VoodooShield/Cyberlock

Baldrick,

I tried on AutoPilot Mode so no cmd, etc... alerts.

And I too tried to reproduce but couldn't.

 

Hi yesnoo

Yes, was running on Autopilot...but am still getting the command lines popping up.

 

Yeah, I think you were using 2.86 for a while, right? If so, you will probably need to exit out of VS and delete all of the .dat files in the C:\ProgramData\VoodooShield directory... this will reset everything, but it should fix this issue. Thank you!

 

Hey Baldrick... yeah, I made some changes to the csript and wscript code... I might have messed something up. Let me ask you this... does it continue to happen, or where there just 2-4 blocks / prompts (and now none)? If it continues to happen, it is definitely something we need to fix, but if there were 2-4 or so legitimate command lines that needed to be whitelisted, now that the csript and wscript code is in better shape, then I would not want to change anything and mess it up. Thank you!

 

Hi Dan

Thanks for the explanation...as far as I can tell it has been a case of the "just 2-4 blocks / prompts (and now none)" but I will give it some additional wellie and will shout if it reappears...so for now don't change anything.

Regards, Baldrick

 

Is this have any effect on Voodoo Shield?

 

Cool, thank you for letting me know, please keep me posted!

 

Cool, thank you! I am certain everything will be fine... VS does have its own scanning engine, it has VoodoAi, and I am more than happy to share it. It is pretty darn accurate now, just wait 3-6 months from now, it is going to be even better. I think adding a malware classifier that specializes in zero day and unknown malware would be a benefit to everyone. As I was saying before... for files less than a week old (or whatever), if VoodooAi has a high scored probability, we could put that file "on probation" (or whatever), until the traditional blacklist engines have time to do their thing, or maybe they can move that file up in the queue and give it a little extra attention. Just a thought!

 

Here are the VoodooAi results for the last few weeks (I think since we started the last few crazy weeks of beta testing).

http://voodooshield.com/artwork/VoodooAiResults.xlsx

It truly amazes me how accurate it is. I think a few wilders users have really taken it for a test drive... if so, please let us know what you think!

Also, we need to find some more zero days and unknowns to throw at it... that is when it is seriously accurate. Thank you!

Edit: BTW, believe me when I say this, no matter what happens, VS will be just fine.

 

But there will be some changes to VS or..?

 

I am finding some major issues with the current beta.

At the moment it has started to block some installers from running again. They are blocked from launching with no prompts.

If I go to the User Logs section in VS there are some very serious issues. Every two seconds the log window is updated, and it shows that a process has just been allowed. This is happening continuously without ever stopping. To make it clear, the system is idle while I have the logs showing, so there is actually nothing happening for VS to allow. Not only that, some of the processes shown as being allowed belong to software that I have uninstalled some time ago (as long as three months ago), and don't actually exist on my system at the moment.



A third issue is that Autopilot modes gives a lot more prompts than Scan & Allow did, which is causing some issues. Sometimes when I'm installing software and VS issues a prompt for some action, before I have made a choice to allow or block what's going on, the installer thinks that the action has failed, and either the install fails (and I need to run the installer again), or it gives me the option to retry the action. For example, maybe the installer needs to register a dll file. With older versions of VS, this would be allowed with no prompts. However with the current versions, VS intercepts this and asks if I want to allow it or not. The installer is not waiting for me to choose an action, but instead straight away assumes that it was unable to register the dll file.

I know a solution to the third issue is to set VS to Disable / Install mode. However, it didn't need to do this with older beta versions, and it an annoyance to do so, as I install new software every day.

 

Voodoo Shield,

I always try VS on a clean snapshot with Rollback Rx.

 

Roger,

May be you need to remove old .dat files Dev mentioned to me above.

 

I am little confused. To be clear ---

I run HDSentinel Portable ---

Always ON Mode - I get cmd alerts...this is correct & how Always ON Mode works, right?
AutoPilot Mode - I dont get those cmd alerts...this is correct & how AutoPilot Mode works, right?

 

I am no longer seeing the cmd alerts with HDS whether I am in Autopilot or Always On mode.

 

Check Command Lines in the GUI. Guess its allowed & added there if you allow on the alerts. May be thats why no alerts again?

 

Nope...have checked and all I have 'allowed' re. HDS is the following:

cscript //nologo "c:\users\xxxxxxxxx\appdata\roaming\hard disk sentinel\hds_control_remove.vbs"

 

You mean there is no entry in Command Line mentioning hds_control_remove.vbs?

When I tried an entry was there. Will try after an hour or so & check & update here.

 

Hi Roger... I really think all of this is caused by VS not being able to write to the C:\ProgramData\VoodooShield folder. I have looked into how to fix this, and it is not going to be quite as straightforward as I was hoping. Probably the best thing to do is to uninstall VS, then remove the C:\ProgramData\VoodooShield folder completely, then reboot and install the latest version. I am thinking that something is changing the permissions on this folder, so we need to figure out what is going on. I know cryptoprevent and VS had a conflict similar to this, so maybe we just need to figure out what is causing this.

 

I really am not sure what all is going to happen, but I will let you guys know asap!

 

You give Voodoo Ai to VT and they give to you VT score

 

I really am not sure what all is going to happen, but I will let you guys know asap!

All great points, thank you! I have tested and compared VoodooAi (with its current 3 algorithms / models) extensively, and it will do extremely well in testing.

 

Cool, thank you for letting me know! This does remove the C:\ProgramData\VoodooShield folder as well, right?

 

Actually, it is funny that you mention HDSentinel... that is one of the apps that helped me fix the command line / cscript / wscript stuff... so it should be working great. Although, I was not running the portable version (I was running the full version), I can test that as well though. There should be an allowed cscript entry in VS's command lines, and it should be working just right, but if not, please let me know!

 

Yeah, that's the one Baldrick, thank you! Is it working correctly for you?