VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. old school

    old school Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    29
    Location:
    Spain
    3.26 works perfecly here. Thanks Dan
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you Krusty13, stapp and old school!

    @ichito,

    To answer your questions in order...

    No, I know (I really want to fix this freeze bug), and maybe ;).
     
  3. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    835
    Location:
    Melbourne, Australia
    I have VS in autopilot but got a pop-up asking about Google's software_reporter_tool.exe. I thought autopilot meant no asking me?
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Hi Dan

    Sounds good. Will do the same.

    Regards, Baldrick
     
  5. guest

    guest Guest

    @VoodooShield
    I have had the same issue I get popups (yellow notifications that if you click it becomes a popup) from VS in autopilot mode asking me to allow an exe with the VS ratting is green. Is this normal? I think that when I was using 3.18/19 VS was taking the decisions automatically.
     
    Last edited by a moderator: Jun 9, 2016
  6. guest

    guest Guest

    @VoodooShield

    What about showing in the popups another button called something like "allow and start installer mode" (or maybe training mode?) and It will automatically revert back once the process allowed (installer) ends it execution.
    This will make VS much more user friendly.
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you Baldrick!

    @Iangh and guest... yeah, but just like the AutoPilot on Airplanes, sometimes the pilot has to take control and make the decisions. It will get better with time, for a lot of reasons, because there are a lot of little refinements we can make. But for now, we still need to be safe then sorry. Thank you!
     
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @VoodooShield Excellent detective work with regard to the VS freezing issue, Dan. I wonder if Vlad can make it so that chrome.exe is the only exception to allow more than 10 concurrent threads since I'm not certain that many other programs would need that. Hopefully you've spotted the cause of this freeze issue and also hope that it's something that you are able to fix. Do you know if Vlad may come back to program for VS sometime in the future again? He's a great programmer and also good communicator as well which is wonderful. :)
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that! The 10 concurrent threads was actually established in VS 2.0 with the CPN, and we thought that is all we would ever need, and it seemed to work with the CPN just fine, so we did not increase the number when we moved to the KMD in VS 3.0. I am certain it does not hurt anything to increase the number of concurrent threads, but I emailed Vlad just to make sure. Keep in mind, once the newly created process is either allowed or blocked, that thread is freed up, so really you should not need anymore than 10 or 15 (in the case of Chrome) concurrent threads at any given time. I am hoping that Vlad will work on the VS project again some time in the future, he really is an amazing developer. He is just super busy with his new job promotion and raising 2 young ones. But yeah, I would love to find a way to hire him full time... but we would have to figure out a way to make it worth his while because he already has a great job with a great company... so we will see what happens ;).
     
  10. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    224
    Location:
    UK
    Dan
    3.26 is running fine here - no freezes. However, I'm not running Chrome on this system but Opera, which is Chromium-based. Don't know if that was significant when the freezing occurred in previous versions.
     
  11. I remember a group policy setting long time ago when I used IE :D before chrome which was called "Throttle processes" or something like that that also had a value range of low medium and high. I thought this related to the number of threads IE would create.

    These non program logic related problems are the worst to debug. Good programming practice from the past (Yeah I coded assembler and Cobol limited to 16KB overlays) is to add a "memory trespasser" comments section to the source code stating what maximums are used related to internal tables, memory buffers, stacks, simultaneous threads. Those days documentation was as good or as bad as the coding practice of the team working on it.
     
  12. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    @VoodooShield / Dan

    You are truly an excellent developer, and I would like to thank you for all the hard work you have put into this project.

    Fantastic work, keep it up :thumb:

    And once this freezing issue is fixed, I feel you deserve a bit of a break.

    Oh and Just F.Y.I., the latest beta (3.26) is working really well.
     
  13. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    893
    Location:
    The Netherlands
    Couldn't have said it better :thumb: No problems to report with 3.26 so far.
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,053
    Location:
    Ontario, Canada
    @VoodooShield Dan mine still will not sync to the cloud can you look into it?

    2016-06-09_16-47-03.png

    Daniel ;)
     
  15. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    893
    Location:
    The Netherlands
    Daniel, do you have the basic setting "Synchronize and backup my whitelist snapshot to the cloud" enabled? I think it is off by default now.
     
  16. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,053
    Location:
    Ontario, Canada
    I always put a check in the box and save but it still doesn't work for the last 10 builds or so. I'm wondering if it's an account issue?

    2016-06-09_17-02-39.png
     
  17. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    893
    Location:
    The Netherlands
    It was off for me enabling it and taking a snapshot didn't do anything for me also.
    Vaguely remember something about it not being active since one of the new beta builds.
    So we have to wait for Dan.
     
  18. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    I agree wholeheartedly. 3.26 working fine here.
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Completely agree...but let us not forget Vlad either at this point...based on what Dan has recounted he has had a major part to play in the coding...;)

    What I would say, Dan, is that you are a true visionary...:thumb:...and that you work too hard...:D

    Regards, Baldrick
     
  20. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,202
    VoodooShield,

    Installed 3.26 Beta on Win 10 64 Pro Fresh Install
    Windows Defender & FW.

    VoodooAi - @100
    Portable Programs (Adobe is an installer)
    Adobe XI Pro Installer - Digitally Signed - Suspicious
    DnsJumper - Not Signed - Unsafe - VAi Score - 1.0000
    KeyViewer - Not Signed - Unsafe - VAi Score - 1.0000
    WinDlg - Not Signed - Unsafe - VAi Score - 1.0000
    VidCoder - Not Signed - Suspicious

    VoodooAi - @ 60 - 90
    Adobe XI Pro Installer - Digitally Signed - Safe (Even @ VAi 98 Safe)
    DnsJumper - Not Signed - Unsafe - VAi Score - 1.0000
    KeyViewer - Not Signed - Unsafe - VAi Score - 1.0000
    WinDlg - Not Signed - Unsafe - VAi Score - 1.0000
    VidCoder - Not Signed - Suspicious

    VoodooAi @ Reckless
    DnsJumper - Not Signed - Unsafe - VAi Score - 1.0000
    KeyViewer - Not Signed - Unsafe - VAi Score - 1.0000
    WinDlg - Not Signed - Unsafe - VAi Score - 1.0000
    VidCoder - Not Signed - Auto Allowed

    In the above -
    Only Adobe is a Signed program And VoodooAi calculation changed from Suspicious (@ 100) to Safe @ 98

    DnsJumper, KeyViewer & WinDlg are Not Signed And VoodooAi calculation Unsafe (@ 100) remained Unsafe with the same score 1.0000 till the lowest VAi sensitivity (@ Reckless).

    VidCoder is Not Signed And VoodooAi calculation Suspicious (@ 100) was Auto Allowed (@ Reckless).

    So -
    Change in VoodooAi Sensitivity Level - Suspicious verdict did changed to Safe.

    Change in VoodooAi Sensitivity Level - Unsafe verdict didn't changed at any levels & VAi score too was same at all levels.

    @ Reckless is the lowest VAi Sensitivity Level & even @ Reckless Unsafe verdict remained Unsafe with the same VAi score too. Those are Not Signed programs.

    I know VAi calculation takes many factors into account like program is signed or not, etc...

    I am testing VAi Sensitivity Levels & use the level I find good for me. Currently I use VAi @ 90.

    With my little test I think VAi @ Reckless too provides protection. I mean in my little test VAi @ Reckless in a way performed good i.e it allowed programs that were Suspicious @ default 100 And blocked programs that were Unsafe @ default 100. So the lowest VAi Sensitivity Level i.e @ Reckless performed good.

    Please give little details on @ Reckless (VAi Sensitivity Level).

    UPDATE -

    I tested few harmless malware samples.
    clt.exe, deletevolume.exe, keylogtest.exe & trojansimulator.exe from testmypcsecurity.com
    eicar, potentiallyunwanted & cloudcar from AMTSO

    I tested VoodooAi Sensitivity Levels @ 100 & @ Reckless

    The results were same as above i.e -
    Suspicious @ 100 were allowed @ Reckless
    Unsafe @ 100 were Unsafe @ Reckless

    If I had a spare system I would have tested with real malware.

    You test VS with 1000 malware.
    Is it possible for you to test VS with those 1000 malware @ 90 & @ Reckless Sensitivity Levels?
     
    Last edited: Jun 9, 2016
  21. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    BETA v3.26 on Win10 x64
    No freezing that I can detect but I don't have a license so this is default settings all the way. (Perhaps when I get a little more money but for now this is satisfactory for me.)

    Keep up the great work!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Great to hear, thank you for letting me know!
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, multithreading really gets trick at times ;). Thank you Kees!
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you Tyrizian and Gandalf_The_Grey, I appreciate that!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sure, I will do that asap, thank you TH!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.