VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Especially that Virus total is owned by Google.:(
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,565
    Location:
    Among the gum trees
    Dan,

    VS didn't start when I started one of my machines today so I went looking in the logs. I couldn't find any [ERROR] entries that would give me a clue but I did find plenty of these:
    Code:
    [02-04-2017 10:33:43] [ERROR] - Not able to store the userlog
    Thanks,
    Krusty
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    You are not the only one. I have these entries too (and others: #14009, #14010, #14011)

    This "bug" will be fixed in the next version:
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,565
    Location:
    Among the gum trees
    Ah, I forgot about those posts. At least I'm in great company. :)

    Thanks as always, mood.
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    I've noticed this behavior before but today I decided to make a demonstrative video about my "issue" or it's an intended normal feature:

    For example leaving a youtube video running after a while, around 10 min., VS icon in blue will turn red. Then as soon as I get control over the mouse it turns back to blue, look at the end of the video.
    youtube.com/embed/NScoVullnMo
     
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,099
    Location:
    Ontario, Canada
    Just make changes here if you don't want it to deactivate:

    2017-02-05_13-38-15.png
     
  7. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Taking up space with repeated answers. Stated 7 posts ago (#14303) :rolleyes:
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    Lol, yes sometimes lazy to read posts back.

    Anyways, why would anyone want VS to deactivate after a period of time? Moreover, why is ticked by default?
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,099
    Location:
    Ontario, Canada
    It's not my problem if users don't know how VS works and they don't read this thread. Also it's not the same question but it happens to be the same answer! :gack:
     
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,099
    Location:
    Ontario, Canada
    It's the default option! But you can change it or use in ALWAYS ON mode.

    2017-02-05_14-51-20.png
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    I use VS in Autopilot Mode. My question, again, is why that box is ticked by default. It should be optional (un-ticked) out of the box.

    I mean who wants VS to deactivate after a period of time?

    This case:
    [​IMG]
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,099
    Location:
    Ontario, Canada
    Well it's not but as i said you can make changes and if you want just Untick and save! The reason is if you step away and and something tries to update like Windows Update then it will be aloud to the same with self updating apps like Adobe Flash/Java. But that's the way Dan has designed VS to be and again as I said feel free to make changes.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    Fair enough. Thank you for the infos.

    It's just a quite a bit strange seeing a security app doing this. No biggie, now I understand.
     
  14. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Even with always on mode, it will deactivate if that box is checked.
    So you have to uncheck it even with always mode.
     
  15. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,099
    Location:
    Ontario, Canada
    Listen I have been using VS since the beginning and I don't need a lesson on how to use it. Given as what I just said yes I know but wasn't thinking about it so deeply so chill Okay.
     
  16. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    Question re VS / VAi scan. I scanned a file purportedly published by MS, specifically, mshtml.dll, and the VS 3.50 scan calls it safe but says that it is NOT digitally signed, version 11.00.9600.18538. I vaguely know that MS certs are somehow different that other non-MS digitally signed files, and wondering if VS reports MS certs as a digitally signed file. One thing I see with this file is that it changes (can change) files sizes, so depending on who I send it to scan, it can come back with a different sha256 than I see on my win7x64, ie, it appears that some scanners only read the file name and version no. and just report back "clean" but with a different hash than I'm seeing here. somewhat perplexed :eek: BUT some scanners when I search my specific hash do find it and say it's the same file version even though it is 5mb larger, o_O other scanners report "unknown" or not found. (fearing that if I disable that file my win7 won't boot or kill internet or something awful).
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,565
    Location:
    Among the gum trees
    #14224

    I can appreciate how busy you are Mate, but that has to be close to the longest 2 or 3 days I've ever experienced. ;)
     
  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,006
    I had Windows 1511 (OS Build 10586.713) installed. Then, yesterday I saw this VS popup, which I hadn't a clue about, but I allowed
    because VoodooAI determined it was safe. Little did I know with this action, I set intrain the processes that ended up with my Surface Book being updated to Windows 1607 (OS Build 14393.447). Luckily, the update ended up being successful. Apparently, for some others, the update to a later version can be a failure.


    VS_unknown_reason for this_01.JPG
     
  19. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    157
    Location:
    West Oz
    Da. I have to actually remember to look in the Navy Blue for the file name, I'm still having a Big Think about visual design on this one. But Microsoft isn't very helpful, is it? Setuphost.exe?

    Did M$ give you a chance to not upgrade?
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,006
    Not really....The only other choice was to block, and then maybe I would have thwarted Windows updating.
     
  21. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    432
    Location:
    Mercia
    I can sympathise with you about Windows lack of clarity regarding the file but VS did it's job perfectly and determined that the file was safe. I don't have W10 installed but I gather that there are ways to defer W10 updates but that is off topic.
     
  22. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Good for you. I was directing the message to others not you in particular. Not my fault you can't take constructive criticism when you post something wrong by mistake (maybe?).
    Time for you to chill.
     
    Last edited: Feb 6, 2017
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,538
    on my windows 10 x64 machine I have that file in several locations.
    its size varies a lot
    it is unsigned

    microsoft does not digitally sign all windows files, so the lack of a signature is not a reason on its own to reject the file.
    does VS recommend to trust it?
    if so, I would rely on VS.
     
  24. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    Thanks shmu26. Yes, VS says safe and VT indirectly says it is safe, meaning I uploaded the file to VT and it reported clean but with wrong hash. I found the same file on another win7x64 so assume ok just not a "typical" file. (I found 16 mshtml.dll on hdd). What stuck me as odd was that this 1 file "morphs" into a larger size and different hash when it is run or inspected. But I don't know coding well enough to explain it better, it's like a decompression or injection(??). Eg, Beyond_Compare3 first shows the file as 19000 kb before loaded, but then when I open the hex code in BC3 to compare it with same file name in another directory, it expands to 25000 kb and changes hash, but always (so far) it morphs to the same hash, it morphs back and forth depending on how it is "inspected" or that's what it seems like. This system file was updated 12 Nov 2016 so don't really understand why MS does not sign it. compare post 14322 where VS reports an MS file as digitally signed and verified by MS. And the Kaspersky App Advisor (whitelist) also reports the file as ok, but does say the certificate for the source of the file, UpdatePack7R2-16.12.20.exe is not MS. :confused:o_O:eek: But perhaps drifting off topic for VS. If anyone is interested, I can send the hash of the "suspect" mshtml.dll (fwiw I have seen corporate spyware reported as clean on VT, so user would never know it was spyware unless user had reason to dig deeper).
     
  25. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,538
    there are zillions of dll files from Windows that are not signed. If you start worrying about them, you will never finish.

    Keep in mind that a dll file on its own is not going to bite you. It is not an executable.
    It needs a malware or an exploit to load it. Yes, it could be very malicious, but it can't get going without outside help.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.