VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you for letting me know!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    400 endpoints I meant to say... there is no way I could keep up with 400 clients and VS at the same time ;). Either way, thank you!

    BTW, I visited a client of mine today, and before today they only had 1 of their 10 computers running VS. One was hit with some ransomware yesterday, so now I guess you could say 410 endpoints ;). They are also going to install Webroot on all 10 computers as well.
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great to hear, thank you for letting me know!
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,540
    Location:
    South Wales, UK
    Sweet...VS & WSA...:):thumb:
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, I think that is what is going on too... either way, if it acts goofy, please let me know! Thank you Baldrick!
     
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,540
    Location:
    South Wales, UK
    Ditto here...no issues in relation to CyberFox.

    Baldrick
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, that command line is a toughy... it is even hardwired in... I am not sure why it is doing that. Thank you for letting me know!
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sure, thank you... either way it will be super easy, but I just want to do what makes the most sense to everyone.
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you TH and Baldrick for testing Cyberfox... it must be a plugin or something that is causing the problem, hopefully we will hear from him soon. I will say, if a plugin is spawning powershell, that is probably not the best idea ;).
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, most of them run the old WSA / VS combo that TH discovered like 4+ years ago ;). I still have some clients who would rather not run VS, so I do not push them to do so ;).

    This one client of mine, I will not mention his name... but anyway, Mark got like 4 viruses in a row, pretty much 3 months apart each time. The first couple of times he was infected, I told him about VS, but he did not have any interest in trying it. The third time he was infected, I said "you know, there is something that might be able to help you with this problem." And he told me that if it happened again that he would install VS. So the forth time he was infected, he told me to install VS, and after he saw how it worked, I could tell immediately that he liked the idea. Then a few months later, I had to do some other work for him, so when I first got to his office, the first thing he said to me was "Dan, I love VS."
     
    Last edited: May 19, 2016
  11. Crystal_Lake_Camper

    Crystal_Lake_Camper Registered Member

    Joined:
    Mar 20, 2016
    Posts:
    98
    and he is not the only one who loves VS Dan ;) just wanted to install some mod packs for GTA San Andreas from a site , as soon as the extraction process started and install began : VS started to pop up like crazy detecting all kinds of crap ;) now thats some raw tallent for ya :p
     
  12. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    VS 3.19 runs smooth.

    Should I install new beta over old one? Update check in 3.18 didn't show there was a new version. Is there internal updater in VS?
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    VoodooShield 3.19 running smooth as well
     
  14. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    565
    Location:
    U.S. Citizen
    Post: #10133
    ON the second part below: Interesting,about the ransomware, did your client have VS install? And did it lock the files, documents and pictures ect..?
    And what Windows OS is the client using?:eek:


    "Solarlynx said:

    400 clients - great statistics! I guess VS is in "Smart Mode" for your clients, isn't it?
    400 endpoints I meant to say... there is no way I could keep up with 400 clients and VS at the same time ;). Either way, thank you!"

    "BTW, I visited a client of mine today, and before today they only had 1 of their 10 computers running VS. One was hit with some ransomware yesterday, so now I guess you could say 410 endpoints ;). They are also going to install Webroot on all 10 computers as well."

    Feedback on VoodooShield 3.19, running very smooth with Sandboxie.:geek:
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,540
    Location:
    South Wales, UK
    NICE ;)
     
  16. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,540
    Location:
    South Wales, UK
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Thanks a lot! I see I applied the following workout:

    :)
     
  18. Gillor

    Gillor Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    83
    Location:
    UK
    Looks like a false positive. It appears that appxdeploymentclient is a process that Microsoft introduced in Windows 8.1...."Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly."

    According to Virus Total it is perfectly clean unless of course your version has been corrupted in some way.
     
  19. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,562
    Thanks Dan and others who replied.

    I am enclosing a screenshot of the extensions. I don't know if Cyscon would cause this problem?
    I am starting a new profile which will hopefully get rid of the problem but would be nice to be able to nail the problem.

    I can't give a d/l link as it is random and usually happens after having d/l a few files. VS d/l is equally prone this.

    I don't know enough to know why powershell would be engaged in the first place.
     

    Attached Files:

  20. guest

    guest Guest

    I'm testing 3.19, and I have a few questions
    • Based on what autopilot takes decisions? based on Voodoo AI?
    • Can a get a pro license for beta testing? is there always a beta branch for VS?
    • Is there an easy way to help to train VoodooAI?
    • What does it mean a red entry in the whitelist?
    • What is the difference between OFF and Training modes?
    • Could VS block something or create a popup in OFF mode? under what conditions? voodooAI?
    • Does VS still use VirusTotal?
    • Is there a user manual or a help file?
    • Since when VS has anti exploit protection? is as good as MBAE? do they overlap or do they use different techniques? does the anti exploit protection works in OFF mode? I found the answer here: https://malwaretips.com/threads/how...ld-anti-exploit-protection.53428/#post-452863
     
    Last edited by a moderator: May 20, 2016
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    23,586
    Here are some answers:
    1) There is a help file: http://www.voodooshield.com/Download/VoodooShieldUserGuide.pdf
    2) Just email him to get a Pro-license. I think it can be used on up to 10 PC's :cautious:
    3) VS is using VirusTotal, and VS is using it's own engine VoodooAI.
    4) OFF = Protection Disabled
    Training Mode = if you execute a file that is not on the whitelist, VS is adding it automatically. In this mode VS is silently "learning".
     
  22. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    It,Would be nice to see how others are using v.s.I Have v.s set to training first and then always on.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, that is great to hear, thank you!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for letting me know! We do have an internal updater, but it will not be active for at least a couple of weeks... possibly longer (long story).
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    No, they only had VS installed on 1 of the 10 computers (not the one that was infected), they were basically testing VS to see if it worked well for them. Yeah, it wiped out all of the data on that computer, which was running Windows 7, but they had backups of the important files. Once the one computer was infected, they installed VS on all of their computers. Thank you Moose!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.