VoodooShield/Cyberlock

Thanks...

I ran the newer installer, but I had a "Groundhog Day" experience.

But, this time I noticed the Webroot WSA had played a part. So, I think I am OK, for now.

 

You great software devs are in this together to fight
this crap..I also know about profits and all but
Fabian and Magnus and now you along side others
do really good by us all and those two are tops in the business!!

 

Tarnak I got the same blockage by webroot and did not know until
a little investigating, once allowed all went smooth

 

Hi Gordon,

I didn't notice any popup from WSA the first time, but the second attempt I caught it...but it disappeared pretty quickly.

 

Thank you for letting me know that WSA is detecting startvs.exe as a virus. It has a digital signature, so I am surprised that it detected it as a threat!

 

Thank you, I really appreciate that! I would love for someone to put the hackers out of business! To me there is nothing more frustrating than fighting viruses.

 

Just an aside, before running the newer installer, I did delete this directory.

I now, have a newer directory created in root C: drive....It looks a lot different!

 

Oh yeah, sorry, I was going to respond to that earlier, but I forgot. I think that directory is created by the .net installer. I know VS does not create that directory if .net is already installed... it only creates the C:\Program Files on installation. After it launches then it creates the VS AppData directories.

I am sure that it is safe to recycle if it will let you. Does it let you?

 

I thought it was strange that when I ran the installer again, that it wouldn't say that I need .NET 3.5, before I had finally I gotten it installed. But, it did...so I had to go through the "ordeal" all over again.

Not sure, what you mean by "recycle". Do you mean delete that directory, that I mentioned?

 

Hmm, that is odd too. Basically the installer checks to see if .net 3.5 is installed, and if it is not, then it prompts the user to install it. So maybe it wasn't installed all the way or something, it is hard to say.

Oh, it is just best for me to say Recycle instead of Delete if there is any doubt whatsoever .

 

BTW, here is another example of the confusing issue with the kill method, this might explain it better.

1. Reset VS's Whitelist and User Log
2. Put VS into Training Mode
3. Make sure VS and another AE is running
4. Launch a non whitelisted app
5. The other AE will block it and ask if you want to run it
6. Choose block
7. Look at VS's User Log... the process is allowed.

I am certainly not picking on other AE's, I think they are all great and offer phenomenal protection, and each has it's own niche. But this is extremely odd. The only way VS could possibly detect and allow a process is if it was ran for at least 1ms.

Anyway, I am certain there is a reason for this, I just do not know what it is. And I do realize that we need to test a non whitelisted app that executes repeatedly, since this affects the race conditions.

 

it makes sense to me and some time also compabities(issues)

 

Version .NET 3.5 doesn't show in my system...strange, because your program is installed, now.

 

So it does make sense to you that the app is whitelisted? I would think that if it used the kill method that did not allow for any kind of code execution, VS would not be able to detect and allow it. I must be missing something, or it could be compatibility issues, as you were saying.

 

Hmmm, very odd. So all that is listed is 1.0, 1.1, and 2.0? .net can be weird at times.

 

That's for sure!

 

Hi Tarnak and Gordon,

I never received any pop-ups or Blockages so it could be your WSA settings, but yes it's normal for VS to be Monitored as it's been changing the past week or so but when the final comes out I will Submit the MD5's to Webroot Support to get them whitelisted and startvs.exe is already whitelisted automatically in my processes.

Daniel



And make sure these 2 are unchecked. If you want more adjustments to the settings just let me know!

 

Thanks Daniel....I have just unchecked that setting.

 

I updated my post!

Daniel

 

The "Behavior Shield" setting was unchecked. Thanks.

 

I don't have WSA installed on my Laptop, but it probably detected it by reputation. WSA weighs several factors with it's heuristics detection, and if an application also has not been seen before or only seen by a small number of users it is more likely to cause a false positive. That setting can be adjusted. I can't remember exactly what the module is called. I have not been able to use WSA in a while. They take care of false positives really quick. I have submitted many over the years. I was Prevx user before version 1 was even released.

 

Ok, here is 1.25... Please do not find any bugs!!! But if you do please let me know .

https://voodooshield.com/freeoffer/Install VoodooShield.1.25.exe

Fixed the left click deactivation not working.

The Shield activating with the browser took a hit on the speed when I fixed the left click deactivation not working, but I think it is still pretty fast. I just really liked it when it would activated WAY before the browser actually launched. I will see what I can do.

Moved the UI all the way to the front of the code, so hopefully that issue is fixed.

And I think the random message "VoodooShield is OFF and you are NOT PROTECTED!" "Would you like Activate VoodooShield?" is fixed.

If you guys cannot find anything, I will release it sometime tomorrow!

The CMD issue is still top priority, believe it or not!

This version will prompt you to update, but please do not! It would install a previous version if you did!

Thank you!

 

BTW, has anyone come up with any new ideas for names yet?

 

1.25 is working well here and also to clarify Webroot is not detecting it as Malicious just unknown .

Some legitimate files are not included in this log
c:\users\daniel\downloads\install voodooshield.1.25.exe [MD5: B21C370ED1B3C34E137D819FA23BFE87] [Flags: 00081001.9383]
c:\program files\voodooshield\voodooshield.exe [MD5: 8080831D5159BB7C99A8BCE5D32DA3B6] [Flags: 10081001.9385]
c:\program files\voodooshield\vsup.exe [MD5: 569F597AF273982C132A74183D80B664] [Flags: 00081001.9384]

Good. [G]

[G] c:\program files\voodooshield\unins000.exe [MD5: 68A5B1324BEF34E90CED35B33026F04F] [Flags: 40000000.61]
[G] c:\program files\voodooshield\startvs.exe [MD5: 524E232B55BDD1F7AEE3E4F36CEC0FE0] [Flags: 00111000.9175]

Thanks,

Daniel

 

Did you have to allow the code to run in order for it to kill VS or did VS fail to block it all together?