VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you... obviously I appreciate that ;). If you do not have a VS Pro license, please email me at support at voodooshield.com and I will set one up for you. BTW, if any of the other wilders users would like a license, please let me know!
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,306
    Location:
    Under a bushel ...
    With regard to dismhost: As in whitelisting c:\users\xxxx\appdata\local\temp\*\dismhost.exe - can that be done in VS?
     
  3. guest

    guest Guest

    is it Yesnoo's brother? (ie-no) :p
     
  4. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    LOL!

    Nice finding! BTW VS works on the principle "yes - no" to starting process.
     
  5. singularity

    singularity Registered Member

    Joined:
    Mar 6, 2014
    Posts:
    76
    Location:
    India
    I have an issue with VS context menu not responding at times.
     
  6. ieno

    ieno Registered Member

    Joined:
    Jul 19, 2016
    Posts:
    12
    Location:
    Netherlands
    lol, all we need now is our sister, egyes :)
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for the idea... yeah, something like that. Actually the dismhost fix that Vlad along with some of the wilders came up with together is a super cool idea that will work really well, but there is a bug somewhere. We have tons of information about this bug that we can convey to Vlad, so it will be a super easy fix for him. Thank you!
     
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Vlad added wildcard listing a few months ago... I have never used it, but it should be fully functional. Please keep in mind that dismhost can run from a lot of different locations, so I think the other dismhost fix will work the best. Thank you!
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, you guys crack me up ;).
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Ohhh, I see what you are saying... great point, sorry about that, you are correct ;). I have a lot of my mind right now and I am not thinking too clearly ;).
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, Vlad is a truly amazing coder, I hope to be able to hire him full time one day, but he is doing quite well in his career, so I would hate to pry him away from that.

    BTW, I forgot to mention something that I realized while watching CS's video. We need to add the VoodooAi results to the mini prompts, and this will work great because by the time the mini prompt is shown, the VoodooAi results are already calculated. So instead of the mini prompt saying "VoodooShield blocked an Unknown File", if the VoodooAi result is unsafe for the blocked file, the mini prompt will say "VoodooShield blocked a malicious file" (or something like that, and the text will be in red). That way, it reduces the change the the user will click on the mini prompt and ultimately run the file. It is just a small tweak, but I think it will be pretty cool. There are actually tons of small tweaks that I want to add in the next few months. Thank you!
     
  12. josin

    josin Registered Member

    Joined:
    Mar 3, 2016
    Posts:
    7
    I am using windows 10 64 bit and voodooshield330 in auto mode and its running fine for me, there is no "dismhost.exe" blocked notices from voodooshield..
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,306
    Location:
    Under a bushel ...
    A Disk Cleanup (cleanmgr.exe) should invoke it ...
     
  14. josin

    josin Registered Member

    Joined:
    Mar 3, 2016
    Posts:
    7
    Just tried ...nothing...came up
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you guys! I wonder if UAC has anything to do with it? The reason that I ask is because in some versions of Windows, UAC will enable "Windows Protected Folders" for certain folders... but this is kind of a guess, I have not tested this theory. Do you have UAC enabled?
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I think we can, assuming that the .tmp files are standard portable executable files that happen to just have the .tmp extension, it would probably work. Thank you!
     
  17. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, exactly... actually VS spawns a .tmp file during the install as well. I just need to make sure that they are standard PE files, and if so, I can add the .tmp extension. And if they are standard PE files, are they always? I think they are, but I am not sure, so we just have not added the .tmp extension yet.

    Thank you!
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, I think you are correct. We can add the .tmp extension, but if there is a .tmp file that is not a standard PE file, then VS might freeze or throw some weird exception (like if some odd .tmp file is blocked on a user's computer, that I was not aware of and have not tested). Once we know for sure, it will be easy to add. Thank you!
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,628
    Installers packed with "Innosetup" are executing .tmp-files

    Example:
    Installation:
    Process: C:\Users\xxx\AppData\Local\Temp\is-61194.tmp\mbae-setup-1.08.1.1196.tmp
    CommandLine: "C:\Users\xxx\AppData\Local\Temp\is-61194.tmp\mbae-setup-1.08.1.1196.tmp" C:\mbae-setup-1.08.1.1196.exe"
    Deinstallation:
    Process: C:\Users\xxx\AppData\Local\Temp\_iu14D2N.tmp
    CommandLine: "C:\Users\xxx\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe"
     
  20. Turing Doenitz

    Turing Doenitz Registered Member

    Joined:
    Oct 23, 2013
    Posts:
    31
    Location:
    Australia
    I just did a fast ring upgrade from current release build of Win 10 to build 14393 which may well be the final RTM of the upcoming anniversary update. All went well. I reset the whitelist and rebooted a few times with no ill effects. Cryptoprevent, Webroot, adguard, and MBAE all in attendance too alongside VS 330.
    So far so good.
     
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you! And actually, if you guys get a chance (and you do not mind doing this), whenever we see a .tmp, if we find it on disk, then make a copy of it and rename the extension to .exe, then drag and drop it to VS, we will know for sure ;). I will do that whenever I see a .tmp file from now on. Hopefully they are all PE files and we can include them in the VoodooAi analysis.
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you for letting us know!
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "Do you have UAC enabled?" my insider build updated yesterday as well.

    I have UAC set to high. had another bunch of blocks. there were more then screen shot but could not fit them all in.
     

    Attached Files:

  24. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    432
    Location:
    Mercia
    Just wondering if there is any benefit in running UAC together with VS. I have had UAC disabled for sometime now and cannot see any benefit in enabling it but I would appreciate any views as to why I might want to change. Using Win 7 Pro x64.
     
    Last edited: Jul 20, 2016
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,991
    Location:
    Ontario, Canada
    Just to add I always turn off UAC it's a PITA and VS is why better IMO.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.