VoodooShield/Cyberlock

[11-03-2016 21:39:10] [INFO ] - Blocked: c:\users\daniel\appdata\local\nvidia\nvbackend\packages\00009662\dao.21331993.exe
[11-03-2016 21:39:10] [DEBUG] - dao.21331993.exe (298 AllowReason: 0x0174
[11-03-2016 21:39:10] [INFO ] - Allowed: dao.21331993.exe, c:\users\daniel\appdata\local\nvidia\nvbackend\packages\00009662\dao.21331993.exe, 267a53c489301053dcfcefc7014fd438017f5d1e2e0db1c3f818687c695c6c93
[11-03-2016 21:39:11] [INFO ] - Blocked: c:\users\daniel\appdata\local\nvidia\nvbackend\applicationontology\nvoawrappercache.exe
[11-03-2016 21:39:14] [DEBUG] - nvoawrappercache.exe (14216) AllowReason: 0x0174
[11-03-2016 21:39:15] [INFO ] - Allowed: nvoawrappercache.exe, c:\users\daniel\appdata\local\nvidia\nvbackend\applicationontology\nvoawrappercache.exe, 48a7645c7edc0e3c2aa00957a61833f6708d49024f9285601142a24b21a7b5b4

 

I get block on that occasionally, also. Any fix for that? Is it something to worry about?

 

I know that feeling... Had 360TS on all computers in my family. Now running Emsisoft AM, Malwarebytes Anti-Exploit and VoodooShield. Not sure yet what free AV to get for the rest of the family.

 

Hello,

@VoodooShield , what sort of information is sent to VS servers when VS is installed on a client? If a system snapshot is sent is there a way of preventing this from happening in the install process? I would prefer to have full control of any information that is sent outside the private network. Thanks.

 

Today for the first time since I'm using VS Chrome was blocked. Yesterday was fine but today it was blocked.

 

Nothing is supposed to be sent unless you tick the checkbox "synchronize..."

 

Hi, VS sends very, very little info... only what is absolutely required. There should not be any information at all sent during the installation process. Once VS is started, then the email address and password is authenticated with the database, and if the option to backup the whitelist to the cloud is enabled, that is uploaded too (the same information that is in Settings / Whitelist).

I think we used to also send the Windows version (7,8, 10, etc), and a hash identifier for the hardware, but I do not even thing we do that anymore.

We are actually in the process of replacing and updating the user management console and databases, and I will make sure that only information that is absolutely necessary is sent, that it is secure, and as generic as possible.

If this is at all a concern, I would just simply not enable the "Synchronize and backup my whitelist to the cloud" option.

 

I just wanted to give everyone a quick update... I will catch up on the posts I missed soon.

We have had several requests to build out and implement enterprise features in our user management console, and while working on VoodooAi 2.0, I realized that now would be a great time to update the user management console and move everything to the VoodooAi cloud database. It is quite a bit of work, but I really think you guys will like it when it is finished.

A developer named Alexandr is doing most of the website and user management console updates, and I am getting close to finishing up VoodooAi 2.0. In a week or two, when Alexandr and I are both finished, we will have to do some integrating of VoodooAi into the user management console, and that should take another week or two. During that time, I will be training the new machine learning models, so everything should be wrapped up in 3 or so weeks.

The next couple of days, I will finish the last few bug fixes for VS 3.0, so I should be able to post a new version soon. I have just been taking it kind of slow because there are a couple of things that I want to make absolutely sure I do correctly.

Thank you guys, have a great week!

 

Good to hear, look forward to testing.
Take your sweet time

 

Alexandru is WFC dev not Alexandr

 

Hello,

@guest , thank you for the short explanation and @VoodooShield for the more extensive one. This is excellent news for me since I feel many security vendors take liberties with what sort of customer information they gather and where they place it and subsequently make it more difficult for customers to secure their property.

@VoodooShield , have you ever considered outlining how little information you gather on your site as a benefit? I think that would appeal to more than a couple of prospective users with the popularity of intrusive applications all over the place. I know the snapshot to the cloud feature gave me pause from installing VS given the UX work that I do, I'm obligated to take measures to secure that information and can't afford to have that out of my control. I would think anyone in development of any sort of product would appreciate knowing how you view your customers information, it's a selling point.

 

Hello,

Is there any way to temporarily whitelist an application? I have a few self contained applications that don't necessarily need to be included permanently on the whitelist, just as sort of an allow now only function. Thanks.

 

I don't believe there is. All you need to do though is allow the processes and then delete them in the Whitelist.

 

just got a notification about a file today. looking it up, it appears to be a vista file and I have win 10 so I clicked to block it. it happened after going to this page.
http://www.top10bestantivirus.com. which might have been a coincidence. what Is Msdt.exe?
Msdt.exe is a type of EXE file associated with Windows Vista Home Premium with Service Pack 1 developed by Microsoft for the Windows Operating System. The latest known version of Msdt.exe is 1.0.0.0, which was produced for Windows. This EXE file carries a popularity rating of 1 stars and a security rating of "UNKNOWN".

 

didn't get the popup until I clicked on the fix connection button.

 

When you click on that button it invokes the Microsoft Desktop Troubleshooter (msdt.exe). This process has been included in Windows starting from Vista right up to 10.

 

It's a legitimate file, nothing "suspicious".
As mentioned above, it's a simple Troubleshooter. More info about msdt.exe:

 

"Trust the blacklist scan false positive detection and auto allow files not detected as unsafe by VoodooAI in all modules" (italics mine)

I'm confused by that option. From my understanding, VT just marks a file as having detection, whether that is false positive or true positive.

1. Does "blacklist scan false positive detection" mean that there are false positive detection in the VT database against files?
2. OR does "blacklist scan false positive detection" mean that there is just no detection from VT?

 

Hey everyone, I am wrapping up this version, but had a couple of questions, so hopefully I can include all of the fixes in the next release.

I tried to reproduce this error, but I could not get it to do what it is doing for you. When you say "Right click voodooshield.exe", do you mean the VoodooShield.exe in C:\Program Files\VoodooShield, or do you mean something else? Please let me know how to reproduce this error... it should be a super easy fix, thank you!

 

I think this error is fixed, but I wanted to verify... how do you launch the powershell script? Do you right click on it and choose "Run with Powershell"? The fix was actually pretty simple... I realized that these should be handled like files instead of command lines, much the same way we handle wscripts and cscripts. It is much cleaner and better to do it this way. Anyway, that part is working, I just want to make sure that I am parsing the path of the file from the command line correctly, and if there is a different way to launch a powershell script that produces a different command line, I just need to factor that in as well.

I also fixed several little bugs that I noticed as well... for example, when the USB label is showing and VS blocks a file, when VS was finished flashing, the USB label would turn white... so that is fixed.

I also added a really cool feature that automatically (and safely) allows TONS of command lines that normally would be blocked, even though they are perfectly safe. It is kind of hard to explain how I did it, maybe I will try one day. But anyway, there will be a drastic reduction of safe command line blocks... they will be auto allowed. There will still be some command line blocks... hopefully only malware blocks .

Anyway, this version is almost finished and I will be posting it asap, and then I will catch up on the posts I missed... I am thinking it will be ready by the weekend. Thank you guys!

 

TrafficLight don't like this page...

 

Hmmm, MBAM also block it...
But every other site inspector says that is clean, only BitDef and Malwarebytes have suspitious detections!

 

Why "cmd.exe" is blocked when I start this app and this is recommended action?
If cmd.exe starts "out of the blue" then I understand why should be blocked but when user start the app I do not understand why should be blocked.
VS 3.45 is in SMART mode with default advanced settings.

 

Hi Dan,
I'm really looking forward to this in the new Beta, as I get quite a few (too many) command line blocks, so if this works as it should it is great news.
Keep up the good work.
Regards
Gordon

 

Point 1.
If there is only one detection in the VT database but VS thinks that this engine has a "unusually high false positive rate", it is filtered out.
No detection = file is executed.
If you untick the option you'll get a prompt about the file: "FALSE POSITIVES in 1 of 56 Scan Engines!"