VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. jmed

    jmed Registered Member

    Joined:
    May 21, 2017
    Posts:
    3
    Location:
    USA
    Just installed the Licensed version (courtesy of Dan & Wilders). I have used the free version for quite some time and never experienced any issues. Great product and developer!
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    +1. I too have a boatload of logs, from installing OTT, so will do a clean install next time.
    Where is the 'export settings' function?
     
  3. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    There isn't one. Simply...

    1. Close Voodooshield
    2. Copy all of the "*.dat" files in the folder c:\ProgramData\Voodooshield to temporary backup location
    3. Uninstall Voodooshield
    4. Delete the folder c:\ProgramData\Voodooshield
    5. Install Voodooshield
    6. Copy all of the "*.dat" files from the temporary backup location to c:\ProgramData\Voodooshield

    NB. If you want to do a fresh install, to only reset your whitelists, command lines etc, but still retain your gui settings, then only restore the settings.dat file at step 6. However, If you want to start completely afresh then don't restore any files.
     
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,852
    If you want to backup (and restore) your settings and the whitelist, you can do it with VS:
    Utility - Backup Settings to Desktop
    Utility - Backup Whitelist to Desktop

    If you copy the settings3.dat (Settings) or snapshot3.dat (Whitelist) to a different place or if you do it with VS, it is the same.
    But VS is not backup up the Userlog, Customfolders and Command-lines.

    If you want to have a backup of all *.dat-files (settings, command-lines, whitelist, etc.) i would do: #16226
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
  7. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    Go into utilities on Voodoo Shield and backup settings to desktop.:thumb:
     
  8. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    Is there any point in adding MS Office applications to Web Apps in VS?
    I am running VS + HMP.A.
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    There has been a lot of speculation how the various application whitelisting utilities handled EternalBlue and DoublePulsar as they wormed their way through networks.

    Instead of speculating, let's test and see!

    At first, I was just going to test VS, because there are a lot of people talking about how AE's are worthless against this type of attack, while conveniently forgetting that traditional security software allows for many more bypasses. But since I went through all of the work, I figured it would be a good idea to test the other AE's as well.

    If anyone would like to reproduce my test and post a video, please do!

    https://youtu.be/lLChVsNt1fY

    - Call me White Cipher ;).
     
  10. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, ALL of the office suites are hardwired in... but VS handles them differently then web apps, and they are covered.

    I will catch up on the other posts soon, sorry about that, talk to you guys soon!
     
  11. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I want to say so much, but it will get modded and loose it's magic, so all I will say is "F'n Awesome Dan ;) "
    The naysayers are nothing more than entertainment where I am concerned, but a stiff jab never hurts Dan to keep them honest lol :)
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Question. If I am understanding correctly then ERP and VS passed, but Appguard didn't?
     
  13. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you, I appreciate that! Actually, now that I am all set up to do the tests (which took like 6 hours), I might as well test tons of AV software as well... it only takes a few minutes to test other software. Besides, I think it would be cool to see how proactive these companies are... in the wake of a ransomware apocalypse ;). I mean... there should not be ANY that do not catch this threat a month from zero day.

    The other thing that kind of encouraged me to do this was the following article:

    https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/

    I was curious why the ESET prompt said "Network Threat Blocked / Web threat"... I was curious how they were doing that (sometimes it is good to monitor the testers) ;). Anyway, so I just now tested ESET, and it nailed the threat perfectly and showed the exact same prompt, so it did really well.

    I also just tested MB 3.0... and it did not do well.

    BTW, I discovered a small bug in VS... while VS stopped the attack... I never expected that a command line would match the path exactly, on a rundll32.exe block. It is hard to explain, and a super easy fix, and it will be fixed in the next version. Just thought I would mention that ;).

    Anyway... who knows, I might test a lot of products this weekend. Thank you!
     
  14. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Correct... in this test, ERP and VS remained uninfected.
     
  15. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I totally forgot to mention something very important. If this were a web based attack, VS would stop it in a heartbeat. But the more I thought about it... I kept questioning myself whether a lan based / worm attack would sneak past VS or not. I know the code extremely well, and I thought it would block a lan based / worn attack, but I was not sure. So instead of reviewing the code, I just tested it. It is much more efficient and telling ;).
     
  16. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    835
    Location:
    Melbourne, Australia
    How about Nastybrother?
     
  17. guest

    guest Guest

    That is obvious , Appguard wasn't made to protect against network attacks/abuse (@Lockdown said), however it will block the second stage of the attack.
     
  18. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hehehe, how is that nasty?
     
  19. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Lockdown is more than welcome to test as well. I will sell him a Kali license if he does not have one ;).
     
  20. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    If you want, I can do some nastier things after the machine is pwned for affect, but that is not my style.
     
  21. guest

    guest Guest

    He tried to find a decent sample, but couldn't.

    by the way his post :

    "AppGuard is not designed to block exploits per se; AppGuard is designed to block post-exploit system manipulation at various policy points."

    also , Appguard isn't anti-exe, it is SRP , so users of AG shouldn't use it at "default", but with policies adapted to the machine. It is why AG isn't made for the average user.
     
  22. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    BTW, none of the products were made to protect against network attacks/abuse. But we all must adapt.
     
  23. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I have a killer sample I can send him... I even created a script to make it super easy for new Kali users to be able to test.
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    I am not picking on any product... I am just tired of people wildly speculating one way or another. If we want to know the truth, it is simple, you just test.
     
  25. guest

    guest Guest

    he will surely appreciate.

    P.s: edited my previous post.

    i know, at least you did it properly with latest version.
    i waiting the next version of AG, lot of things were added/fixed.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.