VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Sorry for being a noob here. :)
    Does VAi still work even when VS is on Smart Mode? Just to be sure because I'm confused due to the presence of AutoPilot mode. :)
     
  2. guest

    guest Guest

    yes it does, Autopilot just do everything for you.
     
  3. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, I see what you are saying... does VS block it as a command line or a blacklisted item? If it blocks it as a command line, then you can edit the command line with wildcards in Settongs / Command Lines. If it blocks it as a blacklisted item, then I hopefully I can figure out a way to do this safely.

    Please let me know if it is blocked as a command line or a blacklisted item... it will say at the top of the user prompt (you probably already know that though). Thank you!
     
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, we are all noobs when it comes to malware ;). There is something new every day and no one knows everything. Yeah, guest is right, thank you guest. And actually, when VS is on AutoPilot, it is only the blacklist and Ai that is protecting the computer... the third layer of protection (VS's application whitelisting lock) is off. Thank you!
     
    Last edited: Nov 2, 2016
  6. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thank you for the additional information!
    I'm actually testing VS on my laptop.
     
  7. M3gatron

    M3gatron Registered Member

    Joined:
    Oct 3, 2016
    Posts:
    41
    Location:
    ::1

    Hi @VoodooShield - It blockes is as a blacklisted item. I have attached the relevant screenshots. I think this happens because it's powershell even though the command is to allow it

    Also I have noticed that once you delete an entry in the command line the scroll bar on the right goes to the top.It would be good for the scroll bar not to reset if possible

    1.PNG Capture.PNG
     
  8. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    496
    Location:
    UK
    I didn't know the whitelist wasn't used on AutoPilot and this is the only mode I have ever used thinking it offered maximum protection with not too much interaction needed.

    So does AutoPilot provide the only protection actually needed as I'm slightly confused now myself with all these different modes. I actually like seeing the popup when I install something new that Ai needs confirming to proceed as it gives me a strange sense of confidence that VS is doing its job.

    I just want as little interaction as possible and see no point in training mode at all if that means switching VS off at any time.
     
  9. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    496
    Location:
    UK
    Thank you... that's the answer I was hoping to see.

    I use ESET Smart Security and my browsing habits are very regular so I'm happy to stay with AutoPilot.
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Some confusion here.

    C is the system drive and VS resides there.

    G is where most other programs are installed.
     
  11. guest

    guest Guest

    VS blocks command line operations in autopilot mode without any popup. This results in tons of FP and blocks that make the software installed to work improperly.
    Shouldn't be a popup or something since the FP's for command line operations are that high? or an option where the AUTO part only affects when is an allow but ask every time it blocks something.
     
  12. guest

    guest Guest

    so the issue may be here:

    you have to go to settings > enable custom folders > and untick the checkbox of cyberfox's folder on left pane (under the Blue shield of VS) if G: is ticked.
    cyberfox is a web apps which lock the system (ON ), so non-system partitions are locked if my memory is good.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    there is no sense in getting into a whole big argument about it.
    I think that everyone has full confidence in you to make whatever changes and improvements that need to be made. We are all here to learn.
     
  14. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,850
    Hey, VS seems to not like Nvidia trying to do updates. Any idea why?
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    the dev acknowledged an update problem, and is working on the fix.
    But maybe a Nvidia user has a workaround for you...
     
  16. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "You are welcome. If you want to improve protection by a good amount with the same or not many more alerts try disabling allow by parent process(needs the paid VS version)."

    am I missing something? is this user not using a listed web app? or am I missing the option you are talking about?
     

    Attached Files:

  17. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    496
    Location:
    UK
    Hello... yes I use Firefox for all my web browsing and everything seems fine. I may experiment with the parent process setting but I'm very happy with my current mode of operation now.

    I will keep watching this thread as I do find all the discussions here so interesting and look forward to all of the future developments.
     
  18. plat1098

    plat1098 Guest

    Does the scanning not happen in SMART mode also? I just checked by running a VS scan on a download. If you remember to disable VS when uninstalling a trusted software, you shouldn't get hardly any popups either, right? How about if you take frequent snapshots, that should help with whitelisting, that's my interpretation. People seem to prefer AUTOPILOT mode to SMART mode, and I'm trying to figure out why because SMART is pretty unobtrusive. Still working on it, PLEASE correct me if I'm mistaken.

    Edit: No, the second sentence should read: The scan with the engines occurs during an installation of something. I was just checking the scan's modalities with what I had on hand.
     
  19. Dear members,

    *** Start of rant ***

    Pleas let's discuss REAL security, not THEORETICAL security which REDUCES THE EASE OF USE OF VS. In the old days there was a german security website called fake security (scheinsicherheit). That website made a fool of features of security programs which had little practical value in the real world.

    Even with the allow by parent process disabled you are not protected against 'process hollowing' or other variants of DLL-injection. Windows Integrity Levels make sure software can not inject DLL (into other processes) into higher rights objects. So when you use LOW Ibtegrity Rights internet facing software (like Windows Apps, IE and Chrome), some bug has to be exploited first to touch medium level (normal) processes.

    So don't start disabling smart features like the allow child process of whitelisted processes. VoodooShield has an anti-exploit option, which is the reverse as the allow by parent process. All vulnerable processes are NOT allowed to start any other program. On top of that VS also performs a VT blacklist scan before adding a child process to the blacklist scan.

    These measures compensates the theoretical hole you have in the whitelist with "allow by parent process". Disabling 'allow by parent process" is like wearing a condom all the time, it does not reduce the chance of getting a sexual transmitted disease, it is just a hassle when you need to pee (run an occasional update of a whitelisted program).

    *** End of rant ***
     
    Last edited by a moderator: Nov 3, 2016
  20. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    815
    Location:
    Melbourne, Australia
    Just in case - anybody know of any integration issues with TS360?
     
  21. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    736
    Location:
    The Netherlands
    No problems. Only when installing you have to allow 1 or 2 false positives.
     
  22. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Thanks

    Not a section I have looked at before. Will see how it goes.
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    WS I know I must b missing something here is the child processes thing. I am guessing they must be disusing and different option than I have in my beta not paid version. My screen shot is the only child processes setting I have in my latest beta version. as you can see it says to disable if not using an app listed in the web apps tab. otherwise leave it alone.
     
  24. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    815
    Location:
    Melbourne, Australia
    Thanks, but I have just removed 360TS after reading about WoSign, http://www.bleepingcomputer.com/new...-end-of-controversial-chinese-https-provider/. It's yet another ethics issue for Qihoo. Shame is that 360TS is a nice product: easy to install/remove; easy to use; and, great performance. Just as well I can say the same about VS.:thumb:
     
  25. Sorry did not want to "Voodoo like you do" ;) just wanted to warn to not overhype something.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.