VoodooShield/Cyberlock

There is a standalone portable version of Voodooai, although at this time, Dan is working on version 2, and it is not accessible until ready.

 

How about a portable version of VS as well?

 

@VoodooShield

FYI - I am also doing testing for Deeparmor and it appears that when VS is not behaving nice when using both products. It takes forever to open webpage etc. Once I close of of the two applications ,things go smooth again

 

hehehe .

What the hell? First War Games, then Night Ranger... are you guys playing a joke on me? . That was my favorite band when I had my 20 .

 

Sorry, I forgot to answer the question . No, there is no possible way to ever have a portable version of VS, for many, many reasons.

 

Dan,

Is there going to be Standalone Realtime VAi?

And Yes, its not a joke

 

We have an old stand alone Ai product, but that was simply a demo. If you want my honest opinion... Ai should NEVER be used ALONE to determine the maliciousness of a file. The way Ai is implemented into VS works extremely well, and we should probably not fix something that is not broken .

 

Ai alone is totally pointless.... that is why I get REALLY upset with the "Nex Gen" "companies" who suggest that everyone should replace their AV with their solution. It is totally crazy. Ai certainly has its place, and it can be phenomenal with certain things, like detecting zero days... but to replace traditional AV, and create a stand alone version of VoodooAi.... it is not possible, mathematically .

 

Now things have kinda settled down.........

We would see any new options, features, etc.... soon........

 

VS doesn't need new options, it is a anti-exe with reputation mechanism. It has all its needs, and i personally think it has already some useless features. Dan knows what i meant
More features, more works, more bugs introduced and finally wasted time.

 

Exactly!

 

I too know what you mean by useless features & wish were not there

Options, I meant custom vulnerable processes i.e enable/disable individual vulnerable processes, etc.......

 

Well I was thinking to use it as a second opinion engine, I think there is a market share for it.

 

For me, the Cuckoo Sandbox. It isn't a sandbox like Sandboxie or similar, it is a analysis sandbox, and only advanced users/experts are skilled enough to determine if a file/process seems suspicious.
VS is meant for beginners, so they won't need it, and most don't even grasp the concept of a sandbox.

Damn, ERP infected you all...If you want ERP features , use ERP, don't ask another product to replicate it.
VS doesn't need a customizable Vulnerable Process list , you have the whitelist + "Ai" + VT + several mode/options that gives same results.

 

I think Dans' mission is to make VS as user friendly as he can so that even those who aren't computer savvy are not overwhelmed by radio buttons and options, and good on him for doing so.

 

+1

+1

-1. Yes it's eminently suitable for beginners, but it's also an expert user's dream: no fiddling needed and works OotB. (Like Cobbler from Sven Faw. Which, if you don't have it, get it. Sorry mods )

I do have a wish-list on VS, two items only, and they're related: Multi-User, and User Profiles. IMHO these are essential in most home boxes, so WIfe and Off-Spring can enjoy hassle-free whatever they do, Guest cannot fiddle with the knobs, and Myself and Admin can keep a closer eye on what VS is actually doing under the hood. For example, given that SuRun is whitelisted, why does VS give me an alert in SMART mode? And which Dropbox.exe is being pinged, and why?

 

i don't say the opposite of course but VS was initially made to help beginners on their "choice dilemma" with UAC , it is what Dan told me at v1.

No need because true security geeks don't have families (just kidding), yep your suggestions are interesting, never thought of it.

 

Killed because they found out secrets?

 

It was there in initial version 3 releases. Later was removed. Dan had mentioned something like the option would be back in a better & improved way.

It was a useful option for me to set VS on my family system. I use to disable vulnerable processes monitoring as they (users) use to block & break the stuffs. Other layered protection were there to take care of vulnerable processes.

 

Hey CS, reguarding: https://malwaretips.com/threads/so-i-did-test-all-free-av-and-was-surprised.70756/page-6#post-621554

For the files you are curious about, the "Blacklist Scan" was busy, so it returned an unknown... we have a limited "Blacklist Scan" account so we can only analyze so many files at a time.

Before even testing the files, I immediately noticed that there was a lot of of greyware, duplicates and signed files in this malware pack, so I increased the User Prompt display time to 7 (I usually use 3), in hopes of avoiding as many unknowns as possible. Obviously, there will always be some true unknowns. I would have increased the User Prompt time to 20 seconds or so, and retested, but that would have taken forever... the video was already 1 hour and 44 minutes long.

This is also why I mentioned "There were also a handful of clean files that were not known to the blacklist, but they were created and signed by Auslogics, so these were clean files as well, but VS blocks unknown files by default, even in AutoPilot mode." I could have gone into extreme detail, but I figured this was sufficient.

Hopefully this makes sense... if not, please let me know, thank you!

On kind of a side note... I hope every understands that VS does not, understandably, have the same access to the "Blacklist Scan" that the other engines that are a part of the "Blacklist Scan" have. Hopefully one day we will be part of the "Blacklist Scan", and then we will have the same access as everyone else. Sure, VoodooAi models are more aggressive than the other engines, and has slightly higher false positives, but when you combine the two, in the exact way that I integrated them, as you can see, the results are pretty freaking cool. I would be more than happy to share this with the security community... I actually offered VoodooAi to the "Blacklist Scan" months before any of the other ML/Ai engines did.

Edit: In all fairness, I have been saying that the Blacklist Scan and VoodooAi is an amazing combo for a very, very long time. I have also been saying that when you test enough files, it is apparent that VoodooAi does not have a false positive problem. I have also been trying to explain how VS is extremely user-friendly to computer novices... they "get VS" right away .

 

Hi Dan! This just shows that both you and I had WAY too much time on our hands this morning!

I personally despise "malware" packs such as these as there is just so much junk (like Chinese adware without autostart functionality, valid apps with adware options, uTorrent variants, legit Webroot System Analyzer files, etc.). The assumption is that ALL the files contained within are malicious and any product not detecting all will fail. This is certainly far, far from the truth as a great many are totally innocuous. Malware packs should always be verified for High and Noble purposes like trashing a system and throwing the user into the depths of despair.

Anyway, when I wrote the post you referenced above I either did not see or was too lazy to watch your video. But at default VS allowed all of the 20 different WR files (which it should have as they were not malicious). I did notice one thing about VS that has escaped my notice in the past- as I clicked all the WebRoot files like an animal I overwhelmed the Cloud functionality of VS. So when the Cloud was at the limit I was unable to run any further file for a few seconds until it came back on line. This is really, really clever and impressed me.

So although VS at default would have done an excellent job, I understand why you increased the sensitivity. However users should note that at default although the detection rate of the crap in this pack would have suffered the system would have remained secure.

ps- you are going to have a looooong wait for BlackCipher.

Meghan

 

Your portable Voodooai is far from pointless. It could be said yes, that it is constantly learning, as it comes across samples and legit files? Well if many of your followers or anyone reading this here were willing/able to run this portable version in a VM and help "feed" it so to say, this would only make the product better as time goes correct?

Agree completely, and something I have tried to mention numerous times in the past. The number of samples means nothing if they are not legit, and verified not only to be whole "non corrupted" but working also, and of course in the wild matters as well.

LOL , thanks for the unique "cruelsister" mental imagery

 

Hey Meghan, how funny . I know what you mean, there are always weird files in malware packs... maybe I will start a website called "TESTmyAE.com"... I can also pre-screen the samples to make sure VoodooAi does not miss any, but the other products do . I will get right on that as soon as we receive our long awaited CIA money.

Thank you, I appreciate that, yeah, there are a couple different "limits"... the one you experienced is in VS itself, and the purpose of it is to try to avoid the "Blacklist Scan" limit (VoodooAi does not have a limit), but it is difficult to synchronize the two. I actually did not change the sensitivity... I only changed the number of seconds that the User Prompt was displayed before it made an auto decision... this was an attempt to make sure that every single file was analyzed by the Blacklist Scan and VoodooAi, and it worked for the most part, but there probably would have been 5-10 or so more files (Auslogics and others) that were actually clean, that would have been auto allowed.

As you know, there were A LOT of greyware files and PUP's in this malware pack, and this is fine, but this should be made very clear, so people understand why some products did not do as well with these samples.

I guess really the whole point of VoodooAi is to try to detect obviously clean samples, and block everything else... as opposed to trying to detect malicious ones, like standard AV's. This is probably why VoodooAi works so well with VS.

That's funny about BlackCipher... I was probably a little too hard on them, and I feel a little bit bad for it, but really, if the products that they represent have issues with standard malware, why pick on other products for obscure vulnerabilities? It is something akin to worrying that you left the water running when your house is on fire. Although, I must say, they seem to be rather talented at finding vulnerabilities in various AV products. I was quite sure that they would not be able to bypass VS with a powershell attack because of the video below. It is not the same attack, but it is similar enough that I did not feel the need to worry to much about it. But who knows, they might find something... it would be really cool if they did!

https://www.youtube.com/watch?v=smaQasrxrxM

Thank you CS!!!

 

Yeah, most novices and average home users will probably never need Cuckoo... but it is going to be really cool for SMB and enterprise users. When a non-whitelisted file is blocked, if they click Allow, the file will be automatically uploaded to Cuckoo, and the admins will receive a notification in the dashboard when the analysis is complete, so they can either allow the file for the user, the group or system wide.

Having said that... I would like to be able to find a way to make that option more user-friendly to home users, especially with the RDP session. The whole idea being... it would be similar to the way other sandboxes run files sandboxed, except the file would execute on the remote server... and they can see for themselves what happens to the computer when they allow the file... in real time. It pretty much works this way already, but I can see where it would be confusing for novices and average users. If anyone has any suggestions on how we can make this more user-friendly, please let me know!

Also, I agree with the other posts... we are not going to be adding tons of new features... we want to keep VS as simple as possible. Besides, I am tired VS of being in a continuous beta test, and it is nice that it is finally stable . We will be adding several small usability tweaks... for example, with command line handling.

Thank you guys!

 

Yeah, I agree... as a second opinion scanner, and hopefully I will be able to finish up VoodooAi 2.0 standalone soon. I am just saying that a system should not be protected by ML/Ai alone. And yeah, it would certainly help with the training data sets, thank you!