VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    + 3 :thumb:
     
  2. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Reminder: VS thread ;)
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    I have been testing the recent Process Lasso version 9.0 betas, on my Surface Book [No longer for XP]. They have been coming through thick and fast. ;)

    However, VS popped an alert, which I wanted to allow, but I wasn't fast enough in allowing. So, Process Lasso shutdown. I restarted the application, and second time around, it was updated. So, all was good in the end.

    VS_Alert_ProcessLasso_01.JPG VS_Alert_ProcessLasso_02.JPG VS_Alert_ProcessLasso_03.JPG
     
  4. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Same here, had the "could be related to Cryptoguard" warning, set your message timeout higher.
    I set mine for 99sec, I figure after that long if I cant get there I deserve to go digging :p
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    Hi CyberGhost,

    I am not sure what you mean with the warning, "could be related to Cryptoguard", together with Process Lasso. I think I have my set for 20sec which is long enough. ;)
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,655
    Location:
    Among the gum trees
    I've disabled the 20 second countdown timer so I can see if something is blocked while I'm away from my machine.
     
  7. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I had to start Lasso 9.177.A manually after the update, VS blocked it, and it appears HMP.A did too.
    This being a VS thread I stuck to the VS related issue though.
    @Krusty
    Yeah I should do the same :)
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    Ok...I haven't tried HMP.A on the Surface Book. I think it would be overreach, considering the security I already have running on it. ;)
     
  9. mWave

    mWave Guest

    HMP.A is a great piece of software too, if I recall right they can detect hooks used by formgabbers implemented by malware such as Zeus to compromise the browser. :)

    I don't know of any AV which does this in real-time, Avast have GMER which they bought but it isn't real-time scanning for hooks in their products.
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    HMP.A is great software, and I still have it running on my desktop XP system, in one of my snapshots. But, it hasn't updated for awhile, at least on my system. :)
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    I know why VS popped an alert. See - Advisory: CryptoPrevent may interfere with updates - https://bitsum.com/product-update/advisory-cryptoprevent-may-interfere-with-updates/ At least, I think that is the reason. ;)
     
  12. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    157
    Location:
    West Oz
    +1

    I used to run CP, but with VS it isn't necessary, it's redundant. At least the earlier versions used "simple" permissions tech to lock up %appdata% locations, so any app at all that wanted to use those was disallowed. And it's surprising how many legit apps want to use local\temp for instals/updates, eg: EditPad, an otherwise excellent text editor. I wasn't prepared to make dozens of exceptions to the rule, so EditPad had to go :( And now CP is gone too.

    CP technology did work well, but Very Simply, VS is a better solution than CP.
     
  13. Izettso

    Izettso Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    38
    I believe it was a component of Kaspersky Internet Security that was causing the issue. It's an extension that was added during installation of Kaspersky, but I cannot actually disable it. Every time I disable it it turns itself on after the next Firefox restart.

    It's probably academic now, as I have decided to start using Opera as my main browser. At the same time, I decided to replace Kaspersky with Bitdefender, because Kasperky does not support Opera in the same way as it does for Firefox and Chrome.
     
  14. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,541
    Location:
    South Wales, UK
    Hi Tarnak

    Hope that you are well? I have also come across the CryptoPrevent may interfere with updates...happened once but since then no further issues. Strange thing is that I only installed CP as a trial for a couple of hours & then rolled back to a pre-install image...so not sure as to why CP shut be in the frame...unless itis because I still have the installer sat on disk somewhere.

    Anyway...as I said...happened once...got over it and it has not happened again.

    Regards, Baldrick
     
  15. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,149
    Dan,

    If I am correct, VAi Standalone version is going to be there...

    You know I like VAi & would love to use VAiS...

    Any ETA...?

    Thank You
    Regards
     
  16. mesaboogieman

    mesaboogieman Registered Member

    Joined:
    Aug 2, 2004
    Posts:
    52
    Location:
    UK
    Nope, tried putting VS in training mode and exploit warning still appears when printing from within 'Firefox' in Smart and Autopilot mode. The Epson file is reported by VS Ai as digitally valid but not verified by Epson.

    Anyone else had this issue?
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    I don't know why I got that VS alert when I tried updating Process Lasso in post #14583 - https://www.wilderssecurity.com/threads/voodooshield.313706/page-584#post-2655554 , because I don't run CryptoPrevent. Never have! I was only referencing a topic I found on the Bitsum website, in relation to PL updates possibly failing to install.
     
  18. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    146
    Location:
    London UK
    I had a similar issue which persists even after a clean install of VS. The solution might be to use the "Custom Folders" option

    https://www.wilderssecurity.com/threads/voodooshield.313706/page-556#post-2645065

    Unfortunately it's a question of whitelisting the entire folder rather than a particular file.

    I eventually decided not to whitelist the folder and instead add the file to the whitelist using whitlist editor.

    However those whitelist settings only work temporarily. If browser is closed and relaunched the whitelist setting is not obeyed.

    VoodooShield Whitelist.jpg

    VoodooShield Whitelist not obeyed.jpg

    I get the same result with Traing Mode or AutoPilot Mode. It makes no difference. The whitelist is only obeyed until the next browsing session.
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,761
    Hi Baldrick,

    I am well, and hope you are as well. :)

    However, you have misunderstood the reference to CryptoPrevent. I have never run CP on either my XP desktop, or Surface Book.

    I was pointing out in post #14583 - https://www.wilderssecurity.com/threads/voodooshield.313706/page-584#post-2655554 ,
    that a component of the Process Lasso installer had been blocked by VS I am getting beta updates frequently, for Process Lasso, and it was the first time I had gotten that alert from VS.
     
  20. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    649
    Yes, I know :)

    I installed VS and it is now back.
     
  21. mesaboogieman

    mesaboogieman Registered Member

    Joined:
    Aug 2, 2004
    Posts:
    52
    Location:
    UK
    Is the fact that VS does not remember these 'Allow' actions between browser sessions a bug in VS then? Can Dan please advise if this is the case and if so can it be fixed.
     
  22. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    No, it's no bug, at least for Tarnak and myself, these are Alpha versions of v9 so
    this is going to happen, if you weren't referring to Tarnak then please disregard ;)
     
    Last edited: Feb 26, 2017
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,818
    Location:
    Ontario, Canada
    I agree this is not a Whitelisted path: c:\portable apps or c:\users unless you allow under Custom Folders.

    2017-02-26_17-50-57.png
     
    Last edited: Feb 26, 2017
  24. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    :thumb:
     
  25. mesaboogieman

    mesaboogieman Registered Member

    Joined:
    Aug 2, 2004
    Posts:
    52
    Location:
    UK
    I don't think we are talking about the same issue. My problem is VS is not remembering my 'Allow' selection to a possible exploit warning when going into my Epson printer settings during different Firefox browser sessions.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.