VoodooShield/Cyberlock

Do both have internet access?

 

Different Command Lines on each system would be my guess.

 

So what do I have to remove from my whitelist to make it work right?

I did a super clean install of voodoo didn't even restore my settings and the LNK was blocked once and then never again.

Mine does, presumably the other person's does too.

 

So can anyone tell me why voodoo would block something on one system, but not others?

 

Sounds like a question for support@voodooshield.com.

 

Correct!

 

Well he referred me here. I think because here there'd be a wider variety of VMs with different setups

Has anyone here ever tested voodoo on a system that already has a bunch of stuff allowed in the local whitelist?

Things like all the executable files of open office marked as vulnerable and web apps

Discord marked as a vulnerable and web app.

all the EXEs of steam and all the installed games from it marked as web and vulnerable apps.

And then once you set up a VM with those protected by voodoo, run every kind of file-less malware you can find. including LNK files and office document files, PDFs, every kind of sneaky file like that and let me...and more importantly Dan of voodoo shield know about the results. For me, voodoo stopped blocking malicious LNK files once a good number of things were on the local whitelist

and voodoo in my tests stopped blocking malicious DOC files once swriter was allowed in the local whitelist

 

I can't be of any help as I haven't used VS in a while and never test, use VM, etc.

 

I stopped using voodoo. Ever since Dan implemented the contextual engine it wasn't as good. And by what I've experienced, if the local whitelist already has certain command lines allowed for legit applications, voodoo won't block any command lines that call upon the same system files....some of the time.

If the old engine that wasn't contextual was still being used, those command lines would've been blocked until allowed by the user.

Blocking legitimate applications is inevitable with whitelisting. And sometimes certain security software isn't good to mix with it. That's to be expected

The whole point of a whitelisting application is to block first and figure out what it is whenever you need something to run. I can understand making it appeal to the average user by making it allow more things, but if it's at the cost of compromising even a little tiny bit of security then the whitelisting application isn't really a true whitelisting application.

I would like to see a test of voodoo on a system that already has a lot of stuff allowed in the local whitelist. CMD based command lines, conhost based command lines, powershell based command lines, every kind of command line you can think of as long as it's meant to allow legitimate software to run.

So far all the tests I've seen of voodoo were on totally clean installs with nothing allowed in voodoo's whitelist. Oh...and I've also noticed that my VPN will connect and swap proxies a lot faster now.

 

@GrDukeMalden Maybe give cruelsister some suggestions on the other security forum (mal.) about what you think would maybe get VS off the rail. She likes to toy with security software and find ways to smuggle stuff around them.

 

So it turns out...I was wrong about voodoo. But by all means, test it in a machine that has lots of legitimate applications allowed on it.

Test it against all manner of file-less malware, DLL injections, all kinds of non-EXE typed stuff. I don't know if there's any flaws in voodoo, but the only way to find out is to test it regularly

 

Come on Dan, Steam skyrimlauncher.exe got flagged...even in "relaxed" mode. Huh.

 

By mail from @VoodooShield VoodooShield 7.42 announced:

 

Thanks, Gandalf_The_Grey! Installed my Windows 11 drive just for this update. Got some other stuff for Windows Insiders and Firefox to boot. All installed perfectly.

 

Hi all

Dan has postet some new Infos about Voodooshield on malwaretips forum see this link

(10) Update - VoodooShield 7.0 | Page 25 | MalwareTips Forums

With best Regards
Mops21

 

Yes, I saw that. OK so he's going thru with the name change. Well, the one that sounds best and most relevant to me is: cyberlock.online b/c that's when VS is needed. Simple.

Prob. he'll go with something else.

 

I dont recommend to post domain names in public, because some ones can register them easily. For business or for being a evil...

 

That looks pretty good. At least he's easing into the name change--it kind of reassures me at least, b/c I've become such a fan of this software (again).

OK, so CyberLock/CybeLock.global ii is.

I'll install my Windows 11 drive in a bit to see how it works out on here. Don't expect any issues.

 

Working very well! https://cyberlock.global/

 

Are most people installing over top of 7.42 or are most of you uninstalling VS and installing Cyberlock?

 

Well, I installed my Windows 11 drive and downloaded the latest 7.43 from the official website. I used HiBit Uninstaller to remove VoodooShield 7.42 and denied VS uninstaller and HiBit to remove my settings and whatnot (in other words: kept all my settings). It took maybe one second and I was registered as a result--there was no need to update any license key or anything. The UI looks basically the same, with "CyberLock" and the VS shield in the upper left side. Painless!

Very good--I'm all set now.

 

According to @VoodooShield :

Personally, I uninstalled VoodooShield first and then installed CyberLock.