VoodooShield/Cyberlock

Untick Advanced>Notify me after ... ? Or is that not the setting you mean?

 

This is what I have set and it works fine for me.

 

He said he already changed it but popup keeps nagging.

 

It does for me after the 25 minutes that I have set but not before is which I would expect.

 

The above is an extract from the VS website where it explains what happens when VS toggles to OFF Mode (Unlocked). It states that the computer is NOT protected in this mode.

My understanding is that when the computer is unlocked, VS is still protecting it and is essentially running in AUTOPILOT mode.(I can see no reference to AUTOPILOT mode on the website which may require updating to reflect the changes).

If my understanding is correct, then surely it would be better to use the word AUTO, rather than OFF, when VS toggles to unlocked to avoid any confusion. This aspect has been mentioned before in this thread. I think Dan rather left it to us to decide what was best but there was never a proper consensus. I am merely mentioning this again as I noticed the website and believe that there is still quite a bit of confusion about this.
My belief is that the GUI shield should only say OFF when the computer is not protected, such as when it is in Training or Disabled/Install modes.

 

I think that refers to when you left click the shield gadget or tray icon which disables VS for installing or updating programs.

 

It clearly starts by saying that "VS will toggle between ON and OFF depending on whether you are at risk or not". As I said, when it toggles to OFF, my understanding is that the computer is still protected (as it is in AUTO mode) but I stand to be corrected on this.
EDIT Also the shield shows OFF when it has been deactivated after x minutes of system idle. If the computer is then not protected, then I guess I have been labouring under a misapprehension about this aspect but I doubt I am the only one.

 

OFF can also mean, VS is running in Smart Mode and no Webapp is running.
Would be confusing if the user can see AUTO on the Shield while VS is in Smart Mode.

 

IMO the mere fact that this issue keeps reappearing means Dan needs to somehow make the shield more clear what 'state' VS is in, via wording, colours, or both - and some suggestions have already been made here.

 

I think Off means Off, meaning VS isn't protecting you. It won't protect you because there's nothing to protect you from. In other words, you are not at risk. Just as what Dan said, you'll only be protected when you're at risk.

If VS turns Off (not the disabled option), it is my belief that all things are allowed to run without any checks, thus expanding your whitelist.

 

Not quite. Installers will still be scanned in Smart Mode off.

 

G'day all - the problem with working for your daily bread is it's a necessary evil. As opposed to being remunerated for doing something you would otherwise have done for free because it's so much fun. Fortunately I enjoy my occupation...

Anyway, I have a problem with VS. In Win7 HP SP1 I have Admin, in which all (un)installs are performed, together with sundry security sweeps and backups. And there are 3 User accounts, for family privacy, all of which have the same basic set of applications, including security. There may (or may not) be a Guest account. Desktop philosophy is different on all accounts, from Aero to Classic and I have Classic Menu on my user account--if it's important.

The problem is that we do a lot of User-switching, and VS does not reliably show on a non-primary desktop. I have aired this with Dan some time ago on VS Help, but I figured I should also seek forum help. My primary mode of switching is a shortcut invoking %windir%\System32\tsdiscon.exe, giving a single mouse-click convenience factor. I have enforced secure logon, so we still get to use the three-finger salute.

FWIW, VoodooShield.exe only shows in the primary (first opened) account, never in a switched account. This is unlike most (all?) other auto-start processes which happily load instances in each different user-space. VoodooShield Service shows on all accounts, but in the N/A group.

 

If VS is OFF in Smart Mode, the computer is not at risk, but files will be scanned (see Custom Folders)
If you start a WebApp, your computer is at risk and VS is switching to ON (the LOCK is ON)

 

Hi Dan - I'm trying to be thoughtful on this subject, but--alas!--it seems to admit only binary thinking. Yes I found the illustrated checklist helpful, but then realised it showed only three of my four browsers, and none of my other web-facing apps. Following your sage advice in your reply to my email, I now have only 4 web-facing apps, my browsers. K-Meleon had to be filled in from the browse box, but that's no hardship. My email client, Gammadyne Clyton, was eliminated due to it's inherent security policies--I routinely drop all HTML from incoming mail, it only neuters one conversation which I don't need anyway--and Clyton itself polices scripts, so it now has nothing to do.

I trhink my main reaction to thoughts of adding new apps to the page was "Can we fit this on the screen?"

Not Quite Off-Topic... Many email clients have a "preview" setting. I wonder how many people realise that the "preview" actually OPENS the missive, and all scripts can run in the "preview" that could run in the "properly opened" message? The biggest email security improvement one can make is the switch OFF the preview function: an un-opened letter cannot spray you with (digital) anthrax! I discovered this many many years ago in the days of Netscape Communicator, but OE was a frequent offender. End Rant.

 

My understanding is that VS is truly OFF ie: disconnected, when in Disable/Install mode and the tray icon is dark gray with an X in the middle. To look at it "toggle" from OFF(inactive) to ON, have an idle machine and then launch a browser. I still think the red shield color suggesting one kind of OFF is a little confusing. I also found that the less you fiddle around with it, the better off you are. The software is pretty smart already.

 

My understanding of this whole on/off/auto/training/smart/always on/disable/install mode situation... with the confusion it seems to create is this...

When I first installed VS I too was a little confused by all these different settings and pretty much from day one I saw no good reason for the training mode or the disable and install mode, because I like software to be as automatic and with as little user interaction as possible. Therefore why would I want to go clicking to enter training or disable mode and then have to enable again later if all I need to do when installing a new program is to simply let autopilot do its thing and then just carry on with no worries.

I honestly don't see the point of these training and install modes but that's just me. I can understand some people may want to test lots of different programs in a session so maybe it's useful then, but then again surely to allow autopilot decide, which is the point of VS to do its work, with the occasional allow with 1 click on a popup that has some reason due to a false positive or similar is still so easy to do.

So for me autopilot is all I see as needed and wouldn't be concerned if all the other modes were removed to take away the confusion having them seems to create.

If I am seeing this totally wrong then I will have to think again.

 

Thanks mood - those quotes from Dan remind me where I got my "Auto" understanding from. Dan is saying that when VS has toggled to OFF, any new non-whitelisted files are still scanned before they are automatically allowed. This sounds very much like AutoPilot mode to me and indicates why toggled OFF should IMO be differentiated from true OFF ie Training mode or Disable/Install mode.

 

It gets worse. Many of my programs have no signature, and that includes system files from Microsoft. Classic Start Menu (not verified) IvoSoft; all my FujiXerox (not verified) printer support software; Lotus SmartCenter Release 9.5 (not verified) Lotus Development Corporation; HID client for GlidePoint touchpads. (not verified) Cirque Corporation... and that's just the auto-start population. Jasc PaintShop Pro 6.02 seems to be unsigned/not verified... I ain't upgrading because in many cases I would actually lose functionality, either through the learning curve (GIMP which also didn't recognise the TWAIN interface) or because the needed functionality is no longer implemented (eg: IconEdit32, Ziff-Davis).

VS has managed to whitelist these, but every so often an app will be run in conjunction with a browser, then VS has a good look at it and is less than happy. SuRun is a constant victim for some reason, and DropBox Updater until I worked out how to tell VS it was safe to trust.

I think I'm not alone in hanging on to legacy software that simply works, but generates all sorts of issues when scanned by current security systems.

But I'll tell youse one thing. VS is heaps better than overzealous AVs that pounce on an app in a random scan and force you to place that app in the Exclusion Zone for the next few months until you are sure the AV company has found it harmless and allows it to resume a normal life.

 

[01-31-2017 10:39:54] [INFO ] - Blocked: c:\windows\temp\~un01f2f25fa\i01f49df9c.exe
[01-31-2017 10:39:54] [INFO ] - Process allowed by User Clicking Allow or Install: c:\windows\temp\~un01f2f25fa\i01f49df9c.exe
[01-31-2017 10:39:54] [INFO ] - Allowed: i01f49df9c.exe, c:\windows\temp\~un01f2f25fa\i01f49df9c.exe
[01-31-2017 10:39:55] [INFO ] - Allowed: unchecky_svc.exe, c:\program files (x86)\unchecky\bin\unchecky_svc.exe
[01-31-2017 10:39:55] [INFO ] - Process allowed by Allowed Program Files: c:\program files (x86)\unchecky\bin\unchecky_svc.exe
[01-31-2017 10:39:56] [INFO ] - Process allowed by Parent Process: c:\program files (x86)\unchecky\bin\unchecky_bg.exe
[01-31-2017 10:39:56] [INFO ] - Process allowed by Auto Allowed Script: c:\program files (x86)\unchecky\bin\unchecky_bg.exe

Here is an extract from my VS logs earlier today. The mode is ALWAYS ON but at that time I was away from the computer and VS would have "Automatically deactivated after 10 minutes of system idle". In other words it was showing OFF.

Clearly Unchecky (an already white-listed program) was automatically updating at this time as the logs show. The interesting entry is highlighted in red.This was in fact done automatically and I would have had no idea that it had updated had I not checked the User Log from the Settings Menu.

I think that this clearly demonstrates what mood said earlier with his quotes from Dan's previous posts - namely that even when toggled to OFF, files will still be scanned and automatically allowed to run if deemed clean. (It not clear to me if the windows temp file that was initially blocked and then allowed to run in the same split second, was scanned or just auto-allowed).

I think I am gaining a better understanding of how VS actually works and am posting this example in case it is of assistance to others.

 

These options can also have an effect if VS is OFF:
[X] Automatically run file after scan if threat is not detected when VoodooShield if OFF in Smart or Always ON mode
[X] Trust the blacklist scan false positive detection and auto allow files not detected as unsafe by VoodooAi in all modes

If the LOCK is OFF, it can be expected that software is being installed in the background (but if a threat is found, the installation is prevented)
To have no "unexpected" installations, some settings can be disabled or leave VS in Always ON Mode to keep the LOCK ON.

 

Stays on with this setting, you probably know about.