VoodooShield/Cyberlock

Hey CET, how are you? I would have to look to tell you for sure, but from what I remember, the only regkey that VS 3.0 uses is for startup. VS 2.0 uses 2 regkeys for the CPN, but other than that, if you see anything in the registry related to VS, it was something that was created automatically by windows.

 

Do you mean the C++ and .net runtimes? Those are the tools that VS is created in, and so the frameworks / libraries needs to be installed on the machine. Although, for the .net, we use whatever is native to the machine. And the C++ is pretty common, and tiny.

 

Yes those.
Do you think would be better if system requirements on website mention those too?

 

Yeah, it would not hurt to post them on the website. The .net we probably can skip since it uses the native .net. But we might want to post the C++ one. I will browse around the internet to see if most developers post the runtimes and libraries or not. Thank you!

Hopefully Vlad or I did not miss anything, but if we did, please let us know!

 

Is Cuckoo sandbox still integrated or will this be replaced by Ai module ?

 

We will keep the Cuckoo Sandbox... mainly for the RDP feature, so that people can watch a file execute on a remote machine, and for the enterprise so that admins can review the results. In a way the RDP feature is kind of a novelty, but there have been 2 or so times that I found it to be extremely handy, but most users do not need this feature.

The Cuckoo Sandbox developers just released 2.0 RC1, with some really cool new features... when it is stable I will probably play around with it and probably upgrade our cuckoo server.

 

That's pretty cool @VoodooShield; Ai, RDP, VT and toggle - all in one app. That's pretty righteous...

 

When password protection is enabled & I select to disable left click option for VS icon, it also disables allowing/blocking alerts.
Is it possible to disable only left click action for VS icon but not allow/block alerts?

 

PrivaZer is probably deleting a file belonging to VS in the ProgramData Folder then.

 

Thank you, we appreciate that! If cuckoo sandbox did not take a little while to run, we could tie them all together into one auto decision, so we will have to leave that out for the auto decision. But obviously, the goal is to make it as easy as possible for the user to make the correct decision whether to run a file or not. So once VoodooAi is integrated and ironed out, we can work on the auto decision part... it will actually be pretty easy.

 

Hi Dan,
Solved.
Since disabling the " Automatically allow by parent process", which overcame the Sandboxie problem (thanks again @Dzp5t) VS now works fine with Shadow Defender.

 

This AI function looks great & helpful.
Is this going to be in the final version 3?
And is it available in the current beta?

 

It looks clear & attractive.
I like it especially the AI bar, is it your idea too?

 

Cool, thank you, that really helps a lot!

 

Great to hear, thank you! We do need to figure out the best way to be able to keep the Automatically allow by parent process option checked, but also make it optional to block SB processes or not... but that might be a little while before we get around to doing that.

 

VoodooAi should be in the next beta version!

 

Yay...roll on the next beta...can hardly wait...

 

Sounds good to me!

 

Great, looking forward..........

 

Thank you for the Welcome and for the heads up!

 

VS just keeps getting better and better! I love the new AI feature

 

Decided to scan as many .exe and .dll files as I could. VoodooAI detects every single lang.dll file of Ccleaner has suspicious. It's a false positive since Ccleaner is a safe application.

Can anyone else confirm whether it's reporting the files as suspicious for them as well?

 

Cool, thank you Baldrick, ProTruckDriver, yesnoo, SSherjj and Overkill!

 

Your Welcome Dan! LOL But very nice to hear Buddy!

Daniel

 

Yeah, they average around .6900 or so, which is not too far off from the safe limit of .5000, and as I have talked about many times on here, we need to tweak the limits.

Machine Learning / Ai with greyware is a very, very trick proposition, and it certainly is not perfect, but it is a PHENOMENAL tool for determining super clean files or super bad malware, ESPECIALLY for zero days and unknowns... this is where VoodooAi really excels. Basically, the 57 engine blacklist scan should take precedence over VoodooAi for files that are clearly safe or unsafe, but VoodooAi should still be used as a guideline in this scenario. However, when the file is too large to upload, or it is a zero day / unknown, then VoodooAi is truly indispensable.

On a side note, the installer for CCleaner received 1/57 on the blacklist scan... ironically for the google toolbar . Also, think about the number of times you see 4/57 on the blacklist scan... there is not a lot of consistency when it comes to malware analysis in general.

Having said that, I have compared it to many, many other traditional solutions, including those who use 1-12 or so scan engines, and VoodooAi did extremely well. I also scanned the 3 incorrectly identified files that were mentioned in the following link with VoodooAi and it was correct on 2 out of the 3! (the incorrect one was barely suspicious) That does not sound impressive until you realize that all of the developers utilizing Ai in their products struggle with the exact same obstacles. For example... in the following link they mention an old gateway driver from 2005... I am certain that VS would have a tough time with it as well .

https://blog.cylance.com/cylancepro...neration-antivirus-to-be-certified-by-av-test

And honestly, if Ai was perfect, there would not be the need for VoodooShield or any other security software at all... but you have seen how bad malware is these days, especially with ransomware... we have no choice but to lock our computer when they are at risk.

So until Ai is perfect (never), at least we have something that is extremely accurate in its own right, which is much better than no analysis at all, or duplicate blacklist scanners.