VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,292
    VS shouldn't interrupt your machine start, VS is started after the user has logged in and i can see tray icons of HMP.A and ERP earlier than VS.
    After VoodooShield.exe has been started, the driver of VS (vsscanner.sys) gets loaded (a few seconds later), so there is an additional delay before the protection is fully active.
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Thanks Dan

    I will set back to 100% (Balanced)then.

    One thing I am seeing now is when I insert a USB stick it doesn't show on the desktop icon unless I double left click to turn it red then double click again to turn it back blue. then I see it on the icon.

    I will reboot later and see if it was fixed. running in Shadow mode at present.
     
    Last edited: Jan 14, 2017
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for your input! Yeah, I agree, but a lot of people really like Smart Mode, and a lot of people really like Always ON ;). So it would be difficult to eliminate one of them ;).

    For enterprise users, there will be a silent mode, especially since they hardly ever install new software... although they will always have to deal with updates (Adobe, etc.). But anyway the idea is when VS blocks an item in the enterprise, it will send the file to Cuckoo, then a couple of minutes later, the admin will receive the Cuckoo results (which contains the VT results), and the VoodooAi results. And the admins can either be notified through email or our new web console dashboard.

    Also keep in mind, the VoodooAi cloud database is not implemented yet... this will auto allow common files that are globally whitelisted... so these files will not be blocked at all (and so these files will not be sent to Cuckoo, and the admins will not be directly notified, but the info will be in the web console). Also, admins can also create whitelists specific for their company.
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Load time is not my question. Sorry, I'm not making my question understood.
    I'll try... Q: does VS include Boot-Time protection?. So that a VS User Prompt may have to be satisfied to allow boot-up, allow boot-sequence reaching Lock Screen or Desktop ?
    Thanks
     
    Last edited: Jan 14, 2017
  5. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you mood!
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Sure, thank you! Please let me know on the USB issue... I think it probably has to do with SD, but if not, please let me know. I do have to fix a little bug where the desktop shield gadget does not appear when using multiple accounts on the machine.

    Also, I noticed that you have Cylance Protect listed in your signature. About 6-7 months ago when Cylance was made available to the public, I recommended it on wilders. From what I remember, there were 3-4 users who purchased the product at least partially based on my recommendation.

    In light of the recent test, I realize that I made the incorrect recommendation, and if anyone who purchased the product based on my recommendation, is unhappy with the product, please let me know and we will reimburse you.
     
  7. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Not trying to be antagonistic, but just wondering what VS does (will do) that AppGuard, NVT ERP, a firewall and AV won't. I've been following this thread for quite some time and have seriously considered giving VS a try, but just trying to figure out if it's something I really need -- or if it's overkill?.
     
  8. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    432
    Location:
    Mercia
    VS is excellent at complementing your preferred AV and firewall. I have never used NVT ERP but you wouldn't need that as well as VS, since both are Anti--Execs. From what I have read VS is more user friendly than other anti-execs and I suspect you would like it if you gave it a try.
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It's totally cool... great question! I believe that every web connected device should be locked when it is at risk, and and in order to remain user-friendly enough for all computer users to enjoy the benefits of application whitelisting, the computer should not be locked when it is not at risk. Also, it is vital that the user is aware of the status of the lock at all times, and is able to quickly and easily disable the the lock when necessary. VS also provides file insight on blocked items, which helps the user determine whether they should allow a non-whitelisted item or not. In addition, VS has many, many features that automatically and safely build the whitelist (for example, auto allowing by parent process and temporarily auto allowing by the previously allowed digital signature), which reduces the frequency of annoying, unnecessary and dangerous affirmative user prompts (that require a user response).

    In short, if we are going to get serious about computer security and decide that it is vital that we start locking our devices (instead of relying on the current filters), we have to do our best to make the lock as user-friendly as possible.

    That is our focus, and I would not be upset at all if another software provider changed their focus to this as well... I have actually encouraged that several times on this thread ;).

    Edit: I almost forgot... VS's desktop shield gadget makes the user feel safe because they know their computer is locked.
     
    Last edited: Jan 14, 2017
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
  11. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Really appreciate the explanation. So if I were to use VS, would you say that also using AG and NVT ERP would just be redundant and no longer needed?
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    VoodooShield does not include Boot-Time protection?
    As far as I know appearance of any tray Icon is not necessarily an indicator of when protection starts.
    Guess, I've been thinking net connection while VS focus is web connection.
    My device makes net connection before desktop so I was thinking VS may throw User Prompt during start-up before desktop as I've observed with NVT ERP.
    My Bad. I have to think web not net.
    Thanks!
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Perhaps, VoodooShield User Guide will help http://www.voodooshield.com/Download/VoodooShieldUserGuide.pdf
    Great read, IMO. Thanks
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Dan

    out of shadow mode , rebooted, all other of my security apps shut down and still and not see in the USB on my shield in always on mode. I did reset the shield so I could move it around is all.

    if I have browser open in smart mode and shut down the browser, the shield remains blue untill I left click on it. when I insert a usb, it doesn't give the warning until I left click on shield to turn vs off then left click again and insert the usb then the notification shows up on shield.
     
    Last edited: Jan 14, 2017
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah... they are redundant. I would just try all three and see which one you like the most. The other two are really great products, and I am not just saying that ;).
     
  16. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm.... that must be the problem then, you must have a browser plugin that is hanging a web app.

    Please try this... do exactly what you did (if I have browser open in smart mode and shut down the browser, the shield remains blue untill I left click on it), and then go to VoodooShield Settings / Web Apps Tab... the hung browser (or email client) will be highlighted in yellow. Then find out what this web app is hanging... it is typically a bad browser plugin.

    Also, please keep in mind that the USB label will not show up if you already have a USB drive connected to the system and you reboot. The whole purpose of the USB label is to let the user know why VS toggled to ON... so it only displays the USB label when you insert a USB drive, and that is what caused VS to toggle to ON. Otherwise, if we had VS toggle to ON when a USB drive was plugged in all the time, VS would stay ON all the time. And as Kees pointed out a while back... what we are really trying to protect against is an autorun malware.

    I hope this all makes sense, if not please let me know, thank you!
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    ok Dan the highlighted item in web apps is IE. maybe AGuard is causing this? I will shut it down and see. IE turn yellow upon opening it no usb involved.

    EDIT: it is not adguard.
     
    Last edited: Jan 14, 2017
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Well I run VS, ERP and Appguard, and I don't consider them redundant. I'll leave Appguard, but why ERP and VS. Two reasons. First, it's a 2nd chance option. Something comes up and VS alerts and I allow, then go oops. ERP gives me a 2nd chance. I think that important. 2nd VS is a user friendly install where as ERP in alert mode will monitor every little thing and alert on it. I can see what is going on and block stuff I don't want. I've done that with Acronis install which are terrible. This is just me.
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    In Smart Mode if you plug a USB drive in while a web app is open, then close the web app VS stays On (blue) but doesn't display the USB on the shield.

    Thanks.
     
  20. Deckard

    Deckard Registered Member

    Joined:
    Dec 13, 2016
    Posts:
    46
    Location:
    France
    2560 x 1440 with a 124 Pixels Per Inch screen

    A screenshot of Alert Prompt with text on a webpage and desktop icons, nerby, to compare.

    VS-.png

    The logo VS, left to "VoodoShield Alert" is fuzzy, but also the rest (not really fuzzy; I will say "not super sharp").

    edit : Image quality attached not very probative, Dropbox link sent by PM
     
    Last edited: Jan 14, 2017
  21. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    For now, I would not even worry about the USB... I would figure out what is causing your browser to hang (like which plugin). Once that is fixed, then test the USB and see how it does. If I need to tweak something in the code, then we can. Thank you!
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Krusty... Yeah, that is by design, but we can change that if you guys think we should. Basically, the USB label is intended to indicate that it was inserting a USB when VS was OFF that toggled VS to ON. If a web app is already running, VS is already ON, so it was not the USB that toggled VS to ON... it was the web app (prior to inserting) the USB. But either way is cool with me... whatever makes the most sense to you guys, it is easy to change, thank you!
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you Deckard! Yeah, we can adjust the scaling... it is a good excuse to get a new monitor anyway, right? ;).
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, ERP and VS work really well together for something like this... especially if you are running malware tests or something, or if your name is Pete ;).
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    Hey Dan,

    I'm easy either way but I was trying to figure out why VS was blue on my new machine the other day because I forgot I had plugged in a flash drive.

    Before I replaced the HDD with an SSD VS would sometimes be blue and on with no drives connected. If I delayed VS start with Norton I didn't have that problem. I don't know what that was all about but after installing the SSD I don't have that issue now.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.