Recent Posts

Pages: [1] 2 3 ... 10
1
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by Tarnak on Today at 07:45:05 am »
These are the folders created in C:\Program Files\NVIDIA Corporation...  I hope they are OK.
Yeah, I am sure they are fine.  I am guessing that NVIDIA created a temporary executable, then deleted it for whatever reason.  Thank you!


I was monitoring Windows Updates, i.e. those automatically offered for December.  This process had started about 10 hours earlier, when I noticed that NVIDIA was updating, and I got this popup in VS. As you can see nothing informative to see, but I allowed it.

Maybe a clue to my unattended overnight crash the other day. Also have nvidia, and I think nvidia may have installed something when I wasn't looking based on opening revo_pro and noticing several nvidia apps I had not noticed before...  ???

@VoodooShield, @simmerskool

I checked in "Programs and Features", and it seems all is OK.  ;)





2
Malware Removal Tools / Re: Junkware Removal Tool (JRT)
« Last post by hayc59 on Today at 07:15:33 am »
Junkware Removal Tool to be discontinued

Malwarebytes has chosen to discontinue Junkware Removal Tool (JRT) by announcing the end of maintenance as of October 26, 2017.

While this is not an easy decision to make, we have determined that focusing on the continued evolution of our other award-winning security products is in the best interests of both Malwarebytes and our customers.

Note: This has no effect on subscriptions or licenses for any other Malwarebytes product.

What this means to you


Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.
3
Malware Removal Tools / Re: Junkware Removal Tool (JRT)
« Last post by Hardhead on Today at 07:15:17 am »
Junkware Removal Tool to be discontinued

Malwarebytes has chosen to discontinue Junkware Removal Tool (JRT) by announcing the end of maintenance as of October 26, 2017.

While this is not an easy decision to make, we have determined that focusing on the continued evolution of our other award-winning security products is in the best interests of both Malwarebytes and our customers.

Note: This has no effect on subscriptions or licenses for any other Malwarebytes product.


What this means to you

Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.

If you are using JRT, we recommend switching to Malwarebytes AdwCleaner version 7 or higher. It’s free and incorporates all major JRT functionalities.
4
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by simmerskool on Today at 07:08:49 am »
I was monitoring Windows Updates, i.e. those automatically offered for December.  This process had started about 10 hours earlier, when I noticed that NVIDIA was updating, and I got this popup in VS. As you can see nothing informative to see, but I allowed it.

Maybe a clue to my unattended overnight crash the other day. Also have nvidia, and I think nvidia may have installed something when I wasn't looking based on opening revo_pro and noticing several nvidia apps I had not noticed before...  ???
5
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by simmerskool on Today at 07:03:30 am »
I have been running Appguard along with VS forever with no issues. WE problem don't need both. Appguard is higher up on the food chain. By that is always reacts before VS. I will run them both together anyway.

yeah, I've run AG on and off for several years, and more recently continuously along with VS.  Dan suggested possible conflict in memory with AG...  :-\ (my gut tells me it's something else...  For the moment I've disabled AG and the last 2 or 3 crashes I've had with VS have been spaced very far apart, and like I mentioned shortly after & within a day of installing a new version of VS, but seems like those times also coincided with MS update push.  So infrequent, I don't really consider it a problem, other than it happened at least twice under same circumstances for no apparent or logged reason.

Dan, why not publish the hash for the installer, and also for voodooshield and voodooshieldservice once isntalled? Or does each pc's whitelist create a different hash??
You are running Comodo as well, right?  I wonder if anyone has had any luck running all three products together.  I will be curious to see what is causing this because the logs are not showing anything, and no one else has reported this issue.  If it continues, maybe you can send me a crash dump and I can take a look at it.

I am not sure what you mean by publish the hash... do you mean post the hash of the installer when I post a new version?  The hash will be the same for each file on every computer.  Thank you!

Yes, you are correct running comodo firewall 10 @ cruelsister, AG4 & VS 4.13b. Reference the VS overnight crash a couple days ago, that was extremely rare event, and both recent crashes were about a month apart and seemed to coincide with an install of a new beta version along with MS update push overnight while I was sleeping.  Otherwise and 99.999% of time those 3 are rock solid and seem not to conflict with each other at all.  If I was seeing crashes more often, sure could be conflict.  But once a month.  And I'll go weeks without a shutdown.  I did disable AG for about 36 hours, and then re-enabled it.  Everything's been rock solid except the the rare VS crash the other day.

hash, I mean eg sha1 for
InstallVoodooShield413beta.exe   4f9899e5d2c81d9b9507167c4224e4178437452b
VoodooShield.exe   cbe1ae31152d0ddf7f4be9577522ed713c69d46a
VoodooShieldService.exe   609de367da0e3b3ab70cbc728031fffc15c75cef

These are the sha1 hashes for those files after install of 4.13b running on my win7.  If you published the hashes on your end, then user would have a good idea that he got a clean untampered with file.  Many publishers do that.  Just wondering...  ;)

 
6
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by VoodooShield on Today at 06:57:43 am »
Very cool, great to see you here as well!  Hmmm, that is very odd.  If you look in your DeveloperLog.log, are there any entries with the word "Exception"?  If so, can you post the exception?  Thank you!

Here are the DeveloperLog "exceptions" from yesterday (12/13)

[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 10:20:26] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)
[12-13-2017 14:26:44] [ERROR] - Exception in GetSHA256c: The filename, directory name, or volume label syntax is incorrect.
[12-13-2017 14:26:57] [ERROR] - Exception in GetSHA256c: The filename, directory name, or volume label syntax is incorrect.
[12-13-2017 14:58:31] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 22:51:55] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)

Quote
Edit:  Also, are there any special settings other than default that you use that might help me reproduce this error?

Nothing very exciting. Unchecked "Deny by Default"; Sensitivity: 120%; one added web app (nitropdf).

Another question... I saw this in the Developer Log...

[12-14-2017 19:04:37] [INFO ] - Blacklisted Item allowed by parent process: c:\program files (x86)\sticky password\stpass.exe
[12-14-2017 19:04:37] [INFO ] - Process allowed by Allowed Program Files: c:\program files (x86)\sticky password\stpass.exe
[12-14-2017 19:04:38] [INFO ] - Blacklisted Item allowed by parent process: c:\program files (x86)\sticky password\stpass.exe

What's the "Blacklisted Item" thingy? I didn't do this. How can I see what is "blacklisted" on my system? I looked these up under User Log and found only Auto Allowed. So I don't understand the "blacklist" or the "allowed by parent" deal here.
Cool, thank you, I researched this error and it seems there are a couple of fixes.  Do you use a VPN, or is there a firewall that might be blocking VS's connection with the web?

Blacklisted items are basically items that should never be permanently whitelisted, such as cmd and powershell.  A few months ago I added whitelisting by parent process as well (in addition to process name, path, hash, etc.), so we might be able to remove the blacklist feature altogether.  Thank you!
7
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by VoodooShield on Today at 06:53:49 am »
These are the folders created in C:\Program Files\NVIDIA Corporation...  I hope they are OK.
Yeah, I am sure they are fine.  I am guessing that NVIDIA created a temporary executable, then deleted it for whatever reason.  Thank you!
8
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by Telos on Today at 12:18:20 am »
Very cool, great to see you here as well!  Hmmm, that is very odd.  If you look in your DeveloperLog.log, are there any entries with the word "Exception"?  If so, can you post the exception?  Thank you!

Here are the DeveloperLog "exceptions" from yesterday (12/13)

[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:31:34] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 07:37:20] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 10:20:26] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)
[12-13-2017 14:26:44] [ERROR] - Exception in GetSHA256c: The filename, directory name, or volume label syntax is incorrect.
[12-13-2017 14:26:57] [ERROR] - Exception in GetSHA256c: The filename, directory name, or volume label syntax is incorrect.
[12-13-2017 14:58:31] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 19:40:24] [ERROR] - Exception in RealtimeScanner_IsFileInVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
[12-13-2017 21:17:56] [ERROR] - Exception in NewProcessHandler_GetStatsFromVoodooAiSQLDatabase: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.).    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
[12-13-2017 22:51:55] [ERROR] - Exception in Main_Shown: File '' not found..    at Microsoft.VisualBasic.FileSystem.FileLen(String PathName)

Quote
Edit:  Also, are there any special settings other than default that you use that might help me reproduce this error?

Nothing very exciting. Unchecked "Deny by Default"; Sensitivity: 120%; one added web app (nitropdf).

Another question... I saw this in the Developer Log...

[12-14-2017 19:04:37] [INFO ] - Blacklisted Item allowed by parent process: c:\program files (x86)\sticky password\stpass.exe
[12-14-2017 19:04:37] [INFO ] - Process allowed by Allowed Program Files: c:\program files (x86)\sticky password\stpass.exe
[12-14-2017 19:04:38] [INFO ] - Blacklisted Item allowed by parent process: c:\program files (x86)\sticky password\stpass.exe

What's the "Blacklisted Item" thingy? I didn't do this. How can I see what is "blacklisted" on my system? I looked these up under User Log and found only Auto Allowed. So I don't understand the "blacklist" or the "allowed by parent" deal here.
9
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by Tarnak on Today at 12:16:26 am »
These are the folders created in C:\Program Files\NVIDIA Corporation...  I hope they are OK.



10
VoodooShield / Re: VoodooShield v4 Beta Discussion
« Last post by Tarnak on December 14, 2017, 11:58:16 pm »
I was monitoring Windows Updates, i.e. those automatically offered for December.  This process had started about 10 hours earlier, when I noticed that NVIDIA was updating, and I got this popup in VS. As you can see nothing informative to see, but I allowed it.





Pages: [1] 2 3 ... 10