VoodooShield/Cyberlock

very nice, thanks for the instant reply.

 

If i put VS in training mode (3-4 days) all files/apps in that time will be whitelisted and "safe" or will be checked again after exit from training mode?

 

Sure, thank you!

 

Hey Djigi, how are you? In Training Mode they are not checked at all... even after changing to one of the other modes... so it might be best to put VS on AutoPilot.

Which now that you mention that... maybe we should consider removing Training Mode, and just have people use AutoPilot instead... and maybe add a Silent Mode. This is just off the top of my head... we have time to talk about it and figure it out together. Thank you!

 

I'm fine, tnx for asking (expect new baby in 20 days), how are you?
Training mode is doing what? Or is useful for...?

Why not when in training mode whitelist all (that is practice in other similar apps)?

 

Very cool, congratulations on the new baby!!! Great, thank you!

Actually, now that I think about it... once the realtime Ai scanner is implemented, it will scan the files that were allowed while in Training mode.

Training mode might be good if you are installing Microsoft Office, for example.

We could whitelist all of the drives, but it is best to keep a tiny, customized whitelist, to keep our attack surface as low as possible.

 

Do you plan to release voodoo AI as a standalone product?

 

https://www.wilderssecurity.com/threads/voodooshield.313706/page-537#post-2640988

 

Somewhere I read that VS has some issue running along CryptoPrevent.
I did try out VS on my computer a month ago or something and I did run into some issue which prompted me to uninstall VS.
Unfortunately ( and I apologize for it) I did not take the time to follow up. Now I completely forgot what the issue was.
Currently I run CryptoPrevent and MBAE free editions.
Would that cause issues or, either or both be redundants with VS installed?

Regards,

VS

 

Very cool, thank you Peter for testing the heck out of VS for me .

 

It's totally cool... yeah, there used to be an issue, but a lot has changed in both programs, so either way we just need to run them together for a few days to see if there is a conflict.

I am not sure if redundant is the correct word or not, because I am not sure what all CP does to prevent malware that is not ransomware, but either way, if the file is not whitelisted, VS is going to block it... please see my next post, it will explain a little more, thank you!

 

Giving VS a go again.
Disabled MBAE, tried unistalling the same with Geekuninstaller. VS gave the options block/allow. I selected allow and now I am unable to get GeekUninstaller to work .
My OS is W 10 x64

 

Krusty emailed me with a question the other day… he was just checking to see if something was expected behavior with VS, and since there are probably a lot of users wondering the same thing, I figured it would be best to explain so that everyone knows.

He was running 2 different computers with VS installed (running in Smart Mode), and on one of the computers, VS blocked an item and prompted him, and on the other computer, it blocked the exact same item, but VS did not prompt him… it only briefly flashed and then auto allowed the item.

Since he mentioned that VS was in Smart mode, I had a pretty good idea what was going on. Basically, this is expected behavior, and it depends on if VS was ON or OFF while in Smart Mode, when it intercepted the new item. If VS is ON, a web app is running, so the computer is at risk… so VS should have blocked the item and prompted the user. If no web app was running, the computer was not at risk, so VS would have toggled to OFF… and when VS toggles to OFF in Smart mode, it pretty much acts like it does when it is on AutoPilot… so if a new item is squeaky clean, it will auto allow it, after scanning with the blacklist and VoodooAi (and the quick flash is normal). But if the file is not squeaky clean, VS should block the item and prompt the user in all modes, except Training and Disabled.

Keep in mind, the absolute vast majority of malware is delivered through email attachments, malicious links, and drive-bys / exploits. And if a web app is not running, then all of these “attack vectors” are no longer a concern, with the exception of the user downloading an attachment, then closing their email client, then locating the file on the disk and then executing it. But even then, the blacklist scan and VoodooAi should be able to easily stop the malicious files from executing.

Also, please keep in mind that it is absolutely vital to not lock the computer full-time for a number of different reasons. First, it really is pain for the user to block anything and everything… the end user will just uninstall the lock. Second, if the user is constantly bombarded with blocks and user prompts, they will become numb to the user prompts and automatically click allow. So then when there is a real attack, the little hairs on the back of their neck do not stand up, and they automatically click allow… it is a real concern. Believe me, I know, I have been lucky enough to work with end users since 1999 (17 years), so I have a pretty good idea of how they use their computers and how they become infected, and have designed VS so it is user-friendly enough for even novices to not become infected. And we will continue to add usability features as we go, to make it even more user-friendly.

Also keep in mind that when the computer is not at risk, VS is continually building the tiny, customized whitelist, so that when the computer is once again at risk, these safe items will not be blocked.

A couple of people have asked me something like “Yeah, the toggling is pretty cool, but what about the users who run their email client or web browser all of the time?” Well, my answer is simple… if the computer is at risk, it should be locked .

I am certain that some people might view VS’s toggling as possibly a gimmicky feature, but once they realize this, hopefully they view VS’s toggling as a very real, highly effective security mechanism. Thank you guys, I will catch up on the posts I missed soon, and will release a new version with the drag and drop memory leak (and an other bugs you guys find) in a couple of days!

 

I am not sure what you mean by "tried unistalling the same with Geekuninstaller."... can you please explain a little more? If you are running CP on the system as well, then there still might be a conflict... just a guess.

 

For the record:
Dragged the Geek uninstaller exe file into the desktop VS icon, did run a scan, selected allow and now GU it is working again.

 

When opening geekunistaller the prompt came to block/allow the software to run. (I was trying to uninstall MBAE)I did select allow but obviously it was not allowed as i completely lost the ability to run Geek uninstaller.
(I'm running VS in auto pilot.)
Something to do with the software Geekuninstaller, not being whitelisted on VS installation snapshot maybe? Guessing here.
Working now, see previous post.

 

That's cool, thank you for letting me know... I just downloaded GU, I will play around with it.

 

You are welcome and thanks for yours prompt replies.

 

By the way I did a withelist reset and this time Geek U exe did register fine.
No prompt to block/allow warning when opening GU. Smooth as...

 

MBAE provides a different protection than VS and CryptoPrevent. You can leave MBAE installed.

Regarding CryptoPrevent, there can be some issues running it along with VS. But this was mentioned months ago, and:

You can run them both together for a while and see if you have any issues.

 

@mood

Thanks.
Regarding MBAE , I would run version 1.09.1.1280. I'm not sure I'll be comfortable with MBAE 1.10 when it comes and that is supposed to be a perpetual beta.
What are your thoughts?

 

Dan, you've explained it perfectly! (at least to me)

 

Peter - together with NVT ERP and AG? And which mode - Autopilot, Smart, Always On?

 

I currently have VS 3.49 and CryptoPrevent 8 on my secondary laptop (and have had these two together for some time), and have not noticed any conflict.