VoodooShield/Cyberlock

Hmmm, very odd. Can you please block / analyze a file that does not show the correct digital signature, then exit out of VS and send me the DeveloperLog.log in the C:\ProgramData\VoodooShield folder?

Sorry I have been away for a couple of days... I will catch up asap, thank you guys!

 

It's cool, I would do what mekelek recommends below... thank you guys!

 

I updated from v3.55 to v3.59 over the top, yesterday. But, I noticed that the VS icon is back to appearing much later again at bootup.

 

Yes it does on one of my systems. VS does load up alot later when I boot up..now that you say that....after updating VS,

 

Hi Sherri,

I am not the only one that noticed.

 

Hi Tarnak,

I am always behind...LOL

 

No, it is me that is usually behind. See, it took me awhile to update from v3.55.

 

Oh really? Okay I give..you were really behind!

 

Now, I remember why it I decided to stick with v3.55 for so long. See my post from March 29, - #15473 -
https://www.wilderssecurity.com/threads/voodooshield.313706/page-619#post-2663679

 

Well have you lost self-protection feature by updating now? I missed that post I guess...

 

I think it went away with one of the updated versions after March 29, but it seems to be there still, in v3.59. At least that is my understanding of it.

Dan is forever making changes, so it can be hard to know what is the latest position.

 

Well you are right about! I still lag behind though and some things that go on here is out of my league.Still learning from all of you here.

 

I am just an old slowcoach... Certainly, no whippersnapper! But, always learning.

 

Ditto I am no whippersnapper either...always learning aren't we? At least we are protected...

 

Yes, I like to think I am protected. But, I just hasten slowly, these days. I am quick behind the wheel [still] when needs be.

 

That's good to hear you are quick when you need to be. Well I am feeling protected as long as I don't do anything dumb like opening an email attachment or something.. edited: We can never be 100% protected...

...see you a posting Tarnak!

 

not on my win7, up first!

 

Hi, I discovered that if I run the file from my desktop, VS behaves as expected.
The problem is only when I run it from my download folder, which is in a custom location, outside of user space.
I attached the log.

 

I think I have troubleshooted the problem, it had to do with Windows permissions. Although my user account did have full privileges to my download folder, it was not the owner of the folder. Now that I made myself the owner of the folder, Voodooshield seems able to read the digital sigs without a problem.

 

I was about to write something similar some moments ago, but you have already solved it

 

Feature request: ability to backup and restore command line list.
Perhaps it could be added to the existing utility for whitelist.

 

@roger_m

Regarding your post here: https://malwaretips.com/threads/so-i-did-test-all-free-av-and-was-surprised.70756/page-6#post-621933

I just wanted to confirm that our results matched almost perfectly.

www.voodooshield.com/artwork/MalpackResults.xlsx

You ended up finding 190 malicious files, and VoodooAi found 191.

There were 2 other files that were duplicates as well, and 33 were not executable, so we ended up with 289 total files.

There were a lot of PUP’s in this malpack, but as you can see, a lot of them were not malicious, even though a lot of them had high VT detection ratios… basically good PUP detection.

There were also a lot of files with high VoodooAi scores, and low VT detection ratios… most or all of these are malware... pretty bad malware.

 

Very cool, thank you guys (and everyone else)!

 

Sure, I can add that sometime soon. For now, you can just copy your commandlines3.dat from the C:\ProgramData\VoodooShield folder. Then when you want to restore it, just exit out of VS and paste it into that folder. Thank you!

I will catch up on the other posts asap, thank you guys!

 

It's good to see our results match up. Considering that antiviruses often do very badly at detecting PUPs, I just did it as really quick to test, as I thought it would be interesting to see how many of these files which were claimed to be malicious actually were.