VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Moosehead77

    Moosehead77 Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    134
    Hi,

    I was testing out different security software on my pc, and one of them was Trend Micro. I have restarted my pc several times with Trend Micro not on my system and all seems well again. Thank You for the help.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,981
    Location:
    Among the gum trees
    I started my machines a couple of hours ago and just came back to find this on both:

    dismhost.PNG

    I thought the dismhost.exe issues were resolved?
     
  3. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,590
    Location:
    South Wales, UK
    Hi Krusty13

    I have been seeing these sporadically for a while...but cannot really pin them down to anything specific...which is infuriating as it will make it harder for Dan to locate the issue if there is one.

    Regards, Baldrick
     
  4. Morro

    Morro Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    355
    Location:
    Netherlands
    This would indeed be very much appreciated, if Slimjet could be added to the default browser list in a future update. ( So that the free version can also protect Slimjet. )
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,981
    Location:
    Among the gum trees
    I thought dismhost.exe was pretty specific in this case.
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sorry I have been away and have not been able to respond... things are kinda crazy, but I hope to be able to catch up soon!

    I am starting to think the freeze issue is a result of the wildcard command line feature, I think there is a small bug in there. So in a day or two, when we hear back from the users trying 3.08, hopefully we will know for sure. Then I can build a special version that disables the wildcard feature, and we can test that for a few days. After that, we should be good to go!

    The Ai machines are almost finished retraining... it is taking forever, although at this point I am just waiting for 850,000 samples to upload, and it should be finished by tomorrow. Once it finishes, I will retrain the machines one last time and then review the results / curve. It is funny because there is a chance that it will be way off, and these last 2-3 weeks might be for nothing ;). But I really think it is going to turn out well... we will see ;). But between the freeze bug, retraining the machines, business stuff / meetings / etc., things have been kinda crazy, but everything should be back to normal soon. Thank you!
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,981
    Location:
    Among the gum trees
    Even if VS freezes on a completely unrelated program or command line that we have edited?

    Thanks.
     
  8. guest

    guest Guest

    @VoodooShield

    Do you plan to add VoodooAI to VT? or to have it tested on AV-Comparatives or AV-test...
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I have been working on 2 new options... 1 to disable the blacklist scan (so that AV testing labs can disable this, and only test with VS's inherent security mechanisms), and one to disable VoodooAi, in case someone is not concerned with zero day malware ;).
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you... yeah, VS is super, super light on resources!
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I think this is all squared away, but if not, please let me know!
     
  12. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly... in Smart Mode ;).
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you for letting me know! Please test with 3.24 when it is ready and let me know how it does, thank you! I might have to figure out a better usb detection method.
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Do you mean on the mini prompt? It is already on the big user prompt, so I was just curious what you mean ;).
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hi, thank you, we appreciate that very much! If you search this thread for VoodooAi, you will see TONS of information... I mean tons... I really talked peoples ears off ;). But after that, if you have questions, please let me know!
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, it is cool that these files are blocked, and you do not need to do anything at all... they will run again if they are necessary, so you are good to go. That is the whole thing about VS... the whole idea is to ONLY allow what is on the tiny, customized whitelist that is automatically generated by the toggling and other blocking mitigations. Thank you!

    I forgot to mention... the goal is for VS to have the smallest attack surface in the industry.
     
    Last edited: Jun 7, 2016
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, these drivers are extremely difficult for VoodooAi... or for any Ai for that matter, mainly because they look exactly like malware. I will see what I can do, but with Ai, there will always be a few false positives. Thank you!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    VS does not allow only by digital signature... I believe that is very, very dangerous. Look what happened with Apple's Gatekeeper over the weekend... Now we have Mac OSX ransomware that bypasses Gatekeeper ;). VS does temporarily allow by digital signature... so if you allow something, then anything that is spawned with that signature is allowed for a temporary time period (it is hard to explain). It is perfectly safe and it reduces the affirmative user prompts TREMENDOUSLY! But no, after seeing all of the signed malware while training the Ai machines... this is not even an option. Thank you!
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am guessing that the last process that was created was from SAS, so it was the temporarily allowed digital signature at the time, so it allowed the other file. Are both of the files signed? This kind of thing happens with me all of the time while testing... then I will spend a long time trying to figure out why something was allowed... and I can tell you, in 5 years, there has always been a good reason the item was allowed ;). Thank you!
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly... BUT I would love to find one reliable thing that triggers it so I can reproduce and fix the error ;). Otherwise, it typically takes 2-3 days for VS to freeze on my machines, and nothing is logged, and there are no other indicators of the issue. Thank you!
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great point, thank you... that can happen as well!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hi, yes, but not specifically. VS should block anything like an exe, script, regedit, etc that can modify the registry. Have you found something that we forgot? ;).
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you Kees! Yeah, in a few days we should be good to go!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, this is fixed, thank you!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Apparently not ;). I just need to add the new dismhost files to the VoodooAi cloud and it will be fixed permanently. We have tried other ways to fix this, but there really is no other safe way as far as I know.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.