VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    What is ERP again?
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, well, if you guys decide either way, please let me know, it is a 5 minute fix. And if that one issue comes back, please let me know (maybe it was an old version of VS??). Thank you!
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    No Virus Thanks EXE Radar Pro ;).
     
  4. Alkajak

    Alkajak Registered Member

    Joined:
    Mar 6, 2016
    Posts:
    125
  5. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    835
    Location:
    Melbourne, Australia
  6. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    835
    Location:
    Melbourne, Australia
    In one moment great minds thought alike.
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    A few things I keep forgetting to mention…

    1. If anyone is on the fence about VoodooAi’s effectiveness or relevance, please watch the video in my signature again, and count the number of times the user prompt started with the phrase “Threat detected by VoodooAi”, and not “X/58 threats detected by Blacklist and VoodooAi”.

    Hopefully everyone understands the significance of this. When combined, blacklist and VoodooAi are an amazing combo. And honestly, false positives for common apps are pretty darn low. Having said that, we can always tweak it and make it better... especially once we have access better training data sets (clean and malicious files).

    2. I actually think this whole Next-Gen AV thing is a great thing for VS…

    My prediction? In 4-6 months, everyone is going to realize that NG AV is not as effective as traditional AV solutions, simply because Ai should not be used as a primary protection mechanism, and as a result:

    a. Finally figure out that there is no such thing as a silver bullet in the security industry

    And / Or

    b. Patch their end points by using a locking technology instead of a filtering technology


    3. I am still laughing that the Results text file for the recent Cylance test was encrypted by ransomware during the test (it was on the desktop).

    It is time to take a break for now... thank you guys for all of your help, talk to you soon!
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,268
    Location:
    Among the gum trees
    Yes, I'll let you know. It happened when I first started or restarted the machine. Maybe it was the card reader taking it's time to be seen by Windows? I just don't know.

    Thanks.

    @all - Do we want or need VS to show USB on the badge whenever a USB drive is inserted or are we happy with how it works now?
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Good thing I wasn't drinking anything. :)
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,059
    Location:
    .
  11. Alkajak

    Alkajak Registered Member

    Joined:
    Mar 6, 2016
    Posts:
    125
    I personally hide the shield and have the notification tray icon stay persistent. No difference for me in terms of the badge, however I do think it would be helpful if it did inform you of a USB plugged in or something in a different way (not sure how as it's not a necessity).
     
  12. plat1098

    plat1098 Guest

    I also hide the badge, relying instead on the brief flash to tell me when VS loads at startup. How about another flyout to warn you about USB, like the one the scanner uses to tell you it only scans exe files?
     
  13. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    835
    Location:
    Melbourne, Australia
    I have Patch My PC auto set to look for updates at 7 every evening. In Smart Mode, when updating Foxit Reader, VS went off big time - there must have been about 5/6 prompts. I have now set VS to auto. Will I stay get a load of prompts? If I let VS block (in auto) will it keep blocking every time Foxit tries to update? I have the pro licence but haven't changed anything.
     
  14. Alkajak

    Alkajak Registered Member

    Joined:
    Mar 6, 2016
    Posts:
    125
    With Pro, I believe you can whitelist. Otherwise, it will continue to prompt it in Smart Mode. Autopilot is AI-based, so I'm guessing it'll depend on the file/version.

    Also depends on what the prompts are for. For example, if the prompt is for cmd line usage, it will always prompt you for something like that.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,413
    Location:
    Under a bushel ...
    :thumb: and anyway I like to play with all these softs ... of course it is overkill (see primary machine sig!), but no issues here (yet).
    And redundancy isn't always bad, think of backups ;).
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,413
    Location:
    Under a bushel ...
    or Paul and you just like to play :)
    I will say though that if I had to run only one anti-exe, it would be VS based on effectiveness plus ease of use. And the dev support here of course!
     
  17. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I am having similar problems.

    If I shut down web apps it turns blue (running smart mode). Plugging in a USB stick and no change to the icon. If I restart Slimjet it remain blue even when clicking on a link. After sometime it will turn red. I am using Sandboxie so that might be changing things.

    I went to VS settings and go VS to Auto Detect and it found a few things which I add but don't know if they should be - see screenshot.
     

    Attached Files:

  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,682
    ERP starts very early, right after you have logged in and before the regular desktop (explorer.exe) is displayed.
    Why?
    The service of ERP (ERPSvc.exe / Parent Process: services.exe) is launching the executable EXERadar.exe and the start-time of this service (and application) is earlier than the desktop (explorer.exe)
    This also applies to HMP.A.
    That's the reason, why these applications are always one of the first programs. And it can happen that you can see a user prompt from ERP before the regular desktop (after logging in) is displayed.

    Other applications via autorun are started later (the Parent Process of these processes: explorer.exe), while your desktop is loading.
    VS (VoodooShield.exe) is in this category. And it needs some time to load the driver, so there is a delay until you have full protection.
    I don't think so. The start-time of VS is later (see above)
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,059
    Location:
    .
    Aha! some applications choose to be run as a service Thanks!
     
    Last edited: Jan 15, 2017
  20. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    I have installed VoodooShield for the first time, after removing HMPA. (i must say, there are no problems with HMPA, and the license is coming to end). I just wanted to have another software to back it up my Eset AV + Smartscreen. So, trying this. Hope everything goes well :)

    Though, i was watching one of the youtube videos, which i got picked up from your site..
    And i am not sure, if i understood correctly, but i see there were some remnants left in temp folder @18:28 sec, after the test...
    So, does that mean these test samples did bypassed the security software's mentioned in the video.
     
  21. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    171
    Location:
    London UK
    RE: In addition, VS has many, many features that automatically and safely build the whitelist (for example, auto allowing by parent process and temporarily auto allowing by the previously allowed digital signature), which reduces the frequency of annoying, unnecessary and dangerous affirmative user prompts (that require a user response)

    You were saying that some users were annoyed by prompts. Personally I like them and prefer to know what is happening on my system. I guess many users are familiar with "Set and forget" type AV's that never bother the user at all with making decisions.

    Anyway it occurs to me that if a list existing files on a user's machine that will automatically be blocked and scanned by VS in various modes could be generated with options to permanently exclude specific files from being blocked/ scanned even though the files are located in blocked paths/ folders it could make VS a lot more user friendly. I know the whitelist, user log and command line utilities combined options might achieve the same thing but most users would find it tricky.

    I know it's not the same thing exactly but here is an example:

    Exclude Files.jpg

    Also maybe a reset all settings to default option could be included in the event that a user needs a clean start.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,059
    Location:
    .
    Q: Curious, is there any significance to Ai, lower case i vs AI, upper case I
    for example VoodooAi vs VoodooAI
    Thanks
     
  23. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @Callender
    Personally love both those suggestions :thumb:
     
  24. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Callender

    is this the setting you are looking for?

    I did notice clicking on the reset button did not set to the white listing default on setup mode.
    unless always on is on at install.
     

    Attached Files:

  25. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    460
    Today I have installed VS 3.50 on my Windows 8.1 x64.
    When I use my browser, Slimjet 32-bit, and open a new tab. its CPU usage shoots up from around 4% with 15-20 tabs open, to 50%+ and remains there for a good 10 seconds - this does not happen with my secondary installed browsers, FF and Chrome.
    VS is set on Auopilot, but the same happens if I set it to Always On,
    My security apps are HMP.Alert and ERP
    I have searched this thread to no use, how can I solve the problem?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.