VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,396
    Location:
    Ontario, Canada
    Well it should tell you that you need to reboot before you can open any other apps!

    EDIT: Sorry if you kill one of VS's processes via Task Manger it will ask you to reboot before you can open other apps which is normal now.

    2017-03-20_15-39-26.png

    2017-03-20_15-39-51.png
     
    Last edited: Mar 20, 2017
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    OK exit Voodoo and reboot to see if it locks up computer?
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,396
    Location:
    Ontario, Canada
    I edited my post above and no lock ups what so ever on both points.
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    OK now I understand but is that what Peter did? used task manager of did he do it they way I do when installing a new program .Always click tray icon and exit.
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,396
    Location:
    Ontario, Canada
    I don't know, but I'm sure he will tell us more.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,222
    Honestly I am not sure what I did, but I had a locked computer and couldn't do anything without a reboot. It may be a bug, but it's a dangerous design either way.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,222
    I didn't do a normal exit, not sure what I did. At any rate locking the application fine, locking the computer NOPE What ever I did was with the alert, and I don't think there was any notice about rebooting. I just a machine that was frozen.
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    OK Peter when Dan is not so busy maybe he will explain. Although I think he did explain his new protection locks entire computer so when a program trys to shut down Voodoo , Voodoo lock entire computer down.
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,396
    Location:
    Ontario, Canada
    If it's not to late can you send Dan your logs if you still have them?
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,222
    Unfortunately I don't have them. Since I had a breather but wasn't sure I was out the water, I just did a quick uninstall, waited to the coast was clear and installed 3.53. Candidly I was leary enough I never left 3.53 on the other machine.
     
  11. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    489
    Location:
    The Netherlands
    Today there was update KB4015438 for Windows 10. Initially it failed.
    I had to set VoodooShield in install mode before I could successfully install this update.
    Is this normal behavior for 3.55 beta 2 ?
    Never had to do this with previous versions.
     
    Last edited: Mar 20, 2017
  12. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    General thought:
    Those who have no issues must be wondering how such extreme occurrences could happen, quite understandable.
    Twice 3.55 did not executed at all during startup/reboot in conjunction to: refer my post #14849 and subsequent ones.
    That left me feel exposed. (Freaked out actually)
    If such a program like VS are for the masses, I'm with Peter on this one.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,739
    Location:
    Among the gum trees
    Me too.
     
  14. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    G'day.

    Feels good not to be alone. For a while, due to lack of bugs reports on this thread I felt I was wacko o_O
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,739
    Location:
    Among the gum trees
    Yeah, I haven't felt comfortable with any of the new builds which included the self defence module. I've tried 'em all but keep going back to stable and reliable 3.53.
     
  16. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,689
    Location:
    Canada
    Also back to V3.53. This afternoon a Driver from VS would not start and the program closed by itself.
     
  17. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    "VS 3,53 rules!" he he
    I have no doubt Dan will get it right.
    "Forza Dan" (":)Keep going Dan")
     
  18. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,901
    Something like this:
    ERP_Self-defense.png
    I think, adding such an option would be a good idea.
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,413
    I just shutdown VS from the tray icon, "exit" button. I thought that "self-protection", meant that I would get some kind of warning, like 'are you sure yo want to terminate VS', but I didn't. Maybe, I am not understanding what is meant by self-protection.
     
  20. Achelous

    Achelous Registered Member

    Joined:
    Mar 20, 2017
    Posts:
    10
    Location:
    UK
    +1.

    We also need to remember that many other factors come into play in terms of self-defense, it should not all evolve around protecting the processes (VoodoShield.exe and VoodoShieldService.exe). For example, the device driver (vsscanner.sys) is vulnerable because it can be unloaded (stop and delete the service) and then the process monitoring will not continue without the user being notified - bear in mind that I tested this myself, there was absolutely nothing to try and stop me from doing this.

    Overall, process protection is just the start of it, and there is no point in them taking the self-defense mechanisms further until they've done a proper implementation of process protection. The current is hardly sufficient at all (in my opinion at least), due to the inconvenience of locking down the system, and because the processes are not actually "protected" from termination... If you will.

    I do understand that this whole self-defense approach is new and all experimental, I look forward to seeing the implementations for the stable release.
     
  21. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,080
    Location:
    Da mean streets of Brooklyn
    Just got a sneaky little Windows kb 4015438, getting used to these. As I restarted, oops, left VS enabled. But, the update went very quickly, finished installing in about 1 minute. That, at least, is reassuring!
     
  22. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    788
    Thank you for the reply.:)

    The strange thing is It seems to be running fine today after logging on. :eek:

    Anyway I have forwarded the dev service logs to support for the attention of Dan.
     
  23. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    You are welcome.
    Most of the bugs I experienced where randomly happening too.
    We should not forget that Dan asked the community to trying it out and send feedback,
    3.55 is not a stable version.
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,008
    Location:
    Europe then Asia
    Exactly, and how many average users ( VS target market) will know (or even care) to analyze and differentiate malwares behaviors from normal file behavior in those kind of sandboxes? almost none.
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,535
    Location:
    The etherlands
    I think there has been some 'scope creep'. I have never used the sandbox feature. I think Dan tries to please everyone, but I guess he wouldn't add something he doesn't deem desirable at least ...