VoodooShield/Cyberlock

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    343
    Location:
    Down Under the Southern Cross
    #13581

    The whitelisting of Panda AV files it is holding :D(Panda AV has 7 of those files in a folder). After VS 3.50 clean install and an in depth snapshot only a couple where blocked. I suspect the in depth snapshot helped.
    No other issues to report.

    To everyone,
    HAPPY NEW YEAR!
    :)
     
    Last edited: Dec 31, 2016
  2. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    I think Dan deserves congratulating on getting the stable release out by the end of the year!
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sorry, I have been extremely busy… I am trying to catch up ;).

    The issue is that these are executables in one of malware’s favorite hiding spots… programdata (along with appdata and a few others)… we used to have to be extra careful with these folders, but now with VoodooAi, it probably is not necessary. So I can look at these checks in VS, and see which ones I can remove, and that will permanently fix this issue.

    In the meantime, you can allow that path to Custom Folders, and it should fix the issue for you.
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you everyone for all of your help!!!

    Have a safe and happy New Years... I will catch up on the posts I missed asap!
     
  5. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    343
    Location:
    Down Under the Southern Cross
    Second that:thumb: "Good on yah Dan".
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Have a happy happy New Year
     
  7. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
  8. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    RE: Whitelisted files are being blocked and scanned.

    It is still happening even after re-whitelisting items and checking/ editing command lines. I have found that enabling "Custom Folders" and unchecking any folder where installed software exists solves the problem but that is not something that your average user should need to do. Obviously in many cases it was necessary to leave the parent folder checked but some existing subfolders unchecked.

    Note: I have not ever needed to enable "Custom Folders" in any previous version of VS.
     
  9. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @Iangh @Moose World
    No secret formulae, just works as is :thumb:
    Magickal tweaks and settings for CFW i'll leave to @cruelsister to demonstrate.
    Links and help are over at Comodo forums.
     
  10. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    343
    Location:
    Down Under the Southern Cross
    So far whitelisting those Panda AV files is working, without the need to enable them on Custom Folder.
     
  11. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    The algoritm 3 in the new Ai seems the opposite compared to the other two.
    Every false positive I have had algoritm 1-2 are deemed safe, while algoritm 3 is very far on the right side.

    /E
     
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Congrats, Dan...on the formal release of VS v3.50...another milestone, and hopefully the start of the big time for VS. :D

    Happy New Year.

    Regards, Baldrick

    PS. Now please take a rest and have some time off? ;)
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I noticed that custom folders is easier to use than it used to be, now it automatically selects the folders that should be protected by default. That's nice, maybe it's been that way for a few builds already, but I didn't see it until now. I like it!
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I haven't noticed that, but then again, that is not unusual, for me. I will have to look for this, when I open up my Surface Book, later on, this morning...It is 4:33 am, and I should be sleeping, zzzzz. ;)
     
  15. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    The way I install a new version of VS:

    Backup "C:\ProgramData\VoodooShield"

    SimplySync Backup.jpg

    Right click VS icon in system tray and choose "Exit"

    Stop and delete VS Service. You could also try stopping and deleting the driver but I've never bothered.

    Process Hacker.jpg

    Delete the following folders. I personally use a script:

    <UVKCommandsScript>
    <sDelete>

    C:\Program Files\VoodooShield
    C:\ProgramData\VoodooShield


    ###### End of UVKCommandsScript. ######


    Reboot.

    Install new version of VoodooShield.
    Consider copying commandlines3.* and settings3.* files from backup into "C:\ProgramData\VoodooShield"
     
    Last edited: Jan 1, 2017
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    @Callender Thank you, for your input and advice. ...I will look further into it. One thing is I never do scripts, because I know nothing about doing them.
     
  17. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    No worries. Just delete manually.
     
  18. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    I would appreciate a fix for this:

    VS internet connection 3.jpg

    Or else request that VS 3.47 is re-activated because these connection problems only exist in later versions.
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    :thumb:
     
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Are you sure your firewall isn't blocking VS in any way? I never see those types of messages.
     
  21. Andy01

    Andy01 Registered Member

    Joined:
    Oct 23, 2015
    Posts:
    7
    VS updated to version 3.50
    works well

    my configuration
    VoodooShield
    SpyShelter Firewall
    Zemana AntiMalware
     
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I have found that version 3.50 still suffers from the same blocking issues, often it is silent blocking, that previous versions suffered from.
    But with the revamped custom folders tab, it is pretty easy to make exclusions for at least some of the troublesome processes.
     
  23. guest

    guest Guest

    In my case it silently blocked tor.exe for runing and I have it configure to show a popup.
     
  24. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    See this post (and the one immediately below it)
    https://www.wilderssecurity.com/threads/voodooshield.313706/page-534#post-2639588

    Anyway I checked firewall.
    Firewall Advanced Settings.jpg

    Fiddler Web Debugger.jpg



    Secure Protocol: Tls
    Cipher: Aes128 128bits
    Hash Algorithm: Sha1 160bits
    Key Exchange: RsaKeyX 2048bits

    == Server Certificate ==========
    [Subject]
    CN=voodooshield.com

    [Issuer]
    CN=RapidSSL SHA256 CA, O=GeoTrust Inc., C=US

    [Serial Number]
    78A0E3815CBBFAC929086E79B763CD01

    [Not Before]
    29/08/2016 01:00:00

    [Not After]
    29/10/2017 00:59:59

    [Thumbprint]
    6860C77BF59B8639A26407E35B0D7C00AE918C7E

    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.1 (TLS/1.0)
    Random: 58 6A 5B A3 96 1A 73 2D ED 1D 22 C7 6A DB 5D 10 5C 40 75 8B A4 95 E3 94 5C 1E 19 11 39 EB C5 D9
    "Time": 05/11/2056 19:13:28
    SessionID: 8D 12 00 00 B5 79 98 56 82 32 35 4B E9 B2 37 85 29 E4 B3 DA 47 90 96 48 D9 AA 43 3D F8 55 15 11
    Extensions:
    server_name www.voodooshield.com
    elliptic_curves secp384r1 [0x18], secp256r1 [0x17]
    ec_point_formats uncompressed [0x0]
    extended_master_secret empty
    renegotiation_info 00
    Ciphers:
    [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0035] TLS_RSA_AES_256_SHA
    [002F] TLS_RSA_AES_128_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA

    Compression:
    [00] NO_COMPRESSION

    However I still get the "no internet connection" pop up from VS. All I can say is that if I could reinstall VS v3.47 - it worked. I rolled back to 3.47 after the problem first surfaced in 3.48. Not really sure if it could be a problem at my end or a problem with VS. However since 3.47 works what is the difference in the way that 3.48 and 3.50 checks for an internet connection?
    Logs show an established connection at least once.

    2017-01-02 13:02:04, , C:\Program Files\VoodooShield\VoodooShieldService.exe, TCP, 192.168.1.64, 1133, 23.64.171.27, http, ESTABLISHED, a23-64-171-27.deploy.static.akamaitechnologies.com, 3324

    2017-01-02 13:02:04, , C:\Program Files\VoodooShield\VoodooShield.exe, TCP, 127.0.0.1, 1127, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:02:04, , C:\Program Files\VoodooShield\VoodooShield.exe, UDP, 0.0.0.0, 64603, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:03:52, , C:\Program Files\VoodooShield\VoodooShield.exe, TCP, 127.0.0.1, 1127, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:03:52, , C:\Program Files\VoodooShield\VoodooShield.exe, UDP, 0.0.0.0, 64603, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:01, , C:\Program Files\VoodooShield\VoodooShield.exe, TCP, 127.0.0.1, 1127, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:01, , C:\Program Files\VoodooShield\VoodooShield.exe, UDP, 0.0.0.0, 64603, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:30, , C:\Program Files\VoodooShield\VoodooShield.exe, TCP, 127.0.0.1, 1127, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:30, , C:\Program Files\VoodooShield\VoodooShield.exe, UDP, 0.0.0.0, 64603, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:33, , C:\Program Files\VoodooShield\VoodooShield.exe, TCP, 127.0.0.1, 1127, N/A, N/A, LISTEN, , 3760
    2017-01-02 13:04:33, , C:\Program Files\VoodooShield\VoodooShield.exe, UDP, 0.0.0.0, 64603, N/A, N/A, LISTEN, , 3760
     
    Last edited: Jan 2, 2017
  25. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    172
    Location:
    London UK
    Success.

    VS internet connection 4.jpg

    The problem must be caused by some change in VoodooShield with regards to domains that are used. I disabled my Hosts file and VS works. The problem I now have is how to figure out what changed after v3.47. Maybe some sort of tracking was added? I can't figure out which hosts file entry I need to edit. Does anyone have a list of all domains used by VoodooShield?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.