Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.
What is ERP again?
Cool, well, if you guys decide either way, please let me know, it is a 5 minute fix. And if that one issue comes back, please let me know (maybe it was an old version of VS??). Thank you!
No Virus Thanks EXE Radar Pro .
In one moment great minds thought alike.
A few things I keep forgetting to mention…
1. If anyone is on the fence about VoodooAi’s effectiveness or relevance, please watch the video in my signature again, and count the number of times the user prompt started with the phrase “Threat detected by VoodooAi”, and not “X/58 threats detected by Blacklist and VoodooAi”.
Hopefully everyone understands the significance of this. When combined, blacklist and VoodooAi are an amazing combo. And honestly, false positives for common apps are pretty darn low. Having said that, we can always tweak it and make it better... especially once we have access better training data sets (clean and malicious files).
2. I actually think this whole Next-Gen AV thing is a great thing for VS…
My prediction? In 4-6 months, everyone is going to realize that NG AV is not as effective as traditional AV solutions, simply because Ai should not be used as a primary protection mechanism, and as a result:
a. Finally figure out that there is no such thing as a silver bullet in the security industry
And / Or
b. Patch their end points by using a locking technology instead of a filtering technology
3. I am still laughing that the Results text file for the recent Cylance test was encrypted by ransomware during the test (it was on the desktop).
It is time to take a break for now... thank you guys for all of your help, talk to you soon!
Yes, I'll let you know. It happened when I first started or restarted the machine. Maybe it was the card reader taking it's time to be seen by Windows? I just don't know.
@all - Do we want or need VS to show USB on the badge whenever a USB drive is inserted or are we happy with how it works now?
Good thing I wasn't drinking anything.
I personally hide the shield and have the notification tray icon stay persistent. No difference for me in terms of the badge, however I do think it would be helpful if it did inform you of a USB plugged in or something in a different way (not sure how as it's not a necessity).
I also hide the badge, relying instead on the brief flash to tell me when VS loads at startup. How about another flyout to warn you about USB, like the one the scanner uses to tell you it only scans exe files?
I have Patch My PC auto set to look for updates at 7 every evening. In Smart Mode, when updating Foxit Reader, VS went off big time - there must have been about 5/6 prompts. I have now set VS to auto. Will I stay get a load of prompts? If I let VS block (in auto) will it keep blocking every time Foxit tries to update? I have the pro licence but haven't changed anything.
With Pro, I believe you can whitelist. Otherwise, it will continue to prompt it in Smart Mode. Autopilot is AI-based, so I'm guessing it'll depend on the file/version.
Also depends on what the prompts are for. For example, if the prompt is for cmd line usage, it will always prompt you for something like that.
and anyway I like to play with all these softs ... of course it is overkill (see primary machine sig!), but no issues here (yet).
And redundancy isn't always bad, think of backups .
or Paul and you just like to play
I will say though that if I had to run only one anti-exe, it would be VS based on effectiveness plus ease of use. And the dev support here of course!
I am having similar problems.
If I shut down web apps it turns blue (running smart mode). Plugging in a USB stick and no change to the icon. If I restart Slimjet it remain blue even when clicking on a link. After sometime it will turn red. I am using Sandboxie so that might be changing things.
I went to VS settings and go VS to Auto Detect and it found a few things which I add but don't know if they should be - see screenshot.
ERP starts very early, right after you have logged in and before the regular desktop (explorer.exe) is displayed.
The service of ERP (ERPSvc.exe / Parent Process: services.exe) is launching the executable EXERadar.exe and the start-time of this service (and application) is earlier than the desktop (explorer.exe)
This also applies to HMP.A.
That's the reason, why these applications are always one of the first programs. And it can happen that you can see a user prompt from ERP before the regular desktop (after logging in) is displayed.
Other applications via autorun are started later (the Parent Process of these processes: explorer.exe), while your desktop is loading.
VS (VoodooShield.exe) is in this category. And it needs some time to load the driver, so there is a delay until you have full protection.
I don't think so. The start-time of VS is later (see above)
Aha! some applications choose to be run as a service Thanks!
I have installed VoodooShield for the first time, after removing HMPA. (i must say, there are no problems with HMPA, and the license is coming to end). I just wanted to have another software to back it up my Eset AV + Smartscreen. So, trying this. Hope everything goes well
Though, i was watching one of the youtube videos, which i got picked up from your site..
And i am not sure, if i understood correctly, but i see there were some remnants left in temp folder @18:28 sec, after the test...
So, does that mean these test samples did bypassed the security software's mentioned in the video.
RE: In addition, VS has many, many features that automatically and safely build the whitelist (for example, auto allowing by parent process and temporarily auto allowing by the previously allowed digital signature), which reduces the frequency of annoying, unnecessary and dangerous affirmative user prompts (that require a user response)
You were saying that some users were annoyed by prompts. Personally I like them and prefer to know what is happening on my system. I guess many users are familiar with "Set and forget" type AV's that never bother the user at all with making decisions.
Anyway it occurs to me that if a list existing files on a user's machine that will automatically be blocked and scanned by VS in various modes could be generated with options to permanently exclude specific files from being blocked/ scanned even though the files are located in blocked paths/ folders it could make VS a lot more user friendly. I know the whitelist, user log and command line utilities combined options might achieve the same thing but most users would find it tricky.
I know it's not the same thing exactly but here is an example:
Also maybe a reset all settings to default option could be included in the event that a user needs a clean start.
Q: Curious, is there any significance to Ai, lower case i vs AI, upper case I
for example VoodooAi vs VoodooAI
Personally love both those suggestions
is this the setting you are looking for?
I did notice clicking on the reset button did not set to the white listing default on setup mode.
unless always on is on at install.
Today I have installed VS 3.50 on my Windows 8.1 x64.
When I use my browser, Slimjet 32-bit, and open a new tab. its CPU usage shoots up from around 4% with 15-20 tabs open, to 50%+ and remains there for a good 10 seconds - this does not happen with my secondary installed browsers, FF and Chrome.
VS is set on Auopilot, but the same happens if I set it to Always On,
My security apps are HMP.Alert and ERP
I have searched this thread to no use, how can I solve the problem?