They might not have completely uninstalled v. 3.0 beta; for the sake of thoroughness uninstall VS using Windows Programs and Features, then make sure to delete C:\ProgramData\VooDooShield. Reboot system before installing v. 3.01 beta.
     
  5. hjlbx

    hjlbx Guest

    Anyone who is irked to no end by the duplicate file entries in the White List editor can eliminate the problem by Resetting the Whitelist and deleting the User Log...

    Reset the Whitelist is in the upper right corner.

    VS will delete current Whitelist, take standard Snapshot, followed by Advanced Snapshot.

    Voila ! Should be no more duplicate file entries in White List...
     
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Thanks hjlbx

    But unfortunately no dice...cleared out \programdata\voodooshield\ as suggested, reinstalling afresh, going into in and out of whitelist/userlog/command options but I am still not seeing the Custom Folders option.

    I am afraid that this is a bug.

    @Vlad...let me know what you need in terms of logs and the like to try to track the issue down.

    Regards, Baldrick
     
  7. hjlbx

    hjlbx Guest

    Custom Folders is temporarily disabled in v. 3.01 by design...

    @VladimirM just briefly mentions it here: VoodooShield ?
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I also thought that was what Vlad was saying. Not sure why.
    Anyway I uninstalled VS using it's own uninstall (it is there for me in all Programs), cleared out Programdata, thankfully it worked), and done a clean install and gone with default settings. Clearing out programdata meant I had to re-register, thankfully that worked. Also saved my old whitelist just in case.
    But yes, Custom Folders is disabled, and Windows Store app installations option. So the above steps were not really necessary. But now I have a clean sheet! Win 7 64-bit.
     
  9. hjlbx

    hjlbx Guest

    Some users report that Custom Folders is still active with some odd behavior after uninstalling v. 3.0 beta and then reinstalling v. 3.1 beta. Could be artifacts left behind during uninstall... ProgramData, and perhaps even prefetch. I suggested clean install for the sake of thoroughness...
     
  10. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi hjlbx

    Thanks for clarifying...the report that Custom Folders option was available by going into in and out of whitelist/userlog/command options confused me somewhat. :oops:

    Regards, Baldrick
     
  11. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    That's weird. Can you please send me the developer log from C:\Program Data\VoodooShield\DeveloperLog.exe to admin@makarov.co
    It wasn't supposed to be fixed this release, but this task is added for the next 3.02 big release. Take in account, that 3.01 is just to fix some small things that I forgot to add to the original 3.00
    Probably it's an artifact from the previous installation. I'll check. Currently the custom folders feature is not well implemented and tested, so I prefer to disable it for now
     
  12. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    I hope I didn't miss something.
    I just wanted to thank all of you for you valuable inputs and comments, that will make the VoodooShield much more better!
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for finding that hjlbx, great job!!! Adam (the guy I have mentioned a few times on this thread, who discovered a few bugs in the past) found a similar (possibly the same) bypass, and emailed me about it as well. We will check into both to make sure they are both fixed.

    I have not read through all of the posts yet, but I just wanted to thank hjlbx for finding this.
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Oops, that is a bug of mine, thank you for finding that! We need to rework and update this feature anyway to make sure it is working properly with everything. Thank you, I am stepping away from the computer for now... even though I have not read all of the posts ;).
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    No worries, Dan...now get yourself gone and outta here...or we will set Vladimir onto you...:D

    But seriously, VS seems to be in good hands to relax a while...and try not to think up any more wonderful features to add in the future...:argh:

    Regards, Baldrick
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Like I said, this stuff is almost never seen in attacks on home users, but in-memory malware can work from inside the exploited process, like the browser. But I'm not sure if they can also inject code into other processes, without having to create a new process.

    Can you give some more info about this "bypass"? I assumed it was in-memory malware (from Metasploit), but I'm not so sure, because you're being very vague. What do you mean with hacking a PC without the use of malware?
     
  17. hjlbx

    hjlbx Guest

    You are quite welcome @VoodooShield .

    Purely a matter of luck... LOL... and I wouldn't be surprised if @VladimirM cannot precisely replicate issue on his specific system.

    That is simply how it goes many times when chasing down gremlins...

    Any how, it will be all right...
     
  18. hjlbx

    hjlbx Guest

    @VladimirM , @VoodooShield

    It's not the script.

    cmd.exe blocking by default is broken.

    It doesn't matter if launch cmd.exe via shell32 or direct launch of executable, VS is allowing cmd.exe to run without block\prompt or notification.

    It appears setting(s) and dependencies is\are boinked. I have not looked into it any further... messed with some settings that should definitely block cmd.exe. Can't get it to work...

    Should be easy fix.
     
  19. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    There was a decision to allow running cmd.exe and regedit.exe in case they were started without arguments. We could discuss with Dan about rightness of that decision.

    Offtop (for all) - I just got a free invite for OnePlus 2, but I don't need it. If someone want it - the first will get it
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    ...Hello Vlad, Am I too late to claim...?
     
  21. hjlbx

    hjlbx Guest

    Well that means you can disregard the script I sent ... since if cmd.exe is allowed by default, the script will run !

    I just took it for granted the VS black-lists cmd.exe by default...

    So, in short... THERE IS NO VS BYPASS !!! Hee, hee....
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I have been following the discussion of the launch of v3, but I can't join in because I must be the only member at Wilders that is still running XP for VS.
     
  23. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    running "cmd.exe /c <script>" should block it. But without seeing a script I cannot tell you what's wrong there...

    I never told that VS cannot be bypassed (everything can be). My job is to make it harder...
     
  24. hjlbx

    hjlbx Guest

    You misunderstand what I am saying. I said I found script that can bypass VS. Problem is not that VS is vulnerable to script, but rather fact that cmd.exe is temporarily allowed by default in 3.01 beta.

    So, in short, I made a mis-statement that VS had been bypassed by script.

    Am I explaining that correctly ?
     
  25. VladimirM

    VladimirM Developer

    Joined:
    Sep 16, 2015
    Posts:
    153
    Location:
    Jerusalem, Israel
    Currently VS doesn't seems to support XP, because the driver uses an API that supported starting Vista SP1. I'm trying right now to setup XP to check it and will let you know. But currently XP is not officially supported.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.