VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. danielson

    danielson Registered Member

    Joined:
    May 15, 2017
    Posts:
    20
    Location:
    AR
    Thank you for the clarification shmu26!
    VS is all new to me - but after running the free version, it seems to be just as you say.
    Reminds me of WinPatrol but, better i would say.
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Nice to meet you... your account is ready, please check your email!
     
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Okay, we are now on the same page.

    Earlier you said "How important that may be is up to users, but every other security program I use is compatible with SBIE." VoodooShield is 100% compatible with SBIE, but you need to uncheck the Parent Process option in settings for it to work the way you want it to. If the "other security programs" that you use had a similar Automatically Allow by Parent Process option, it would need to be unchecked as well... but they do not have this option.

    VS has a lot of usability features that safely allows items that should not be blocked, and the whole point is to reduce the number of dangerous affirmative user prompts as much as possible... and after implementing these usability features, we have reduced the number of user prompts by well over 50%. The funny thing is... I plan to add even more usability options in the near future.

    I could easily change the SBIE right click "Run Sandboxed" option so that VS blocks it... but that would make almost as much sense as Sandboxie sandboxing a file when a user right clicks and selects "VoodooShield Scan", right? Thank you!
     
  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hey Esse, sorry it took me so long to respond. There will always be "false positives", there is no way around it except for implementing a global whitelist. I have posted several spreadsheets of VoodooAi's data on here, and it clearly demonstrates that our false positive level is acceptable. I will be posting another in a couple more days.

    We could also "trim the Ai a bit", but if we do, there will be infections... there is no way around it. ML/Ai in general does extremely well with common, well developed executables... but not as well with lesser known executables that do not follow proper procedures. But as a trade off, it does extremely well with detecting zero days.
     
  5. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I was concerned for a moment, (yes I have been following this lol )
    But Dan, I see your point especially your last paragraph, after all of the above hit and miss in the conversation.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    HI Dan

    Fair enough. I'll re test it
     
  7. singularity

    singularity Registered Member

    Joined:
    Mar 6, 2014
    Posts:
    76
    Location:
    India
    Sand
    SB works for me with VS!
     
  8. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    817
    Location:
    Melbourne, Australia
    Dan, this applies to CFW as well?
     
  9. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,458
    I just tried it,
    I ran firefox in Comodo sandbox, and downloaded something. When I ran the downloaded installer, VS was silent, even after disabling "allow by parent process"
     
  10. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    I'm curious. When you say VS was silent, does that include nothing being entered into the User Log?
     
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,458
    The only possibly related thing I see in the user log is that Windows smartscreen executed.
     
  12. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    @VoodooShield
    I guess my idea wasn't so good, no replies so far :p
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    How did you test it to confirm that.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Never mind. I did a retest, and confirm indeed VS is working when the exe is sandboxed.
     
  15. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    683
    Location:
    Canada
    Pete was that with smart (default) or "Always On" mode ? Seems like I can get to work with the "Always On" mode when .exe is Sandboxed.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    only way I run is always on.
     
  17. danielson

    danielson Registered Member

    Joined:
    May 15, 2017
    Posts:
    20
    Location:
    AR
    We're good, thank you! :)
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,458
    Maybe that is why VS didn't work for me in Comodo sandbox? I had VS on alert mode.
    But I can't test Comodo again, because I don't have that security config available now.
     
  19. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    683
    Location:
    Canada
    Can't comment as I don't use Comodo. The "sandboxed" I was referring to was Sandboxie.
     
  20. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    414
    Thx Dan,
    What I meant was if it is useful for the Ai that we answer the pop-ups of the false positives, instead of running VS in install mode.
    Will it "learn" so to speak?

    /E
     
  21. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Thats a good question, and if Dan doesn't mind I would like to tell you that your input does have some bearing
    on the AI learning, but it more helps shape it to your needs a tailoring so to speak, does that make sense ? I hope it does. PeAcE
     
  22. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    We know it's not true AI in that sense brother, but in a fashion it fits the bill.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I'm not sure, but it looks like they are talking about it below, so I guess we will see ;).
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you for the idea! I am not sure what we are going to do for sure, but this will help me! Sorry if I missed some of the other posts as well... I cannot keep up anymore ;).
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you for letting me know!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.