VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    McAfee as the brand of Intel was already on Samsung smartphones in app called Smart Manager. The next step can be probably the effect of monetary successes of McAfee
    https://techcrunch.com/2017/04/03/intel-security-is-mcafee-again/
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, now that would be pretty cool! I agree with your thresholds... this scenario would work really, really well.

    I talked to Dani from XVirus recently, and they are wanting to add VoodooAi as another engine, and I imagine they will end up doing something similar to the scenario you suggested above. And actually, while I was working on the dll / API for Dani, I was thinking, we might as well just make this public, so that all of the security vendors can try it, to see how great of of fit with their engine it might be. I imagine it will work really well for most, but I doubt it works perfectly with every single engine. But the really cool thing... maybe a vendor is only interested in enhancing their zero day detection... so maybe they only flag a file if all three VoodooAi models are above 0.9500. Or maybe they are looking for safe files, and anything below 0.4000 is what they are looking for. So it is totally adjustable and can easily adapt to their needs.

    So I am going to offer a free version to devs like Dani and Kardo (Kardo, let me know if you are interested), or even some of the mid to large sized vendors who only want to do a VoodooAi analysis when their engine is extremely uncertain. So basically, we will limit the number of analysis in the free version to 4-6 per minute... isn't that about what VirusTotal does?

    Anyway, I think it will be really cool... and super easy for devs to implement.

    One thing is for sure... once we add a great global whitelist to VoodooAi, it is going to be amazing. And by great global whitelist, I mean a whitelist that is picky about what goes on it... we do not want any questionable items.
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    It's all good TH, I like Comodo ;).
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey ichito, how are you? Long time no see! Interesting article, thank you for posting that! Yeah, there are already security and AV apps on mobile devices... I just found it interesting that they did a deal that covered a lot of Samsung's smart devices all at once... it is a smart move. I just think that all devices should be "absolutely" locked when they are at risk (in addition to whatever other security measures they have in place). I have some very smart and connected people helping me try to make this happen, so we will see.

    BTW, here is the best part of the article: "The company is also reaching out to other defenders. In November, it open-sourced a messaging interface to allow different security products to communicate with each other — an effort to break down the silos between different enterprise cybersecurity products. “We have two choices: have technology work as islands or have technology work together,” Grobman said. “The ability to have good results with things working together is significantly more effective.”
     
    Last edited: May 10, 2017
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I agree
     
  6. ponde

    ponde Registered Member

    Joined:
    May 10, 2017
    Posts:
    2
    Location:
    Finland
    This is happening with almost every application with VS 3.53, VS 3.58 and VS 3.59. I fully uninstalled VS 3.59, rebooted and installed it again. I use it on Always ON mode. It does not show the allow button and there is nothing to click. Has anybody else seen this? My OS is Win 10 Pro x64.

    VS 3.53:
    http://imgur.com/jIbhTqy

    VS 3.58
    http://imgur.com/a/i6KfB

    VS 3.59
    http://imgur.com/qWBmVxF
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,281
    The "missing buttons"-issue has been fixed some time ago, but i guess this issue has appeared again :doubt:
     
  8. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    What version of Chrome are you using? I'm on 58 and my version of Software_Reporter_Tool is 18.102.0, which is newer than yours (17.9)
     
  9. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    171
    Location:
    London UK
    FYI: Latest version CIS Premium 10 does not have Defense+

    CIS 10.jpg

    I'm still using VoodooShield Pro (paid) alongside CIS though.

    Also FYI: CIS 10 offline installer only includes AV and Firewall and no extras.
     
  10. ponde

    ponde Registered Member

    Joined:
    May 10, 2017
    Posts:
    2
    Location:
    Finland
    Chrome is 58 also and I think that the Software_Reporter_Tools is old because it cant auto-update itself because of VS. I ran VS in training mode and it whitelisted the Reporter_Tool. However this is not just Chrome related, it is happening with a lot of other software too.
     
  11. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    314
    Location:
    Bulgaria
    That is not true. Defense+ include the HIPS, the Sandbox and the VirusScope and still exists in CIS 10.
     
  12. guest

    guest Guest

    Maybe he means that it's like if it were disable thanks to the sanbox or he doesn't know that defense+ is the hips
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmm, this is very odd, thank you for letting me know. Do you run VS with all of the default settings, or do you change some? Also, can you please send me your DeveloperLog.log in the c:\programdata\voodooshield folder? My email address is support at voodooshield.com.
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,523
    A really good global whitelist, and no questionable files / PUPs, are mutually exclusive concepts.

    Comodo has occasional mess-ups, where their cloud lookup mistakenly whitelists known malware, allowing it to fly past most of Comodo's defenses.

    Kaspersky is kind of weak when it comes to PUPs.

    Avast has the most extensive whitelist of all of 'em. You see it in action when you put Avast in hardened mode/aggressive, then Avast works on a default/deny basis, checking against the giant cloud whitelist. But no one knows what is on that list. If enough Avast users install an app, it gets whitelisted, unless it has clear malware-like qualities.
     
  15. guest

    guest Guest

    Microsoft without doubts, maybe Symantec/Noton, i guess since they are in the business since ages and widely used.
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,523
    Right, I forgot about Microsoft smartscreen. But I don't think it is selective enough for VoodooShield's purposes
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,356
    Location:
    Among the gum trees
    Not so great with PUPs /PUAs though.
     
  18. guest

    guest Guest

    PUP are not a serious to issues to me. They are mostly allowed by happy clickers.
     
  19. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    314
    Location:
    Bulgaria
    I would add Eset and Emsisoft as well.

    Edit: and maybe Panda. They have a huge list as well.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,979
    Earlier this evening, I opened Vivadi browser and was advised of a newer version. So , I allowed it to update.

    However, during the process I got two warnings from VS which I blocked each time because I didn't understand them. Anyway, by blocking these two VS warnings it didn't seem to have an adverse effect, since Vivaldi updated to a newer version. See following screenshots. Vivaldi_v1.9.818.49_01.JPG Vivaldi_v1.9.818.49_02.JPG Vivaldi_v1.9.818.49_04.JPG Vivaldi_v1.9.818.49_05.JPG Vivaldi_v1.9.818.49_08.JPG

     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,281
    To be sure that files are not in use, installers are terminating processes or stopping services before they are installing them.
    For example while installing of VS, it is using taskkill.exe to terminate the currently running instance:
    Code:
    CommandLine: "C:\Windows\System32\taskkill.exe" /f /im VoodooShield.exe
    CommandLine: "C:\Windows\System32\taskkill.exe" /f /im VoodooShieldService.exe
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,979
    I knew it wanted to stop something, but wasn't sure what processes. So, when in doubt, don't. So, I didn't allow.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,281
    Yeah, that's fine. If in doubt, block :thumb:
     
  24. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    896
    Location:
    USA
    Looking for some advice here, regarding whether VoodooShield would be a good solution to alert for silent installers running in the background? I have a few trusted applications that upgrade versions silently, which is cool, but that also worries me that I am not in control of the process.

    I have not tried VoodooShield yet, as I am mostly satisfied with my current security setup, with a good AV, Firewall, plus HitmanPro.Alert. :thumb:

    I don't generally download unsigned code, and regularly scan the hashes of all installed executables, startup programs, drivers, etc, with the VirusTotal site. So I already know what is running on my PC.

    But I think I would really like to know when a silent install is taking place. Thanks in advance for any input! :)
     
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,066
    Location:
    Ontario, Canada
    Yes is does very well!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.