Calendar of Updates

Official Support Forums => VoodooShield => Topic started by: Andi on January 02, 2018, 12:54:55 pm

Title: VoodooShield v4 STABLE Thread
Post by: Andi on January 02, 2018, 12:54:55 pm
We all waited this for a long time...
VoodooShield v4.15 STABLE release  :D

https://voodooshield.com/Download/InstallVoodooShield.exe (https://voodooshield.com/Download/InstallVoodooShield.exe)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 02, 2018, 01:35:54 pm
Congratulations to Dan for this major milestone.   :) :) :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 02, 2018, 02:43:55 pm
Hi guys after the upgrade from 3.59 to 4.15 the starting of programs takes more time than before for me. I ran my vivaldi browser sandboxed and starting with the new 4.15 version is about 10 seconds when it was with the 3.59 about 5. When i disable VS and then start Vivaldi its <5 seconds.
Didn't use a stopwatch but counting 20,21,22 seems enough to spot the 4+ extra seconds.
My cpu is a Intel 2500k+ with Win 7 prof and ssd. Since my security setup with sandboxie, Spyshelter and Appguard didn't change in the last 2+ weeks and the slowdown just occured after updating VS 3.59 to 4.15 i guess VS my problem.

Any tips would be nice.




Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on January 02, 2018, 05:51:51 pm
Geri123, VS 4 is a major upgrade with lots of changes and improvements. I would suggest to do a clean install of VS 4.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 02, 2018, 06:12:40 pm
Hi Geri,

My security on Windows 10 x64 F.C.U. is Win.Defender,VoodooShield,OSA and AdGuard.
My browser is Chrome and it starts in 2-3sec.

Try to narrow the problem and disable Appguard and then measure the startup of your browser. Then turn back Appguard and disable SpyShelter and measure again.
That way you will know what product is in conflict with Voodoo and then you decide if you want to remove one of them or try to adjust some settings.

Also:
Did you try some other browser?
Did you clean all browsing data?
Did you try open browser outside Sandboxie?

and yes, like @ya5hkh4n says: it is highly recommended that you first remove v3, delete any trace of data and then install v4

EDIT: Why do you have Voodoo sensitivity set on Paranoid???
Set it to Balanced!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 02, 2018, 08:24:37 pm
Thanks for the answers you both. I removed 3.59 and afterwards installed 4.15 still the same problem.

With Sandboxie:
I disabled Spyshelter and Appguard both (VS active) and still got a slow browser start. (Even when trying Slimjet browser)
I disabled Voodooshield and enabeled Spyshelter and Appguard and the browser starts fast again. Slimjetbrowser also fast start.

Outside of Sandboxie
Starting Vivaldi outside of Sandboxie with Spyshelter and Appguard disabled 10s (i took a watch)

I got no browsing data other than my bookmarks since the sandbox is on autodelete and browser is told to keep no history or such things.

Changed VS to balanced still no comparison to VS 3.59 (on paranoid) and still very slow.

For me my problem seem to be VS (no clue why) nothing changed other then V3 to V4 :(
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 02, 2018, 08:40:19 pm
Can you maybe test how it is with Chrome browser?
Maybe is something with browsers support, but I doubt!
Like I said,  Chrome browser startup is  3sec. max!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 03, 2018, 08:15:44 pm
@Andi Installed the latest Google Chrome browser and the time it took to start are:

VS on >7secs (ss and appguard disabled)           VS smart or always on still 7 secs Oo
VS off <3secs (even with ss and appguard enabled)

About the same increased times with the latest firefox after i switch VS to on :-[
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 03, 2018, 08:28:33 pm
@Andi Installed the latest Google Chrome browser and the time it took to start are:

VS on >7secs (ss and appguard disabled)           VS smart or always on still 7 secs Oo
VS off <3secs (even with ss and appguard enabled)

About the same increased times with the latest firefox after i switch VS to on :-[
Strange for me it's <3secs with VoodooShield in smart mode.
Did you do a clean install of VS version 4.15 or an upgrade from version 3.59?
I would suggest to completely uninstall VS (delete the VoodooShield folder in program data if left behind) and start with a fresh install of version 4.15.
And leave version 4.15 run with its default settings to see if that solves the problem for you.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 04, 2018, 05:03:13 pm
Thanks for the tips guys. It seems when i disable "Automatically allow all software from the program files folders" the starting time of my browser and so on spikes. It doesn't matter if i enable spyshelter or appguard.

Even with a clean install and using Revo uninstall it doesn't fix the problem.

In short VS Option disable "Automatically allow all software from the program files folders" >>> Browser start 10secs.

VS option enabled "Automatically allow all software from the program files folders" >>> Browser start in 4 secs.

*For my paranoid heart i would like to have the option disabled and still a normal browser start speed*
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on January 04, 2018, 07:12:48 pm
v4.15 is running awesome!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on January 04, 2018, 07:18:56 pm
+1  Also here
 Yes it is running very well 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 05, 2018, 12:30:48 am
with me also  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 05, 2018, 01:13:25 am
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on January 05, 2018, 03:27:03 am
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!

Nothing here on my Windows 10 system.  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 05, 2018, 06:04:20 am
Thank you guys, I appreciate that, and I appreciate all of your help!
Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

Nothing here on my Windows 10 system.  ;)

I'm clueless  :o  what's a patch for Meltdown / Spectre?  Is this a VS or a windows update?  I'm running win7 and busy doing other things today, I have no info about a patch?
& 4.15 has been running fine here  ;D

EDIT: ok did not take me too long to find out about Meltdown / Spectre. (been one of those days)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 05, 2018, 09:20:29 am
Some info about that security update...

"An unfortunate consequence of this security vulnerability is that its patches are expected to slow down all devices anywhere between 5 to 30 percent depending on the processor and software being used. Even ARM and AMD CPUs may get performance degradation due to fundamental changes in how the OS kernel works with memory. According to Intel, processors with PCID / ASID (Skylake or newer) will have less performance degradation."

For @simmerskool...
I would recommend that you upgrade to newest OS:
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet (https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet)
...and if you not upgrade, here is that patch for win.7:
Windows 7 and 8.1 fixes for Meltdown and Spectre CPU flaws
https://winaero.com/blog/windows-7-8-1-fixes-meltdown-spectre-cpu-flaws/ (https://winaero.com/blog/windows-7-8-1-fixes-meltdown-spectre-cpu-flaws/)

About AV compatibility:
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released (https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released)

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0 (https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0)

I personally did not get automatically that update yet, I'm on AMD architecture so guess I don't need it and I do not want it  ;D

Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 05, 2018, 09:41:05 am
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
No issues here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on January 05, 2018, 06:51:26 pm
I posted about this patch in the beta thread. Guess we don't have to post in that one any longer since the new release. It appears after MS gives the patch AV companies had to apply a registry patch? I posted a link in the beta thread.
Title: Re: VoodooShield v4 STABLE Thread
Post by: pavo on January 05, 2018, 08:11:50 pm
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
I haven't noticed any issues with VS after applying this patch.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 05, 2018, 08:21:16 pm
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
No issues here.
The only issue i have that I regularly have to re register VoodooShield.
Anyone else have that issue?
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on January 05, 2018, 09:44:43 pm
The patch is only applied to people with AV's that meet the criteria. I never got the patch that I know of.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 05, 2018, 10:09:07 pm
The patch is only applied to people with AV's that meet the criteria. I never got the patch that I know of.
What version of windows are you running and what is your antivirus?
You can see for your av in the list from Kevin Beaumont: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on January 06, 2018, 12:41:22 am
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
No issues here.
The only issue i have that I regularly have to re register VoodooShield.
Anyone else have that issue?

I haven't any issues with the MS Meltdown / Spectre patch with VoodooShield on any of my 3 systems.

I did update computers to the latest VS v4.15. On one of my systems I did have to re-register and then it told me I couldn't upgrade because I had reached my limit of installs..something like that..but Dan helped me to fix that and I was able to re-register without any problems. So I'm good to go and VS has been running good so far. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: scootnod on January 06, 2018, 03:31:59 am
No issues after installing the MS patch.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Darek on January 06, 2018, 04:20:25 am
Works like a charm on my Win 8 system.

And yes, it should re-register automatically.

But V4 is faster than v.3, and it's more stable.


Thanks Dan!!!
 :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 06, 2018, 08:33:32 am
Very cool, thank you guys!

I just wanted to mention a few things…

We are approaching 1,000,000 views on Wilders

https://www.wilderssecurity.com/forums/other-anti-malware-software.35/?order=view_count

Although, admittedly it is going to take a little longer than expected to reach 1,000,000, because just like MT… their traffic has been suffering 😉.

I also thought it was cool that PCMag gave us an honorable mention for the best AV of 2018, even thought we are not an AV…

https://www.pcmag.com/article2/0,2817,2372364,00.asp

Thank you guys for all of your support throughout the years!

I promise you… in 4 years, people will be asking “did people really use to browse the internet and check email on an unlocked computer”.  😉

The really cool thing is that together, we will have made it happen.

Thank you guys!


Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 06, 2018, 09:26:09 am
No problems with the spectre patch on Win 7 64 bit.

Any of you guys tried to disable "Automatically allow all software from the program files folders" and got spikes in browser loading times?
Or am i just unlucky?

Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 06, 2018, 11:50:41 am
Dan, I again had to re register VS today.
Is there something like a token (we had that before) that gets cleaned by CCleaner and causing this?
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on January 06, 2018, 05:40:01 pm
Installed MS Update and VS performed without a hitch.
Nice. 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 06, 2018, 11:36:59 pm
Dan, I again had to re register VS today.
Is there something like a token (we had that before) that gets cleaned by CCleaner and causing this?
Hmmm, that is odd... that should have been fixed a few versions back.  I guess if it continues, the best thing to do would be to delete all of the .db files and the token, then restart VS.  If it continues to act up, please let me know.

Thank you guys for letting me know how things are going!

I think 4.16 will be ready to test soon.  The toggling bug with suspended web apps should be fixed now, and I recently noticed that VS has been scanning Windows Defender components when WD is scanning other files... this would explain unexpected slow downs on some systems.  Anyway, that will be fixed too.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on January 07, 2018, 12:24:54 am
Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I applied the KB yesterday (6 Jan), no visible impact on Win7x64 on a Sandy Bridge i5.  OTOH, I only have a couple of muti-core programs.  I guess if I light up Universal Media Server I'll see a slowdown transcoding mp4's on the fly  :(

OFF TOPIC: The "Rise of the Machines" has been successfully thwarted for at least 50 years   :) :D ;D
BACK ON TOPIC
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on January 07, 2018, 01:07:29 am
Hey Dan, something wrong with my subscription, it says it will expire 01-Jan-01.? Using the latest build 4.15
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 07, 2018, 01:53:10 am
No problems with the spectre patch on Win 7 64 bit.

Any of you guys tried to disable "Automatically allow all software from the program files folders" and got spikes in browser loading times?
Or am i just unlucky?

I checked earlier today, and win update said my win7_64 was up to date? and I haven't installed anything related to meltdown / spectre.  Is not finding any update related to AV? -- that registry key block I'm vaguely aware of.  My AV says not an issue...
Meanwhile my wife's win7 is running MS security enterprise av (or something -- I don't admin that) and her system says can't check for updates error 8024402F, and leads me to nothing helpful.   FWIW my iOS also says it is up to date.  I think there's more stuff coming out in the next few days. 
VS 4.15 is running fine  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 07, 2018, 01:54:37 am
The patch is only applied to people with AV's that meet the criteria. I never got the patch that I know of.

+1  ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 07, 2018, 09:18:03 am
Hey Dan, something wrong with my subscription, it says it will expire 01-Jan-01.? Using the latest build 4.15
I quote myself:D
My VS showed expired on 01.01.0001 (today). After closing down VS and restarting it the real time left was show and everything was back as it should be. Maybe it works for you also  :)

@Dan any hints for me for my problem?
When i disable "Automatically allow all software from the program files folders" i got spikes in browser loading times.

Even after a clean install, the problem persists even when i disable all other security stuff and i got no windows defender active.

Spyshelter, appguard and sandboxie are all disabled and the time to load vivaldi is 10s with just VS.
When i enable ss, appguard and sandboxie and disable VS the vivaldi loadtime is 5s.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Denis on January 07, 2018, 10:02:57 am
Same here. For the rest vs is working fine.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on January 07, 2018, 01:55:36 pm
When i disable "Automatically allow all software from the program files folders" i got spikes in browser loading times.

Hi Geri123 - the spikes are probably caused by VS distrusting (as per your instruction) software in the Program Files folders, and sending them for analysis before allowing them to work.  Cloud analysis is not the fastest method available, especially as many hops do not have modern infrastructure (I'm sure some are still using 28KB modems :P )

My personal preference is to check that box--after all, your other security softs have never pinged the products, have they?  The ones I do uncheck are Advanced>"Automatically scan blocked files with the multi-engine..." and "Automatically scan blocked files with Voodoo AI".  Basically, VS has to do its job using only locally available resources, and I am responsible for getting it right.  However, I do use MBAM and ZAM on a monthly system scan.  I now have no "real time" AV :D  And I'm thinking about using Custom Folders to lock down %appdata\temp% and a couple of others so nothing can execute from those locations.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 08, 2018, 06:32:24 pm
Thanks for the tips guys. It seems when i disable "Automatically allow all software from the program files folders" the starting time of my browser and so on spikes. It doesn't matter if i enable spyshelter or appguard.

Even with a clean install and using Revo uninstall it doesn't fix the problem.

In short VS Option disable "Automatically allow all software from the program files folders" >>> Browser start 10secs.

VS option enabled "Automatically allow all software from the program files folders" >>> Browser start in 4 secs.

*For my paranoid heart i would like to have the option disabled and still a normal browser start speed*
Yes, that issue has been around for a long time, and we paranoids are still hoping for a fix.

But besides that, you have a lot of security softs in your cocktail, and some of them are sensitive ones. I am talking about SBIE and spyshelter. They are touchy. If you would uninstall spyshelter, I think you would see a big difference. I am saying this because I have comboed SSFW with various other security softs, and I have seen major slowdowns in certain combinations.
Also Appguard+SBIE will slow down browser launching a little bit, but it is bearable.
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on January 09, 2018, 08:25:26 am
No issues here with 4.15 after patch.
I am using FF 57.0.4
Ready to test 4.16 when it is available :)
Great work Dan !!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 09, 2018, 08:43:43 am
Dan, I again had to re register VS today.
Is there something like a token (we had that before) that gets cleaned by CCleaner and causing this?
Hmmm, that is odd... that should have been fixed a few versions back.  I guess if it continues, the best thing to do would be to delete all of the .db files and the token, then restart VS.  If it continues to act up, please let me know.
Hi Dan, had to re register again this morning.
I've now deleted all the .db files and the token in ProgramData.
I let you know if it acts up again.
Maybe it's caused by my not so stable Internet connection (wifi)?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 09, 2018, 02:20:34 pm
Received an alert for wshost.exe today...

(http://cloud.screenpresso.com/JHAWf/2018-01-09_09h13_15.png)

Not knowing why it fired, I decided to ignore it since it was "Blocking in 20" (seconds)... but the block timer never started and it's still here on my desktop as I post here.

Why?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 09, 2018, 02:59:39 pm
@Shmu26 Thanks for the info, my paranoid heart has still hope left  :)
For me it is ok if the browser starts a bit slower and i could get that with my installed software. But with just unchecking the VS option it goes to 10s which is to much for me.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 09, 2018, 07:59:34 pm
Quite confused about registration... I attempted to add a 3rd computer to my account via the app which I have been running in free mode for this device. When I did so I was informed that there were no available seats on my license.

So I used the app on a licensed PC to open the management console. That led me to "voodooshield.co" where only one device was present [Note to Dan... shouldn't this open up to "voodooshield.com"?]

I then logged into "voodooshield.com" and saw 2 devices registered (neither was the one I was trying to register today).

So here's where I'm at...

AFAIK...
 1. I have 10 licenses
 2. On "voodooshield.co" one device is registered
 3. On "voodooshield.com" two devices are registered (one is the same as that on "voodooshield.co"]
 4. I was rejected registering the 3rd PC via the pop-up window that launches from the app.
 5. On "voodooshield.com" I manually added a 3rd PC (I don't know if this will fix the issue with the registration via the app's pop-up window).

What am I doing wrong?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 09, 2018, 08:11:11 pm
A perplexing day... Working in Excel, and often when right-clicking to get a context menu I get this pop-up...
(http://cloud.screenpresso.com/0Z3Oe/2018-01-09_14h16_24.png)
When I Allow this, it neither adds to my Whitelist or appears in my User Log. So with many right-clicks, I get several of these pop-ups...

And then this... 3 times today Google Update fires up and I get this...
(http://cloud.screenpresso.com/36hKb/2018-01-09_14h48_34.png)
After I Allow this repeatedly I discover that this is not in the Whitelist, but it IS in the User Log where it says...
Action = User Blocked... Why? I didn't do that.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 09, 2018, 08:18:55 pm
Dan, I again had to re register VS today.
Is there something like a token (we had that before) that gets cleaned by CCleaner and causing this?
Hmmm, that is odd... that should have been fixed a few versions back.  I guess if it continues, the best thing to do would be to delete all of the .db files and the token, then restart VS.  If it continues to act up, please let me know.
Hi Dan, had to re register again this morning.
I've now deleted all the .db files and the token in ProgramData.
I let you know if it acts up again.
Maybe it's caused by my not so stable Internet connection (wifi)?
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on January 10, 2018, 12:25:16 am
No issues to report here and I don't have the re register issue either.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 10, 2018, 07:58:26 am
Some of the Office updates from patch Tuesday failed for me.
I have VS in alert mode, at standard settings.
I kept getting a prompt again and again about a command line, VS said it was safe, I allowed it repeatedly, but the updates kept failing.
Afterward, there was no new whitelisted command line in the list. Apparently, VS was not able to parse it correctly.
Without VS, the updates installed correctly.
Win 10 pro x64 RS3

EDIT: I tried autopilot, and it also seemed to prevent the installs. I didn't see VS do anything, but windows updates said they failed again.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 04:49:12 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 04:50:10 pm
Some of the Office updates from patch Tuesday failed for me.
I have VS in alert mode, at standard settings.
I kept getting a prompt again and again about a command line, VS said it was safe, I allowed it repeatedly, but the updates kept failing.
Afterward, there was no new whitelisted command line in the list. Apparently, VS was not able to parse it correctly.
Without VS, the updates installed correctly.
Win 10 pro x64 RS3

EDIT: I tried autopilot, and it also seemed to prevent the installs. I didn't see VS do anything, but windows updates said they failed again.
Thank you for letting me know… I see what you mean, here is an example (there could be as many as 5-10 in a row I am guessing).  The problem is that the command line differs each time significantly… especially as far as how our algorithm reads the command line.  So when our algo does not match a previously allowed command line, VS is supposed to block the item, which it did.

[01-10-2018 08:55:49] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 572a5e1c401ba5ed3fcd3f6b8a4d831e e global\msi0000
[01-10-2018 08:55:57] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 6d6a0956b4545d0b75e028a8a60479db e global\msi0000
[01-10-2018 08:56:03] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 8b77882384d0a511c75177610e7468a8 e global\msi0000

Is this during a manual update?  VS should not have issues with automatic Windows updates, since the updates are applied after the computer has started its shutdown sequence, and has asked most of the software to exit.  If this is a manual update, it is best to exit out of VS, or to place it in Disable / Install mode before performing the manual update.

Having said that... there might be something I can do to reduce these types of blocks in the future... let me think about what we can do.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 04:54:14 pm
Hey Dan, something wrong with my subscription, it says it will expire 01-Jan-01.? Using the latest build 4.15
I quote myself:D
My VS showed expired on 01.01.0001 (today). After closing down VS and restarting it the real time left was show and everything was back as it should be. Maybe it works for you also  :)

@Dan any hints for me for my problem?
When i disable "Automatically allow all software from the program files folders" i got spikes in browser loading times.

Even after a clean install, the problem persists even when i disable all other security stuff and i got no windows defender active.

Spyshelter, appguard and sandboxie are all disabled and the time to load vivaldi is 10s with just VS.
When i enable ss, appguard and sandboxie and disable VS the vivaldi loadtime is 5s.
Hmmm, VS must be scanning the web app with the blacklist and VoodooAi with that option unchecked.  Let me look at that... it should not be doing that.  I will put it on my to do list, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 04:56:17 pm
Received an alert for wshost.exe today...

(http://cloud.screenpresso.com/JHAWf/2018-01-09_09h13_15.png)

Not knowing why it fired, I decided to ignore it since it was "Blocking in 20" (seconds)... but the block timer never started and it's still here on my desktop as I post here.

Why?
The mouse cursor was probably on top of the prompt, which pauses and resets the countdown timer.  Just move the cursor off of the prompt and it will start to count down again.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 04:59:20 pm
Quite confused about registration... I attempted to add a 3rd computer to my account via the app which I have been running in free mode for this device. When I did so I was informed that there were no available seats on my license.

So I used the app on a licensed PC to open the management console. That led me to "voodooshield.co" where only one device was present [Note to Dan... shouldn't this open up to "voodooshield.com"?]

I then logged into "voodooshield.com" and saw 2 devices registered (neither was the one I was trying to register today).

So here's where I'm at...

AFAIK...
 1. I have 10 licenses
 2. On "voodooshield.co" one device is registered
 3. On "voodooshield.com" two devices are registered (one is the same as that on "voodooshield.co"]
 4. I was rejected registering the 3rd PC via the pop-up window that launches from the app.
 5. On "voodooshield.com" I manually added a 3rd PC (I don't know if this will fix the issue with the registration via the app's pop-up window).

What am I doing wrong?
Alex is making changes to the web site and management console as we speak, and it will be a few days before everything is finalized.

Basically, there is no point in logging into voodooshield.com (it is using the old database)... but you can log into voodooshield.co (it is using the current database).

Once Alex is finished, we will move everything over to voodooshield.com, so it will then work on both.  Once this happens, VS itself will start to point to .com in the next release, and eventually we will disable voodooshield.co.  I hope that makes sense, but if not, please let me know, thank you!

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 05:08:04 pm
A perplexing day... Working in Excel, and often when right-clicking to get a context menu I get this pop-up...
(http://cloud.screenpresso.com/0Z3Oe/2018-01-09_14h16_24.png)
When I Allow this, it neither adds to my Whitelist or appears in my User Log. So with many right-clicks, I get several of these pop-ups...

And then this... 3 times today Google Update fires up and I get this...
(http://cloud.screenpresso.com/36hKb/2018-01-09_14h48_34.png)
After I Allow this repeatedly I discover that this is not in the Whitelist, but it IS in the User Log where it says...
Action = User Blocked... Why? I didn't do that.
Yeah, these are odd... how are you right clicking in Excel to trigger the splwow64.exe block?  I just tried to reproduce this, but was not able to.  But if you can tell me how to reproduce this, it will be an easy fix.

I am not sure why googleupdate is being executed from appdata... but I bet there were 3-4 different command lines that were triggering this.  I do not remember off the top of my head, but I believe I added some rules a while back to VS, where if certain conditions were met, and if the item was in appdata, that it would not be permanently added to the whitelist.  Or another possibility is that the item was removed from the whitelist after VS performed a whitelist cleanup.  Either way, if it continues to be a problem, we will have to figure it out.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on January 10, 2018, 05:17:39 pm
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!

I had a total black out where Windows just would not boot up even in Advanced Safe Mode/System Restore etc. A couple of days ago. I had to do a clean install of Windows from my USB backup. I thought the SSD's failed on me but they checked out to be alright.  I don't think VoodooShields had anything to do with it. I'm thinking the Beta AV and the Microsoft patch might of crashed it. Who knows...
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 10, 2018, 05:38:56 pm
Thank you guys, I appreciate that, and I appreciate all of your help!  I will read through the posts asap and reply to the ones I need to.

Has anyone had any issues with VS as of today, after applying the patch for Meltdown / Spectre?

I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!

I had a total black out where Windows just would not boot up even in Advanced Safe Mode/System Restore etc. A couple of days ago. I had to do a clean install of Windows from my USB backup. I thought the SSD's failed on me but they checked out to be alright.  I don't think VoodooShields had anything to do with it. I'm thinking the Beta AV and the Microsoft patch might of crashed it. Who knows...
Yeah, except for the couple of weeks (a while back) that I experimented with an experimental lockdown feature that a few beta testers tried (that I ended up abandoning for the time being), VS has never had problems with issues like this, or with BSOD type issues.  And none of this code has changed for several years, so I think we are good to go.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on January 10, 2018, 06:34:47 pm


I just received an email where the user was having issues with VS after applying this patch.  I looked at the log, and it looks like an easy fix, but I hate to release another version so quickly.  Thank you guys!
[/quote]

I had a total black out where Windows just would not boot up even in Advanced Safe Mode/System Restore etc. A couple of days ago. I had to do a clean install of Windows from my USB backup. I thought the SSD's failed on me but they checked out to be alright.  I don't think VoodooShields had anything to do with it. I'm thinking the Beta AV and the Microsoft patch might of crashed it. Who knows...
[/quote]
Yeah, except for the couple of weeks (a while back) that I experimented with an experimental lockdown feature that a few beta testers tried (that I ended up abandoning for the time being), VS has never had problems with issues like this, or with BSOD type issues.  And none of this code has changed for several years, so I think we are good to go.  Thank you!
[/quote]

Thank you Dan! That makes sense that VoodooShields wouldn't be the cause beta 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on January 10, 2018, 07:19:53 pm
Now, I'm with WoodoShield + Webroot Secure Anywhere + OSArmor + my old Winpatrol . Very light combo and, I think very efficient (a little bit too much for OSArmor - for exemple Opera + Sticky Password blocked).
One more time, thank you Dan, this kind of anti malware is the future (I think !!!).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 10, 2018, 08:16:12 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 11, 2018, 03:57:44 am
The mouse cursor was probably on top of the prompt, which pauses and resets the countdown timer.  Just move the cursor off of the prompt and it will start to count down again.  Thank you!
The mouse was in the browser text entry box here in this forum.

Yeah, these are odd... how are you right clicking in Excel to trigger the splwow64.exe block?  I just tried to reproduce this, but was not able to.  But if you can tell me how to reproduce this, it will be an easy fix
I just right-clicked cells to paste special. Had quite a few to do. The popup happened when I right-clicked, though not every time.

I am not sure why googleupdate is being executed from appdata... but I bet there were 3-4 different command lines that were triggering this.  I do not remember off the top of my head, but I believe I added some rules a while back to VS, where if certain conditions were met, and if the item was in appdata, that it would not be permanently added to the whitelist.  Or another possibility is that the item was removed from the whitelist after VS performed a whitelist cleanup.  Either way, if it continues to be a problem, we will have to figure it out.  Thank you!
Still happening today. Tried to whitelist it from the User Log, but the pop-up still comes up (and did so again as I was composing this post). And I have 8 googleupdate.exe entries in the whitelist. I have to exit VS so Google could do its thang otherwise I'm reminded frequently that VS is not engaged.

VS has become very chatty for me since leaving ßeta. Portable apps are another notification challenge... I'll lay that out after the notifications for google/excel quiet down. Thanks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 11, 2018, 06:17:04 am
Some of the Office updates from patch Tuesday failed for me.
I have VS in alert mode, at standard settings.
I kept getting a prompt again and again about a command line, VS said it was safe, I allowed it repeatedly, but the updates kept failing.
Afterward, there was no new whitelisted command line in the list. Apparently, VS was not able to parse it correctly.
Without VS, the updates installed correctly.
Win 10 pro x64 RS3

EDIT: I tried autopilot, and it also seemed to prevent the installs. I didn't see VS do anything, but windows updates said they failed again.
Thank you for letting me know… I see what you mean, here is an example (there could be as many as 5-10 in a row I am guessing).  The problem is that the command line differs each time significantly… especially as far as how our algorithm reads the command line.  So when our algo does not match a previously allowed command line, VS is supposed to block the item, which it did.

[01-10-2018 08:55:49] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 572a5e1c401ba5ed3fcd3f6b8a4d831e e global\msi0000
[01-10-2018 08:55:57] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 6d6a0956b4545d0b75e028a8a60479db e global\msi0000
[01-10-2018 08:56:03] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 8b77882384d0a511c75177610e7468a8 e global\msi0000

Is this during a manual update?  VS should not have issues with automatic Windows updates, since the updates are applied after the computer has started its shutdown sequence, and has asked most of the software to exit.  If this is a manual update, it is best to exit out of VS, or to place it in Disable / Install mode before performing the manual update.

Having said that... there might be something I can do to reduce these types of blocks in the future... let me think about what we can do.  Thank you!
These were not actual Windows updates, they were MS Office updates. They do not run after shutdown, like Windows updates. They are installed silently in the background, while the user is using his PC.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on January 11, 2018, 05:28:27 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 11, 2018, 09:24:40 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Are you also on wifi?
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on January 12, 2018, 01:43:47 am
Running latest stable for few days on Win 10 64 with no issues.
I don't run multiple security software.
Realtime security is Windows Firewall + Windows Defender + VoodooShield

I tried defaults with AutoPilot Mode with no issues.
Currently trying VoodooAi Only set to 90% with Rules Wizard with no issues.

Dan, it would be good to have "Vulnerable Processes" option in Rules Wizard.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 12, 2018, 06:11:19 am
for Dan, conflict now reported at MT between NVT OSArmor and VS.

"I was having an issue starting with test22 release with the Configurator GUI not opening up, turned out to be a conflict on my end. I was running VooodooShield 4.15, the second I shut it down the GUI popped up.  So just a fair warning to others that you could experience conflicts running OSArmor with Voodoo. I've uninstalled VoodooShield, I'm not giving up my OSArmor."
https://malwaretips.com/threads/novirusthanks-osarmor.78195/page-25 /post 500

NVT has been adding more and more protections...
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:41:10 am
Some of the Office updates from patch Tuesday failed for me.
I have VS in alert mode, at standard settings.
I kept getting a prompt again and again about a command line, VS said it was safe, I allowed it repeatedly, but the updates kept failing.
Afterward, there was no new whitelisted command line in the list. Apparently, VS was not able to parse it correctly.
Without VS, the updates installed correctly.
Win 10 pro x64 RS3

EDIT: I tried autopilot, and it also seemed to prevent the installs. I didn't see VS do anything, but windows updates said they failed again.
Thank you for letting me know… I see what you mean, here is an example (there could be as many as 5-10 in a row I am guessing).  The problem is that the command line differs each time significantly… especially as far as how our algorithm reads the command line.  So when our algo does not match a previously allowed command line, VS is supposed to block the item, which it did.

[01-10-2018 08:55:49] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 572a5e1c401ba5ed3fcd3f6b8a4d831e e global\msi0000
[01-10-2018 08:55:57] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 6d6a0956b4545d0b75e028a8a60479db e global\msi0000
[01-10-2018 08:56:03] [INFO ] - Blocked: c:\windows\system32\msiexec.exe | c:\windows\system32\msiexec.exe -embedding 8b77882384d0a511c75177610e7468a8 e global\msi0000

Is this during a manual update?  VS should not have issues with automatic Windows updates, since the updates are applied after the computer has started its shutdown sequence, and has asked most of the software to exit.  If this is a manual update, it is best to exit out of VS, or to place it in Disable / Install mode before performing the manual update.

Having said that... there might be something I can do to reduce these types of blocks in the future... let me think about what we can do.  Thank you!
These were not actual Windows updates, they were MS Office updates. They do not run after shutdown, like Windows updates. They are installed silently in the background, while the user is using his PC.
I see, that makes sense now, thank you.  I just performed a manual Office update, and I did get one block.  I will have to figure out a way to safely auto allow these, I will put it on my to do list.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:43:05 am
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Hmmm, that is odd.  Have you tried to go to the VS's Management Console (right click on VS and choose Management Console), and remove that device?  Maybe even remove the token from c:\ProgramData\VoodooShield?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:47:20 am
Running latest stable for few days on Win 10 64 with no issues.
I don't run multiple security software.
Realtime security is Windows Firewall + Windows Defender + VoodooShield

I tried defaults with AutoPilot Mode with no issues.
Currently trying VoodooAi Only set to 90% with Rules Wizard with no issues.

Dan, it would be good to have "Vulnerable Processes" option in Rules Wizard.
Very cool, thank you for letting me know!  Yeah, VS already has a massive list of hardwired Vulnerable Processes, and it also includes basically ALL Windows System files... not just the 15 common ones.  It basically includes the entire folder, with a handful of exceptions.  That way we do not have to worry about it every 6 or so months when a new vulnerable process is exploited.  But I agree, it would be good to add user defined vulnerable processes.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:49:30 am
Now, I'm with WoodoShield + Webroot Secure Anywhere + OSArmor + my old Winpatrol . Very light combo and, I think very efficient (a little bit too much for OSArmor - for exemple Opera + Sticky Password blocked).
One more time, thank you Dan, this kind of anti malware is the future (I think !!!).
Thank you, I appreciate that... I think locking the computer when it is at risk is the future as well ;).  I mean think about it for a second... The problem with all other security products is that they can only offer the same level of protection, whether the computer is at risk of infection or not.  As a result, in an effort to ensure usability for the end user, all other security products are only able to protect the computer to a certain extent or level.  If they lock the computer up to tight fulltime, the computer is unusable.  If they do not protect the computer enough then infection rates will certainly increase.

The answer is simple... lock the computer when it is at risk ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:55:10 am
The mouse cursor was probably on top of the prompt, which pauses and resets the countdown timer.  Just move the cursor off of the prompt and it will start to count down again.  Thank you!
The mouse was in the browser text entry box here in this forum.

Yeah, these are odd... how are you right clicking in Excel to trigger the splwow64.exe block?  I just tried to reproduce this, but was not able to.  But if you can tell me how to reproduce this, it will be an easy fix
I just right-clicked cells to paste special. Had quite a few to do. The popup happened when I right-clicked, though not every time.

I am not sure why googleupdate is being executed from appdata... but I bet there were 3-4 different command lines that were triggering this.  I do not remember off the top of my head, but I believe I added some rules a while back to VS, where if certain conditions were met, and if the item was in appdata, that it would not be permanently added to the whitelist.  Or another possibility is that the item was removed from the whitelist after VS performed a whitelist cleanup.  Either way, if it continues to be a problem, we will have to figure it out.  Thank you!
Still happening today. Tried to whitelist it from the User Log, but the pop-up still comes up (and did so again as I was composing this post). And I have 8 googleupdate.exe entries in the whitelist. I have to exit VS so Google could do its thang otherwise I'm reminded frequently that VS is not engaged.

VS has become very chatty for me since leaving ßeta. Portable apps are another notification challenge... I'll lay that out after the notifications for google/excel quiet down. Thanks.
Thank you, I will take a look at these.  For Chrome... do you have it installed on the C Drive?  From what I remember, you install your programs on the D drive, right?  That might be why googleupdate.exe is in appdata... just a guess.  If so, I should be able to fix this pretty easily by installing Chrome on the D drive, which should fix other issues as well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 06:58:41 am
for Dan, conflict now reported at MT between NVT OSArmor and VS.

"I was having an issue starting with test22 release with the Configurator GUI not opening up, turned out to be a conflict on my end. I was running VooodooShield 4.15, the second I shut it down the GUI popped up.  So just a fair warning to others that you could experience conflicts running OSArmor with Voodoo. I've uninstalled VoodooShield, I'm not giving up my OSArmor."
https://malwaretips.com/threads/novirusthanks-osarmor.78195/page-25 /post 500

NVT has been adding more and more protections...
Thank you for letting me know... they were working fine together before test22, and nothing changed in VS, so let's hope that the issue is on their end, and that they will fix it.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 07:22:50 am
BTW, I forgot to mention... if anyone wants to test VS with the Malwarebytes or HitmanPro tests (mbae-test.exe or hmpalert-test), simply add these apps to VS as a Web App (mbae-test or hmpalert-test).   Anyway, VS will block them all, with the exception of the webcam and keylogger test.  It even works for calc.exe, since it is listed as a vulnerable application ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Dräffendrüks on January 12, 2018, 10:26:30 am
Hello,
Is Voodooshield working with videogames ?
Solo games or via Steam ? Or something similar ?
Because games often self-updates
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on January 12, 2018, 02:51:14 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Hmmm, that is odd.  Have you tried to go to the VS's Management Console (right click on VS and choose Management Console), and remove that device?  Maybe even remove the token from c:\ProgramData\VoodooShield?  Thank you!
I deleted the voodooshield-token from Program Data.  I get the attached pop ups when I enter my password.  My license is good until 12/19/19.  My Dashboard shows only 1 computer.

Any suggestions?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 03:03:09 pm
Hello,
Is Voodooshield working with videogames ?
Solo games or via Steam ? Or something similar ?
Because games often self-updates
Hi, I just replied to a very similar question in an email (I am assuming it was you), so I will just post my reply below, thank you!

I play Rocket League, GTA5 and a few other games on Steam, and I have never seen a block from VS with Steam.  Actually about the only blocks I ever experience are when I am installing new software.  The funny thing is that I have to reset my whitelist constantly (for development reasons), and I still hardly ever experience any blocks.

VS doesn’t have a database that whitelists all of the latest software and games… the whitelist is custom built dynamically on each computer.  It is automatically built as VS toggles from OFF to ON. 

Having said that, you might experience a few blocks the first few days… but after VS learns your system, you will hardly ever see any blocks.  If you do receive some blocks after a week or two, it is good that something is prompting you before automatically running.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 12, 2018, 03:06:38 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Hmmm, that is odd.  Have you tried to go to the VS's Management Console (right click on VS and choose Management Console), and remove that device?  Maybe even remove the token from c:\ProgramData\VoodooShield?  Thank you!
I deleted the voodooshield-token from Program Data.  I get the attached pop ups when I enter my password.  My license is good until 12/19/19.  My Dashboard shows only 1 computer.

Any suggestions?
I see... The first prompt will let the user automatically log in to the Management Console by storing the password.  The password is not stored by default, in case admins do not want end users to automatically log into the MC.

It looks like we just need to increase your number of seats... I can do that for you, please email me at support at voodooshield.com, and I will know what email address your account uses, so I can increase the number of seats.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 12, 2018, 03:37:43 pm
For Chrome... do you have it installed on the C Drive?  From what I remember, you install your programs on the D drive, right?  That might be why googleupdate.exe is in appdata... just a guess.  If so, I should be able to fix this pretty easily by installing Chrome on the D drive, which should fix other issues as well.
Chrome is installed in "C:\Program Files (x86)" by default. Google doesn't give me the option to choose another partition. This could be related to other Google programs, IDK. But they all reside in their default locations. FWIW, googleupdate.exe exists in both "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" and "C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe". Both locations are updated apparently as they share the same version number. Apparently one is for the gupdate service. Thanks.

https://www.bleepingcomputer.com/startups/GoogleUpdate.exe-24397.html
https://www.bleepingcomputer.com/startups/GoogleUpdate.exe-25791.html
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 12, 2018, 05:22:08 pm
And again today I had to re register... something not working like it should over here... Dan, any logs I can sent you to clear up this mystery?
Have you tried to exit out of VS, then delete the voodooshield-token.json in the C:\ProgramData\VoodooShield folder, then restart VS and register one last time?  Thank you!
Yes I have done that this morning and now (evening here) I have to re register again.
The laptop was on all day.
The only thing i can think of is that i have a very unreliable wifi connection.
Maybe that has something to do with it?
Same here.  I have to reregister every couple of days.  I am using 4.15
Hmmm, that is odd.  Have you tried to go to the VS's Management Console (right click on VS and choose Management Console), and remove that device?  Maybe even remove the token from c:\ProgramData\VoodooShield?  Thank you!
I've done that now. Will let you know how it goes...
EDIT: This morning the registration is gone again unfortunately  :(
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 13, 2018, 10:44:46 am
That is odd... please email me at support at voodooshield.com and we will figure it out, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 13, 2018, 10:46:14 am
I have not yet posted a video on COU, so I wanted to do a little test to see how it works.  Here it goes ;)

https://www.youtube.com/watch?v=zBkuNpgACH0
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on January 13, 2018, 04:53:48 pm
I have not yet posted a video on COU, so I wanted to do a little test to see how it works.  Here it goes ;)

https://www.youtube.com/watch?v=zBkuNpgACH0

It works and made me smile.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 13, 2018, 06:11:51 pm
I have not yet posted a video on COU, so I wanted to do a little test to see how it works.  Here it goes ;)

https://www.youtube.com/watch?v=zBkuNpgACH0

It works and made me smile.
Well, my work is done then... all I wanted to do was to make people smile ;). 

Well, and to lock their computers when they are at risk ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 13, 2018, 08:51:24 pm
It is possible that we see links to videos like "preview" and not only like address?

And how to put some link address beneath the word like "LINK"?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 14, 2018, 04:01:32 pm
And how to put some link address beneath the word like "LINK"?

Like this? Not Again ! (https://www.youtube.com/watch?v=zBkuNpgACH0)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 14, 2018, 05:51:19 pm
And how to put some link address beneath the word like "LINK"?

Like this? Not Again ! (https://www.youtube.com/watch?v=zBkuNpgACH0)

Yea, like this!
How you do this? I have only manage to put it in full addres form like this:

https://youtu.be/zBkuNpgACH0 (https://youtu.be/zBkuNpgACH0)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 14, 2018, 06:47:31 pm
Yea, like this!
How you do this?
Enter the url such as this...
Code: [Select]
[url=https://youtu.be/zBkuNpgACH0]Text you want to see linked[/url]I had to do this in a code box so you could see what it looks like.

Using that same coding (from first "[" to last "]") outside the code box then gives you this...
Text you want to see linked (https://youtu.be/zBkuNpgACH0)

FWIW you cannot embed videos here (unless of course, COU allows it)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 14, 2018, 07:33:19 pm
Yea, like this!
How you do this?
Enter the url such as this...
Code: [Select]
[url=https://youtu.be/zBkuNpgACH0]Text you want to see linked[/url]I had to do this in a code box so you could see what it looks like.

Using that same coding (from first "[" to last "]") outside the code box then gives you this...
Text you want to see linked (https://youtu.be/zBkuNpgACH0)

FWIW you cannot embed videos here (unless of course, COU allows it)

Aha, I see... ;)

LINK

 (https://www.youtube.com/watch?v=Z6oeAdemFZw)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 14, 2018, 08:24:24 pm
Yeah, I was wondering if COU would display a preview of the youtube video... is this possible?

Also, I am wrapping up the next version of VS... there are around 5-6 bugs that I am fixing, and hopefully it will be ready soon.

BTW, someone was asking why the same item is listed in VoodooShield Settings / Whitelist.  Basically, if you see duplicates, please scroll over to the right, and you will see that the items have different parent processes, which is why they are listed multiple times.  Performing the Parent Process check adds a whole new level of security... along with the other security features that were added in VS 4.0.

I guess what I am saying is that VS 3.0 was locked down very tight, but VS 4.0 is locked down even further.  And sure, we have had some bugs to overcome, but it is worth it.

Also, a couple people have had issues with VS starting after a computer reboot.  If you are experiencing this issue, can you please try the following, and let me know how it goes?

1.            Stop the VoodooShieldService
2.            Open a Command Prompt as Administrator
3.            Run this:  sc config VoodooShieldService depend= LSM
4.            Reboot and hope that VS starts normally 😉.

This will set the Local Session Manager service as a dependency for the VoodooShieldService.

Also, if you set the VoodooShieldService Startup Type to Automatic (Delayed Start), please set it to just Automatic.  A couple of people that were having this issue set their VoodooShieldService to delayed start, and this temporarily fixed the issue, but we need to find a permanent fix for everyone.

Thank you guys!



Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 14, 2018, 09:51:04 pm
BTW, there have been a lot of reports about OSA's OSArmorDevCfg not working correctly with VS.  I just finished looking at this, and I really think it is something that has to be fixed on their end... here is why I believe this to be the case.

1.  It worked perfectly before OSA Test22, and nothing has changed in VS 4.15.

2.  If you temporarily replace the OSArmorDevCfg.exe app (in C:\Program Files\NoVirusThanks\OSArmorDevSvc) with another executable, like any simple portable app, it will work just fine.  It is only with the original OSArmorDevCfg app where there is an issue.

3.  If you look at VS's DeveloperLog.log,  you will clearly see that VS allowed it.

So I am not sure what is going on... but it would be great to get this resolved, since it looks like a lot of people are going to be running OSA with VS.

Also, I found a rather significant bug earlier today, and I think it is the cause of most or all any odd blocks that people were experiencing.  Basically, when a parent process tries to spawn a child process, and the child process's file size is 0 bytes, then there was an exception in VS.  I discovered this bug after running "SpectreMeltdownCheck.exe" by Ashampoo.  I think it is also responsible for the GitHub Desktop issues that people were experiencing, and possibly even the googleupdate bug that Telos was experiencing.

Also, I think I found a permanent fix for the DISMHost debacle... so that we do not have to add hardwired hashes when they are released every 6 months or so.  So for the next version, please let me know if you guys experience any DISMHost blocks.

I hope to have 4.16 ready for you guys in the next day or so, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 15, 2018, 03:17:38 am
Yeah, I was wondering if COU would display a preview of the youtube video... is this possible?
ICBW but if bb code for html is enabled, one could embed YouTube (other?) video links as such:
Code: [Select]
[html]
<iframe width="560" height="315" src="https://www.youtube.com/embed/zBkuNpgACH0?rel=0" frameborder="0" </iframe>
[/html]

There may be other simpler ways to do this. Perhaps an Admin can chime in here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Dräffendrüks on January 15, 2018, 12:42:45 pm
Hey Dan,


Since a few days ago, i receive a new warning from Voodooshield AI :
"c:\windows\system32\rundll32.exe startupscan.dll,susruntask"

I read on the internet it was safe.
After investigations with Autoruns, i figured out what is it : It is Microsoft Application Experience
So i decided to allow this command line
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 15, 2018, 03:55:26 pm
Hey Dan,


Since a few days ago, i receive a new warning from Voodooshield AI :
"c:\windows\system32\rundll32.exe startupscan.dll,susruntask"

I read on the internet it was safe.
After investigations with Autoruns, i figured out what is it : It is Microsoft Application Experience
So i decided to allow this command line
Yeah, that is the one command line that is a real pain... it is even hardwired in, but it still is blocked.  But yeah, it is safe, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 15, 2018, 03:56:01 pm
Okay, here is 4.16... most of the issues should be fixed, but if you guys find anything, please let me know.

www.voodooshield.co/Download/InstallVoodooShield416.exe

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on January 15, 2018, 07:17:41 pm
Okay, here is 4.16... most of the issues should be fixed, but if you guys find anything, please let me know.

www.voodooshield.co/Download/InstallVoodooShield416.exe

Thank you!

Hi Dan, thank you for the new build. :) Testing it right now, I let you know if there is anything...
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 15, 2018, 08:32:21 pm
Okay, here is 4.16... most of the issues should be fixed, but if you guys find anything, please let me know.

www.voodooshield.co/Download/InstallVoodooShield416.exe

Thank you!
Dan, 2 questions from shmu26 on MalwareTips:
Quote
1 Is it beta, or does VS update automatically to this version?
2 What issues it is meant to fix?
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on January 15, 2018, 11:22:01 pm
OsArmor 1.4.24 has no issues with VS 4.16. All is well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on January 16, 2018, 12:07:58 am
I think it is also responsible for the GitHub Desktop issues that people were experiencing, and possibly even the googleupdate bug that Telos was experiencing.
Still present w/4.16. Thanks anyway.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on January 16, 2018, 01:21:26 am
No issues on Win10x64 ltsb with google update for Chrome 64bit or Centbrowser x64.
Title: Re: VoodooShield v4 STABLE Thread
Post by: j9ksf on January 16, 2018, 01:23:57 pm
OsArmor 1.4.24 has no issues with VS 4.16. All is well.

Can confirm that 4.16 has solved the issue with NVT OSA. Thanks Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on January 16, 2018, 02:01:30 pm
OsArmor 1.4.24 has no issues with VS 4.16. All is well.

Same here, thank you Dan

Can confirm that 4.16 has solved the issue with NVT OSA. Thanks Dan.
Title: Feature Request
Post by: Telos on January 16, 2018, 05:14:24 pm
Notifications feature request:

Thanks!
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on January 16, 2018, 05:38:38 pm
V.4.16 working nicely here, Thanks Dan ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on January 17, 2018, 01:50:41 am
VS 4.16 working fine here.

I never had any major issues but yes my setup too is simple and not complex, just Windows Firewall + Windows Defender + VoodooShield.. light and effective.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 17, 2018, 05:28:56 am
Wow, it was a very, very long day today, so I will catch up tomorrow... and my internet was down all day ;).  Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on January 17, 2018, 11:10:52 am
VS 4.16 installed yesterday - all fine, no apparent problems

Thanks Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 18, 2018, 04:45:57 am
4.16 running aok here on win7_64
Title: Re: VoodooShield v4 STABLE Thread
Post by: ProTruckDriver on January 19, 2018, 01:34:04 am
4.16 running aok here on win7_64
Same here. Installed 4.16 on Win 7 yesterday. Working good. No problems.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Alexhousek on January 19, 2018, 02:15:42 pm
So, for those of us who are still using 4.15, do we install 4.16 over top of 4.15 or do we need to do a clean uninstall and then re-install 4.16?
Title: Re: VoodooShield v4 STABLE Thread
Post by: ProTruckDriver on January 19, 2018, 02:24:22 pm
I usually install over the top but this time I was having problems with "Maximum Number of Seats", which Dan fixed for me. I did a clean install because of this to be safe.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on January 19, 2018, 04:32:56 pm
I think it depends. if you're not having any problems over the top is fine. Otherwise or just to be safe a clean install.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 19, 2018, 10:25:13 pm
Thank you guys for letting me know!

You should be able to install over the top, but if something goes wrong, just uninstall VS, then reboot the computer and reinstall.

I have been having serious internet issues the last couple of days, but I am up and running now, and I will catch up soon.

Have a great weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: giladfrid009 on January 20, 2018, 12:05:32 pm
found an error with the voodooai.

when using this website: https://csgoswap.com/ and selecting an item and pressing right click on it, then selecting inspect in game, voodooshield promp pops and says voodooai error.
using the latest stable version.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on January 21, 2018, 06:45:22 am
found an error with the voodooai.

when using this website: https://csgoswap.com/ and selecting an item and pressing right click on it, then selecting inspect in game, voodooshield promp pops and says voodooai error.
using the latest stable version.

could be that the item you selected is not an executable file, and IIRC when that happens VAi function of VS does not work.  This is based on my past experience with VS/VAi, ie, I did not go to the URL you reference above.  I suspect Dan will chime in soon.
Title: Re: VoodooShield v4 STABLE Thread
Post by: giladfrid009 on January 21, 2018, 10:16:48 am
found an error with the voodooai.

when using this website: https://csgoswap.com/ and selecting an item and pressing right click on it, then selecting inspect in game, voodooshield promp pops and says voodooai error.
using the latest stable version.

could be that the item you selected is not an executable file, and IIRC when that happens VAi function of VS does not work.  This is based on my past experience with VS/VAi, ie, I did not go to the URL you reference above.  I suspect Dan will chime in soon.

my guess is that it launches some kind of script since it affects external app from chrome (csgo game). maybe voodooai doesnt work with this type of scripts. anyways i'll leave this one for Dan to figure it out.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on January 22, 2018, 04:34:13 am
Do we have anywhere a tutorial on Rules?

I need to lock down %local/temp% on all accounts, and I think I need to delete the default rule before I do anything else.  Of course, this might well be better handled by Custom Folders?

A-a-a-nd, while I'm here, is there an updated user manual yet?  I don't mind using Beta versions, but after a while I'm running blind without current instructions.
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on January 22, 2018, 07:53:34 am
Thanks Dan :) Installing 4.16 now.
Been busy so I am a little behind. Stay Frosty.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on January 24, 2018, 08:51:08 pm
Dan,

I wonder if VS can block command lines executed  using UNC path?

https://www.youtube.com/watch?v=GEYUIDoYjHw

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 25, 2018, 02:11:52 pm
Hi Dan is there any plan to extend the number of "additional web app slots"?

When i let VS autodetect my webapps it finds:

Vivaldi, Mailbird(Mailprogramm), dnscrypt-proxy, winamp, adguardsvc (from Adguard Desktop), lcdrss (rss reader from G15 keyboard), update_notifier (Vivaldi), and my online banking programm.

So all slots are full :D
Maybei it's total overkill to add them, but i thought when a programm got a connection with the internet better be save than sorry.
Any tips if i do it totaly wrong?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 25, 2018, 02:30:27 pm
Not every app that connects to the internet is exploitable. VS is just telling you that it accesses the internet.
Try to concentrate your anti-exploit efforts on apps that actually download content from the web.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on January 25, 2018, 06:03:00 pm
@Shmu26 Sounds like good advice, thanks. I have to resist the urge to add everything :D
So hard...
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 25, 2018, 06:24:50 pm
Yeah, after I made my post, I realized that my definition of exploitable apps needed a little improvement.
Besides apps that download content from the web, let's not forget apps that open content from the web.
For instance, MS Word, Excel and Powerpoint. True, they have a built-in anti-exploit mechanism that locks downloaded docs into read-only format. But if you decide you want to print it or something, and you unlock it, there you are: vulnerable to exploits again.
So if you have room on the list in VS, add them.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on January 26, 2018, 05:25:14 am
... let's not forget apps that open content from the web.

However, let's never forget that while a Blue Shield means your computer is locked, the Red Shield does not mean "Unprotected".

My settings cover only my 3 browsers, on the grounds that those are the most likely vectors for infection.  Since I don't use IRC (and will probably delete it soon) there's no point to including it.

Unfortunately there is malware that directly leverages email for infection, so it is always wise and desirable to disable the "Preview" window which is fully equivalent to opening the message.  Many email clients offer delousing for HTML messages.

And where possible one should set all software to "Ask before downloading" updates--including VS  :o  This gives you the chance to run MBAM or ZAM over the package  8)  I'm sad for those wedded to MS Office but.  Office is still not noted for security considerations, and you have no way of inspecting those "necessary" downloads prior to deploying them.

Even on a Red Shield, VS will still do a very good job of evaluating non-whitelisted apps, so you can remaing cautiously optimistic that all will end cheerfully.
Title: Re: VoodooShield v4 STABLE Thread
Post by: giladfrid009 on January 27, 2018, 07:37:13 pm
noticed a small UI bug with VS.
When sorting the whitelist or the user log in any other way than default, the coloring of the threats, engines and VoodooAi columns disappears.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 28, 2018, 05:29:32 am
I'm sad for those wedded to MS Office but.  Office is still not noted for security considerations
Right. It is better not to use MS Office applications at all.
But if you need to, for business or professional reasons, it is good to add them to the web apps list, if you are the paranoid type.
Title: Re: VoodooShield v4 STABLE Thread
Post by: pavo on January 29, 2018, 06:35:59 pm
But if you need to, for business or professional reasons, it is good to add them to the web apps list, if you are the paranoid type.
I know I've asked this question already on some other forums but nobody could give me the right answer, so I would like to ask again if it's really needed to add MS Office components to web apps? Are there any advantages of doing that?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on January 29, 2018, 06:57:16 pm
Let's take MS Word for example. If you don't add it to the web apps list, then Voodooshield will not toggle on when you open Word. That much you can see for yourself. Besides that, web apps get stricter treatment by Voodooshield, but that's under the hood, so you probably won't see it.
How important is this extra protection? It's debatable, but look, people are all uptight about their browsers and they try to lock them down as much as they can, but when was the last time you heard about a major browser exploit actually taking place? Answer: when you were a few years younger than you are now.
But weaponized MS Office documents are very common.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on January 31, 2018, 08:40:11 am
Sorry I have been away... things are crazy.

Office apps (and others) are protected, even when VS does not toggle to ON.  The whole idea being to create the optimal user experience while making sure the computer is protected.

As I have said many times, there is a lot more going on under the hood than anyone could ever imagine ;).

Thank you guys, talk to you soon ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: pavo on January 31, 2018, 03:49:10 pm
Sorry I have been away... things are crazy.

Office apps (and others) are protected, even when VS does not toggle to ON.  The whole idea being to create the optimal user experience while making sure the computer is protected.

As I have said many times, there is a lot more going on under the hood than anyone could ever imagine ;).

Thank you guys, talk to you soon ;).
Thanks for clarification Dan!
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on January 31, 2018, 04:51:01 pm
I made a post on malwaretips yesterday mentioning how hard it was to get malware downloads. Like you need to input 3 blogs ect.
I then made a joke about in the future they would want the placed my dead relatives were buried. Went to log in this morning only to find I am now banned there too. Guess they took it serious. and so just wanted to let those know why I am not posting there any longer.

Was not sure this thread was a good one to post this.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 31, 2018, 06:05:58 pm
I made a post on malwaretips yesterday mentioning how hard it was to get malware downloads. Like you need to input 3 blogs ect.
I then made a joke about in the future they would want the placed my dead relatives were buried. Went to log in this morning only to find I am now banned there too. Guess they took it serious. and so just wanted to let those know why I am not posting there any longer.

Was not sure this thread was a good one to post this.

Well...this thread is not a place for that, it is obviously about VoodooShield, isn't it  ;)
You do not have to explain anything to us, it is your business.
I guess, Admins on MT are too sensitive for sarcasm and criticisms so you hurt their feelings man!
Bad boredog, bad boredog  ;D

Now I am off topic...bad me... ::)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on January 31, 2018, 06:21:26 pm
It's okay but not to far off topic!  :o
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on January 31, 2018, 06:32:09 pm
Sorry I have been away... things are crazy.

Office apps (and others) are protected, even when VS does not toggle to ON.  The whole idea being to create the optimal user experience while making sure the computer is protected.

As I have said many times, there is a lot more going on under the hood than anyone could ever imagine ;).

Thank you guys, talk to you soon ;).

Hi Dan, this is exactly what we recently talking about, novice to Voodoo people are confused with colour and notification icon so if they see a red icon with OFF letter, think that they are unprotected and to me, that's logical conclusion and I do not blame them for that.
Red icon with OFF letter must be only shown when Voodoo protection is off ( that state now represent black icon in disable/install mode ) but this is not logical state of notification.

Only logical notification ( for me ) is:
1. "LOCK state" and standard blue color (when PC is at risk with web app running)
2. "ON state" and green color icon ( Voodoo is protecting PC but no risky web app running)
3. "OFF state" and red icon ( Vodoo is disabled and not protecting PC )

This is just my opinion  ::)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on February 03, 2018, 07:30:15 am
Sorry I have been away... things are crazy.

Office apps (and others) are protected, even when VS does not toggle to ON.  The whole idea being to create the optimal user experience while making sure the computer is protected.

As I have said many times, there is a lot more going on under the hood than anyone could ever imagine ;).

Thank you guys, talk to you soon ;).

Hi Dan, this is exactly what we recently talking about, novice to Voodoo people are confused with colour and notification icon so if they see a red icon with OFF letter, think that they are unprotected and to me, that's logical conclusion and I do not blame them for that.
Red icon with OFF letter must be only shown when Voodoo protection is off ( that state now represent black icon in disable/install mode ) but this is not logical state of notification.

Only logical notification ( for me ) is:
1. "LOCK state" and standard blue color (when PC is at risk with web app running)
2. "ON state" and green color icon ( Voodoo is protecting PC but no risky web app running)
3. "OFF state" and red icon ( Vodoo is disabled and not protecting PC )

This is just my opinion  ::)

i agree. i dont like seeing red icon
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on February 07, 2018, 05:49:22 pm
The UI crashed twice today but the service remains running!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on February 07, 2018, 11:00:54 pm
I have had no real problems at all since I installed it so far! Long may it continue.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on February 08, 2018, 02:28:18 pm
On my laptop i got the same error as Triple Helix. Nearly 70% of the times after i start the laptop i got the Message and still VS is in the taskbar and seems to work. To lazy to post a screenshot since it would be in german and would mean the same as Triple Helix ones.
Laptop only got Adguard, VS, Sandboxie, WFC and Shadow Defender (not active atm) as security stuff. win 7 64bit.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Denis on February 08, 2018, 05:43:10 pm
I have the same error as Triple Helix, but it is Always with the same software, Air vpn.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 08, 2018, 05:50:48 pm
Sorry I have been away... it has been a rough couple of weeks, but I think we are just about there.

If anyone is experiencing the maximum seats issue, please download 4.17:

https://voodooshield.com/Download/InstallVoodooShield.exe

I will catch up asap, thank you guys!


Title: Re: VoodooShield v4 STABLE Thread
Post by: Lightning_Brian on February 09, 2018, 04:46:02 pm
Hi Dan!

Keep up your great work good man!

PS: Just joined Calendar of Updates, because this website rocks!

~Brian
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 11, 2018, 07:06:40 am
Thank you Brian!

I feel compelled to explain something, because every time a supposed VS bypass is reported, it will take anywhere from 4-10 hours of my time to reply to the inquiries.

https://malwaretips.com/threads/novirusthanks-osarmor.78195/page-35#post-710503

Andy emailed me, and after a couple of quick email exchanges, I realized that the issue was that Softmaker Office had not been hard wired into VS yet for our Anti-Exploit feature.  I actually just heard of Softmaker Office a few days ago, and was going to add it at some point.  No one is at risk, as Andy explained to me in an email “different Office applications often cannot recognize OLE prepared by another program", and I highly doubt that there is a Softmaker Office OLE malware in the wild.

If anyone were to thoroughly test VS's anti-exploit feature (not with just web apps, with commonly exploited Windows files as well), they will find that it is extremely robust and mature... after all, I am the one who introduced this feature years ago, and have had time to optimize it.

Also, @Opcode... instead of talking about it, why not be about it and create the bypass?  I think it will be much more difficult than you think, but I have been wrong before, on at least 2 occasions ;).  But then again, that could have been a test ;).  Sorry, but if I am arguing with someone and they say some really crazy things, then I am going to as well, just to see if they are arguing just to argue (or to see if they know what they are talking about) ;).  It is kinda funny how the 2 happened at the exact same time, huh? ;).  I think "average Joe" would appreciate this if he knew what we were talking about ;).  Two steps ahead....  two steps ahead.

https://malwaretips.com/threads/novirusthanks-osarmor.78195/page-35#post-710512

Besides, as heavily as most AV software now relies on ML/Ai... if you were to successfully modify the file to trick VoodooAi, it is safe to assume that it will trick the others as well.  Not to mention that you will never convince me that a computer should not be locked when it is at risk ;).

If someone wants to bypass VS... it is quite simple... all you have to do is go through all of OSA's rules and test each one.  Make sure you include all of the rules on the Advanced tab that are disabled by default in OSA.  I have not tested each one, but I quickly read through them all, and I think we should have just about everything covered.  If someone does find a bypass, please post it.  If you want me to verify it before you post it, I would be happy to.

Man, I am happy that I do not have to deal with the High School JV crap anymore.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on February 11, 2018, 09:52:50 am
Just wanted to mention im on VS 4.15 and when i click the check for update button it doesn't says that there is VS 4.17 available (and its 4.17 on VS Homepage).
By the way since you talk about hardwired Office products, there is Ashampoo Office which i guess has a small user base but is still a full Office Suite.
Just wanted to mention it since i use it :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on February 11, 2018, 09:58:50 am
Just curious what you like particularly about Ashampoo Office?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 11, 2018, 10:49:39 am
Yeah, I am waiting to automatically update everyone to 4.17, because there might be some changes (long story).  Thank you though!

On a side note (and please quote me on this)... "If you have to cheat to win, you did not win." 

Not that it would ever happen... the best product always wins in the end.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on February 11, 2018, 11:00:00 am
@Shmu26
Got 3 licenses for 18€ or so from their ever occurig sales. I wanted a cheap legit office with no time restriction. I works in sandboxie.

Afaik it got no macro ability.  And i hope with a smaller userbase you get less people trying to exploit that specific software.
And supporting a developer is more easy when its not 50+++ Euro when you just use the software only sometimes.

*Could be totally wrong but from what i remembered when i looked for open office it needed java installed to run and i thought: Java just for office? f no :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on February 11, 2018, 11:05:15 am
@Shmu26
Got 3 licenses for 18€ or so from their ever occurig sales. I wanted a cheap legit office with no time restriction. I works in sandboxie.

Afaik it got no macro ability.  And i hope with a smaller userbase you get less people trying to exploit that specific software.
And supporting a developer is more easy when its not 50+++ Euro when you just use the software only sometimes.

*Could be totally wrong but from what i remembered when i looked for open office it needed java installed to run and i thought: Java just for office? f no :D
Thanks. Good reasons!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on February 11, 2018, 02:31:23 pm
SoftMaker’s FreeOffice and LibreOffice is my No.1
 ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on February 11, 2018, 03:34:41 pm
Same here, I have not had any issues...knock on wood.  ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on February 13, 2018, 03:00:38 am
VS 4.17 running fine.

Realtime protection, Windows Firewall & Defender + VS on Win 10 Pro 64 Bits.
Title: Re: VoodooShield v4 STABLE Thread
Post by: jerzy6012.50 on February 13, 2018, 08:47:07 am
version 4.17 works well no problems.  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on February 14, 2018, 11:12:53 am
4.17 seems to be fine here

Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on February 14, 2018, 05:29:25 pm
I'm still on 4.16 and awaiting that updates works on!
Am I  waiting in vain or this feature will be active from v4.17 or 18, Dan?
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on February 14, 2018, 11:15:10 pm
He answered this a few posts ago.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on February 15, 2018, 12:05:49 am
Dan said:
"Yeah, I am waiting to automatically update everyone to 4.17, because there might be some changes (long story).  Thank you though!"

So I wait too see how it goes... ::)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 17, 2018, 03:47:42 pm
Hey everyone, sorry I have been away, I hope to return soon.  My dog Molly, who is 11 years old, has been very sick the last couple of weeks, so I have been spending a lot of time with her.  It started a few month ago, but she is getting worse... but now there is a chance she is getting better, we will see.

The next version will be ready very soon.  I just need to add some new potentially exploitable apps (like Softmaker) to our anti-exploit feature.  There is already a massive list, but it appears that I was unaware of a few.

Also please check this out when you get a chance... https://avlab.pl/en/best-free-antiviruses-2018-recommended-avlab-home-users-and-small-business

“We recommend VoodooShield software literally to all users who have a bit of technical knowledge and are not afraid to experiment. VoodooShield is not based on signatures or behavioral analysis, so it can be installed next to another anti-virus. VoodooShield can completely replace traditional anti-virus software, far outweighing the effectiveness of protection available in this ranking of security solutions.”

Have a great weekend, thank you guys for your help!



Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on February 17, 2018, 04:39:21 pm
Also please check this out when you get a chance... https://avlab.pl/en/best-free-antiviruses-2018-recommended-avlab-home-users-and-small-business

Thanks for that link Dan, it was eye-opening.  I was taken by a throwaway:
Quote
VoodooShield can not even remove viruses from already infected systems (although according to the manufacturer, this functionality may appear in the next versions).

Er, Dan, NO!  Just don't.  I purchased VS because it is bloat-free and super light on system resources--even if I do have to switch off the cloud scanning to speed up opening applications.  But cleaning infected files requires all the "enumerating badnness" resources that traditional AVs encumber our boxes with.  If I want infected files "cleaned", there is no question that (for example) Avast! is immeasurably better equipped, or Panda, or Kaspersky, or...  I got rid of Avast because it was too much drain on my box.  And how will you detect an infected file?

So please tell us AvLab have misquoted you?

I wish Molly all the best.  Spend all the time you need with her.  Unfortunately bringing her to Oz is not on due to quarantine restrictions, but the hot dry summer here would definitely help.  Maybe a quick trip to Argentina?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 17, 2018, 05:56:30 pm
Thank you, I appreciate that!  That is exactly what our business advisors said... "eye opening".  I have been trying to tell them for quite some time that if anyone were to test VS and compare it to other products, they would see what I have been seeing the last several years... and now they are starting to understand that everything that I have been telling them is not my own biased opinion... it is all based on testing.  But some people would rather speculate than to test.  I knew VS would do well in the test, but I was not expecting that optimal of a result ;)... especially since everyone believes they have the "best" product.

I see exactly what you mean about malware removal... trust me, we are not going to try to be a jack of all trades.  Our focus is simply to lock the computer when it is as risk, which is why we do not have a web filter ;).  We are not going to be scanning drives and removing malware... rather, VoodooAi is already scanning all of the whitelisted processes... and at some point we might notify the user if something is super high.  It is a very, very long story, but trust me, I know exactly what you are talking about, and I am not going to mess up VS ;).  I will explain it asap, and it will all make sense ;).  I recently met a data scientist who is building our own custom VoodooAi, and it is almost finished... his name is Christopher and he is doing amazing work, and it will be ready soon.

Here is the latest version that includes Softmaker and a couple of media players that I did not think of adding to our anti-exploit... this version should also reduce any odd blocks that you guys might have experienced.  But if anyone experiences an unexpected block, please let me know!

https://voodooshield.com/Download/InstallVoodooShield418.exe

Yeah, Molly and I are going to go to our favorite restaurant today, then go to the park.  I am hoping she is going to pull through.  When I took her into the vet the other day, they pretty much told me that her time was limited.  I thought it was an allergic reaction to the medication they put her on, but they did not think so.  Well, we took her off of the medicine and she seems to be doing better, except last night was really scary, but she seems to be doing fine today.  Either way, I am going to spend as much time with her as possible... although she is with me all of the time (helping me work on VS ;)), I am going to focus only on her for the time being.  Besides, VS is pretty much complete now ;).  Thank you guys!

Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on February 17, 2018, 08:23:46 pm
You certainly have your priorities in order Dan. Being a life long dog lover meself, it is all a no brainer. Stay close to your friend. They are always our BEST friends.
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on February 17, 2018, 10:33:49 pm
You certainly have your priorities in order Dan. Being a life long dog lover meself, it is all a no brainer. Stay close to your friend. They are always our BEST friends.

+1
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on February 17, 2018, 11:54:44 pm
Hi Dan, wishing you and Molly all the best.
Our family and pets are the most important.
V4.18 is running without any problem here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 18, 2018, 04:45:41 am
Thank you guys, I appreciate that!  The really funny thing is that Molly has a lot more to do with VS than anyone will ever realize.  Basically, throughout the years, whenever I would be coding and was stuck / stumped, Molly and I would go on a 20-30 minute walk... and I SWEAR, 100% of the time I had the problem figured out by the time we returned.  This happened 100+ times, and one day in particular, 6 times in one day.  She also lays on the bed or the rug and looks at me and makes a loud sigh (just like a pissed off girlfriend does)... and lets me know that I am working too much and that she is extremely annoyed because of that.  Anyway, VS would have never reached this point without her... and I am not just saying that.  BTW, she had an amazing day today... we went to her favorite restaurant (Rock 'n Brews), then to the park, then to the doggie toy store (Petsmart), then to Chipotle for a Chicken and Rice bowl.  She is taking a nap now.

Anyway, 4.18 had a bug because I completely forgot that I had updated a dll and did not include it in the build.  So whether you are having issues with 4.18 or not, it would not be a bad idea to uninstall 4.18, reboot and reinstall this version.

https://voodooshield.com/Download/InstallVoodooShield418b.exe

Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on February 18, 2018, 11:39:19 am
I just need to add some new potentially exploitable apps (like Softmaker) to our anti-exploit feature.  There is already a massive list, but it appears that I was unaware of a few.

Dan, do try not competing with established AV names.  All those are experts at "enumerating badness", they do it for a living.  Your early editions did seem to have the balance more or less right, hard-coded common browsers and other common internet-facing programs.  But continuously adding more and more apps to the list, where do you stop?  100?  500? 1,000? 1,000,000?

FWIW, VS knows about the only three browsers on my box, and no other software.  I did realise after a conversation with you about this, that there is a very simple LifeHack here: if in doubt, just light up a browser, any browser!  The shield turns blue, and suddenly there are cops everywhere!  Having said that, most of my software does not have to reach outside the box for their goodies, and my email client (Gammadyne Clyton) has very good message HTML defanging capabilities.  And let's face it, Lotus SmartSuite must be about the most secure office productivity package on the planet right now!  ATM I'm using Smart (Default) and relying on the whitelist backed up by monthly scans with Zemana and MBAM.

When I've installed 418b, I'll turn on the scanning again to see if it's still scanning my whitelisted apps.  I always thought that whitelisting was designed to eliminate constant inspection.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on February 18, 2018, 11:46:37 am
Hi Dan - sorry to hear about Molly. I know how important my own dog is to me so can imagine what you are going through. I do hope she comes right.

Thanks for 4.18 - will install later.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on February 18, 2018, 03:17:36 pm
after uninstalling 4.16 using revo and reboot on my win1064bit, i installed 4.18b. after snapshot and first use, vs blocked c: programdata\microsoft\windows defender\platform\4.12.17007.18011-0\mpcmdrun.exe. i love vs-just want to bring this to your attention. thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on February 18, 2018, 04:00:52 pm
Hi Dan, wishing you and Molly all the best

VS 4.18b running fine on Win 10 Pro 64 Bits
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on February 18, 2018, 10:32:20 pm
v4.18b working very well here Dan! Take care of Molly!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on February 19, 2018, 10:04:33 am
Hi Dan, glad you are well this time of year, but sorry to hear Molly is under the weather :(
Lots of hugz, and a prayer for Molly.
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on February 19, 2018, 01:00:55 pm
win1064bit, vs4.18b    vs just blocked c:\windows\system32\msiexe.exe-embedding 45866e8469......etc..e global\msi0000  file not digitally signed.    anyone else seeing these blocks?  i never got these in 4.16.  thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on February 19, 2018, 03:54:55 pm
I got those blocks running 4.17.  Just installed 4.18b so not enough experience to make a final determination if it is fixed.
Title: Re: VoodooShield v4 STABLE Thread
Post by: YoWhatsUp on February 19, 2018, 05:06:14 pm
I hadn't visited this forum in a while, today I went to the voodooshield official site and it said the 4.17 version is the official stable one, "Download VS 4.17 Free", but I have 4.15 and when I click check for updates it says I have the latest version. KC Sumo also didn't detect any updates, and if there's any program that will find even the tiniest non existing update, that would be Sumo, so something is wrong here, I imagine with VS
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on February 20, 2018, 06:59:16 am
 It's often frowned on to post questions without reading the forum. Reading back a page or 2 will answer your question. Put in the effort!
 Also SUMO makes alot of mistakes with beta vs stable releases. If SUMO is not picking up an update for V.S. then "I imagine" go post on KC Softwares forum about what is wrong.
Yes this was snarky!
snark·y
[ˌsnärkē]
ADJECTIVE
informal
NORTH AMERICAN
    (of a person, words, or a mood) sharply critical; cutting; snide:
    "the kid who makes snarky remarks in class"
        cranky; irritable:
        "Bobby's always a bit snarky before his nap"
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on February 20, 2018, 02:08:13 pm
Thank you guys, I appreciate that!  The really funny thing is that Molly has a lot more to do with VS than anyone will ever realize.  Basically, throughout the years, whenever I would be coding and was stuck / stumped, Molly and I would go on a 20-30 minute walk... and I SWEAR, 100% of the time I had the problem figured out by the time we returned.  This happened 100+ times, and one day in particular, 6 times in one day.  She also lays on the bed or the rug and looks at me and makes a loud sigh (just like a pissed off girlfriend does)... and lets me know that I am working too much and that she is extremely annoyed because of that.  Anyway, VS would have never reached this point without her... and I am not just saying that.  BTW, she had an amazing day today... we went to her favorite restaurant (Rock 'n Brews), then to the park, then to the doggie toy store (Petsmart), then to Chipotle for a Chicken and Rice bowl.  She is taking a nap now.

Anyway, 4.18 had a bug because I completely forgot that I had updated a dll and did not include it in the build.  So whether you are having issues with 4.18 or not, it would not be a bad idea to uninstall 4.18, reboot and reinstall this version.

https://voodooshield.com/Download/InstallVoodooShield418b.exe

Thank you guys, talk to you soon!

Thanks Dan, I am not having any issues with VS 4.18 that I am aware of. I guess I will uninstall and install 4.18b. as you have mentioned. Again thank you for all your hard work! :)

BTW: I believe every word that you say about Molly. She's so in-tuned to you. She helps you with all of your stress and answers your issues resolving everything in your life. This is a special bond that cannot be replaced. It's truly a deep love between the two of you. I hope Molly continues to have many more good days.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on February 20, 2018, 05:09:53 pm
I know, way off topic.

Dan,  I get it about Molly, Gentle loving care is what any animal deserves. And the payoff is what you see.

"The greatness of a nation can be judged by the way its animals are treated". - Mahatma Gandhi -

And  v.4.18b is running as expected. ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on February 21, 2018, 08:34:44 pm
4.18b working well here, no problems to report at all.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on February 21, 2018, 11:34:52 pm
Dan,

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 22, 2018, 03:17:28 am
Thank you guys for all of the support, we appreciate it!

I certainly do not want to turn this into a Molly thread, but I do want you guys to know what is going on.  Molly has been not quite right for a few months, and she started to get worse.  We moved up her yearly physical a couple of weeks ago, and all of the standard tests results turned out great.  Anyway, she was still having symptoms, and the doctor gave me several options for which next step to take.  I researched the heck out of it and figured the next best step was to do a chest x-ray, because if it was a kidney stone or some kind of tumor, it would show up.  So on Monday, an x-ray was taken and she has a baseball to softball sized mass next to her spleen.  The doctor recommended that we put her to sleep because the odds are against her.  I came home and did some more research and found this thread:

https://www.veterinarypracticenews.com/is-it-cancer-never-assume/

So basically, I have two choices… put her to sleep within 2 or so weeks, or take a chance and elect to have the surgery.  I know exactly what she would want to do… she has so much life left in her (she still acts like a puppy), that she would want to take the chance and have the surgery.  So she is scheduled for surgery in the morning, and if you ask me (after doing all of the research and knowing how great of shape she is in otherwise), I believe the odds are in her favor… I will let you guys know.

If anyone is experiencing any issues with VS 4.18b, please let me know.  There are a couple of computers with issues, but otherwise I believe we are in great shape, and I will be back to work on VS soon.  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 22, 2018, 03:18:48 am
Dan,

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?
Real quick... yeah, if VS cannot perform the blacklist / VoodooAi analysis, then the item is denied by default.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on February 22, 2018, 03:44:33 am
Dan,

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?
Real quick... yeah, if VS cannot perform the blacklist / VoodooAi analysis, then the item is denied by default.  Thank you!
I meant, programs are allowed and not blocked or alerted.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on February 22, 2018, 04:30:29 pm
Thank you guys for all of the support, we appreciate it!

I certainly do not want to turn this into a Molly thread, but I do want you guys to know what is going on.  Molly has been not quite right for a few months, and she started to get worse.  We moved up her yearly physical a couple of weeks ago, and all of the standard tests results turned out great.  Anyway, she was still having symptoms, and the doctor gave me several options for which next step to take.  I researched the heck out of it and figured the next best step was to do a chest x-ray, because if it was a kidney stone or some kind of tumor, it would show up.  So on Monday, an x-ray was taken and she has a baseball to softball sized mass next to her spleen.  The doctor recommended that we put her to sleep because the odds are against her.  I came home and did some more research and found this thread:

https://www.veterinarypracticenews.com/is-it-cancer-never-assume/

I hesitated for a moment then decided to post. Some years back I had a Border Collie that I got when he was 8 weeks. Twelve years later he was looking was not looking good. Trips to the vet pretty much pointed to old age. We walked and hiked in the mountains on a regular basis throughout his life. On his last Christmas morning I let him out to pee and he just fell over onto his side with stiff legs straight out. Picked him up, looked into his eyes and said "OK, we'll go to the dog place". That was the vet to him. He opened his eyes very wide and informed me absolutely not. I told him I understood. We ended up getting him cortisone. He was able to go on moderate walks with me for another six months when I had finally had to put him down. The point is, if possible, they should have a say in this profound decision. Dan, I am pleased you made the decision you made.

I hesitated for a moment then decided to post. Some years back I had a Border Collie that I got when he was 8 weeks. Twelve years later he was looking was not looking good. Trips to the vet pretty much pointed to old age. We walked and hiked in the mountains on a regular basis throughout his life. On his last Christmas morning I let him out to pee and he just fell over onto his side with stiff legs straight out. Picked him up, looked into his eyes and said "OK, we'll go to the dog place". That was the vet to him. He opened his eyes very wide and informed me absolutely not. I told him I understood. We ended up getting him cortisone. He was able to go on moderate walks with me for another six months when I had finally had to put him down. The point is, if possible, they should have a say in this profound decision. Dan, I am pleased you made the decision you made.

I hesitated for a moment then decided to post. Some years back I had a Border Collie that I got when he was 8 weeks. Twelve years later he was looking was not looking good. Trips to the vet pretty much pointed to old age. We walked and hiked in the mountains on a regular basis throughout his life. On his last Christmas morning I let him out to pee and he just fell over onto his side with stiff legs straight out. Picked him up, looked into his eyes and said "OK, we'll go to the dog place". That was the vet to him. He opened his eyes very wide and informed me absolutely not. I told him I understood. We ended up getting him cortisone. He was able to go on moderate walks with me for another six months when I had finally had to put him down. The point is, if possible, they should have a say in this profound decision. Dan, I am pleased you made the decision you made.

So basically, I have two choices… put her to sleep within 2 or so weeks, or take a chance and elect to have the surgery.  I know exactly what she would want to do… she has so much life left in her (she still acts like a puppy), that she would want to take the chance and have the surgery.  So she is scheduled for surgery in the morning, and if you ask me (after doing all of the research and knowing how great of shape she is in otherwise), I believe the odds are in her favor… I will let you guys know.

If anyone is experiencing any issues with VS 4.18b, please let me know.  There are a couple of computers with issues, but otherwise I believe we are in great shape, and I will be back to work on VS soon.  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on February 22, 2018, 04:45:01 pm
@ Dan and maybe others. Having a problem with posting for some reason so trying again here.
I hesitated for a moment then decided to post. Some years back I had a Border Collie that I got when he was 8 weeks. Twelve years later he was looking was not looking good. Trips to the vet pretty much pointed to old age. We walked and hiked in the mountains on a regular basis throughout his life. On his last Christmas morning I let him out to pee and he just fell over onto his side with stiff legs straight out. Picked him up, looked into his eyes and said "OK, we'll go to the dog place". That was the vet to him and he knew I meant to have him put down. He opened his eyes very wide and informed me absolutely not. I told him I understood. We ended up getting him cortisone. He was able to go on moderate walks with me for another six months when I had finally had to put him down. The point is, if possible, they should have a say in this profound decision. Dan, I am pleased you made the decision you made.
Title: Re: VoodooShield v4 STABLE Thread
Post by: YoWhatsUp on February 22, 2018, 05:12:57 pm
If you open the whitelist and delete an item from it, the system files' font color will turn from red to black until you close the whitelist and open it again, works with both "fullscreen" and non-fullscreen whitelist. Would be nice if the fullscreen was actually full screen btw, or at least big enough, right now it's barely bigger than non-fullscreen. Also would be cool if we could choose whether we want VS to automatically turn off when an installer is ran. I remember it didn't use to do that before, now it does, I want to see what's running during installations, a simple checkbox would suffice. Btw, what does the VS transparency slider do? Cuz I didn't notice it doing anything
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on February 22, 2018, 05:45:35 pm
When Molly went in for surgery today, in addition to the cantaloupe sized tumor on her spleen, they found that her liver was in really bad shape as well, so we decided to put her to sleep.

She was actually very, very happy this morning (she was truly the happiest dog in the world), so I am happy that she did not have to suffer terribly the last few days or weeks of her life... she was happy all the way until the end.

I mentioned a while back on wilders that I had only experienced pride once in my life (possibly twice, I cannot remember), but the time that I remember was when Molly shared her food with another dog.  It is time to make Molly proud.

Hopefully I will be ready to get back to work on Monday morning.  Thank you guys for everything!

Here is a silly video and a few of my favorite pics of Molly with some of the people who loved her.

https://voodooshield.com/Molly.zip
Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on February 22, 2018, 06:25:38 pm
WOW....Thanks for the zip Dan :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on February 22, 2018, 08:07:17 pm
Sorry for your lost Dan I know it hurts to lose a great friend! :(

Daniel
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on February 22, 2018, 10:17:54 pm
I really feel for you Dan, it is hard when we lose a friend like that.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on February 22, 2018, 11:12:44 pm
For all dog lovers...
https://www.facebook.com/ScienceNaturePage/videos/1264951810303741/ (https://www.facebook.com/ScienceNaturePage/videos/1264951810303741/)
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on February 23, 2018, 03:57:54 am
Dan,

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?

Yes.  Due to unacceptable 1-3 second delays in scanning I run with this setup.  Sometimes a less used program will be queried, then VS will complain about lack of internet access, but I do get the chance to roughly trample on the complaint.

I do this because all my apps are scanned prior to launch, even though they are whitelisted.

@Dan - I know VS takes the hash value of snapshot programs, and it is good (best?) practice to suss briefly before launch, but given that calculating the hash only requires a couple of msecs, could VS run a hash check for whitelisted apps?  Even MD5 would do a sufficient job of validation.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on February 23, 2018, 09:49:11 am
Sorry for you loss Dan. It's always sad when a loved animal companion dies :(

Not sure if its the same thing as groblimey said but i would like to know if i can make a rule for lets say firefox and tell VS that as long as the
hash (or whatever) didnt change it is considers as safe and launched with out any other checks or so?
I don't wanna whitelist whole folders just an exe (as long as it's not changed).[To be more precise i wanna lunch ff in sandboxie and for my thinking
as long as i dont install an update the two programms are either safe or a got a problem and my pc is compromised anyway]

When i look at my whitelist some programms seem to be there 3 times with different dates, hases and so on. For me it seems as the whitelist gets "cluttered" with old stuff (like a programm got updates and the old hash still exist in the whitelist).
So do i have to clean the whitelit from time to time by hand or do i just understand it wrong?

Im happy for any tips :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on February 23, 2018, 10:53:41 am
Brave decision Dan, but the right one and sorry for your loss. She will always live on in your head as all mine do. Do not punish yourself by not getting another dog or feeling disloyal, she will understand. They leave such a hole in your life when they go.

To keep on topic. 4.18 running ok here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on February 23, 2018, 04:19:02 pm
Dan,
Very sad to hear of your loss. My condolences.
Silver
Title: Re: VoodooShield v4 STABLE Thread
Post by: frowner on February 23, 2018, 04:45:21 pm
Dan ,sorry for your loss ,always sad when  a loyal animal companion passes .
Title: Re: VoodooShield v4 STABLE Thread
Post by: ProTruckDriver on February 23, 2018, 06:49:12 pm
Dan, sorry for your loss. :(  We had to put our 13 year old Labrador Retriever to sleep about 7 months ago and I feel your loss. They are loyal companions.
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on February 24, 2018, 07:53:57 am
 My condolences also Danny..that is very cool dog and thanks for sharing a small part of your great life
Nancy & Gordon
Title: Re: VoodooShield v4 STABLE Thread
Post by: pavo on February 25, 2018, 04:44:38 pm
I shouldn't have to come here today... :(
I am so sorry for your loss Dan...
Take care and remember that all dogs go to heaven...
Title: Re: VoodooShield v4 STABLE Thread
Post by: Azure Phoenix on February 25, 2018, 07:51:12 pm
Dan, were you aware of a possible incompatibility between VoodooShield and Forticlient?
https://malwaretips.com/threads/voodooshield-doesnt-work-with-forticlient.79511/#post-713808 (https://malwaretips.com/threads/voodooshield-doesnt-work-with-forticlient.79511/#post-713808)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on February 26, 2018, 06:57:26 pm
Sorry for your loss Dan! Thank you for sharing her with us. My heart goes out to you. :'(

Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on February 26, 2018, 10:58:15 pm
VoodooShield Beta up and running smoothly here! Thanx Dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 01, 2018, 02:59:52 pm
Thank you everyone for your support, I really appreciate it!  I spent all day Saturday at the various shelters looking for a dog... there were a few that were 99% perfect for me, but none that were 100%.  So I came home and checked my email, and there happened to be an email from a smaller shelter about a puppy that I wanted to meet.  Anyway, long story short, they asked if I had time to come out and meet her, so I did and fell instantly in love... her name is Gracie, and she is an Australian Cattle (Cuddle) Dog / Lab (we believe) Mix.  I will post pics and tell you more about her in the future, but I really better focus and stay on topic for now ;).

So I have been back to work on VS since Monday... just trying to fix these last 3-4 bugs.

For the users who are experiencing the "VoodooShield is not responding" bug on startup, I know what the issue is, and I just need to figure out the best way to fix it.  Basically, the VoodooShield service is trying to start the GUI twice.  I tried a fix the other day, but it needs to be tweaked a little more.

I also looked at the FortiClient / Chrome / VS bug, and could not reproduce the issue... so I am thinking that it is a FortiClient Chrome extension or something that is causing the issue.  If anyone is having this problem, can you please give me a little more info?

Also, there should be very few unexpected blocks with 4.18b, but if anyone experiences some, can you please post the process and parent process?  Also, if anyone is experiencing a lot of blocks, please post the actual blocks... not something like "VS is blocking tons of stuff".  The blocks are logged, and I am not seeing that many unexpected blocks.

I will catch up on the posts I need to respond to asap... obviously it would be better for me to not respond to all of the posts about Molly, but you guys know that I really appreciate your kind thoughts!

Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 01, 2018, 03:24:17 pm
vs just blocked windows\temp\97764c36...............\mpsigstub.exe                 this turned off threat protection in windows defender. when i did manual update for wd, it said threat protection was not working.  love vs. thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 02, 2018, 11:29:37 am
Hi Dan, sometimes i got no visual indicator if the program is good or bad.
It misses the black thingy that indicates on the "green to red scale" if the program is good or bad.
VS 4.17 still here.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Azure Phoenix on March 02, 2018, 02:19:48 pm
@VoodooShield

Dan, I talked with Slyguy. He said you need to enable the exploit protection on Forticlient.

https://malwaretips.com/threads/voodooshield-doesnt-work-with-forticlient.79511/#post-715042
1) Install FortiClient.
2) Go to the AV tab, click the 'Gear' next to the virus scanner menu to the right.
3) Once in settings for the AV after client elevation, enable FortiClient Exploit Protection.
4) Hit OK twice. let the exploit engine start up (5 seconds).
5) Now try to load Chrome, it crashes immediately.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 03, 2018, 04:01:35 pm
Thank you AP!  I tested the heck out of FortiClient, Chrome and VS, and it worked perfectly for me, even when Chrome was not excluded… here is a small sample of my testing.  Please let me know if you see something else I should try.

https://www.voodooshield.com/Artwork/FortiClient.webm

Here is the latest version of VS... there were a couple of small bug fixes, like the Ai indicator not being visible... but the main fix was reworking the way that the VoodooShieldService starts VS... the old way was causing issues, so hopefully this will fix everything.  If not, please let me know!  I am going to reply to a couple of posts now, and hope to catch up on the rest soon, thank you guys, have a great weekend!

https://voodooshield.com/Download/InstallVoodooShield419.exe
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 03, 2018, 04:02:26 pm
vs just blocked windows\temp\97764c36...............\mpsigstub.exe                 this turned off threat protection in windows defender. when i did manual update for wd, it said threat protection was not working.  love vs. thanks
Thank you for letting me know... if it happens again, can you please let me know what the parent process is? (by clicking "Details" in the VS prompt).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 03, 2018, 04:05:05 pm
Hi Dan, sometimes i got no visual indicator if the program is good or bad.
It misses the black thingy that indicates on the "green to red scale" if the program is good or bad.
VS 4.17 still here.
Thank you for letting me know... yeah, I know exactly what is up with this... it is basically an invalid VoodooAi result that was accidentally stored in the database.  It is fixed in VS now, but it will continue to be a small issue until we upgrade everyone to 4.19.  In the meantime, I scheduled a task (runs twice a day) to delete any invalid VoodooAi results in the database.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 03, 2018, 04:08:54 pm
Dan,

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?

Yes.  Due to unacceptable 1-3 second delays in scanning I run with this setup.  Sometimes a less used program will be queried, then VS will complain about lack of internet access, but I do get the chance to roughly trample on the complaint.

I do this because all my apps are scanned prior to launch, even though they are whitelisted.

@Dan - I know VS takes the hash value of snapshot programs, and it is good (best?) practice to suss briefly before launch, but given that calculating the hash only requires a couple of msecs, could VS run a hash check for whitelisted apps?  Even MD5 would do a sufficient job of validation.
Yeah, I see what you mean... and VS is not supposed to be scanning whitelisted items at all.  Do you have any of VS's settings set to anything other than default?  Maybe one of the non default settings is making VS scan the files? 

Also, if you can give me a quick step by step procedure on how to make VS scan a whitelisted item, I will have it fixed in less than 2 minutes ;).  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 03, 2018, 10:18:43 pm
vs 4.19  win1064bit    vs just blocked c:windows\service~2\network~1\appdata\local\temp\(67............)mpsigstub.exe      did not turn off windows defender this time.  thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 03, 2018, 10:24:30 pm
2nd attach
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 04, 2018, 11:00:08 am
Yeah, I see what you mean... and VS is not supposed to be scanning whitelisted items at all.  Do you have any of VS's settings set to anything other than default?  Maybe one of the non default settings is making VS scan the files? 

Also, if you can give me a quick step by step procedure on how to make VS scan a whitelisted item, I will have it fixed in less than 2 minutes ;).  Thank you!
[/quote]
Hi Dan, for me it seems that you can enable everything on the Basic page as long as you don’t also enable „automatically allow all software from the program folder“ starting programs in a sandbox is slow.(atleast when you disabled automatically allow by parent process under advanced settings.)
And the programms were used all the time so they were in the whitelist.

So in short, while automatically allow by parent process is disabled its like:
automatically allow all software from the program folder (enabled) >all good
automatically allow all software from the program folder(disabled)> slow broweser start and so on

For me as a novice user it seems like automatically allow all software from the program folder is mandatory whatever else i choose to tick/untick and that shoudn’t be (with a whitelist.)

VS 4.19 installed now. The text above still is valid for me.

P.s How about an "cleanup whitelist button" to get rid of the old entrys in the whitelist for programs that don't exist any more under the listed hash?
Is there any option to change the size of the VS shield icon (the thing on the desktop not the one in the taskbar)? I would like to make the VS shield icon from my laptop smaller (laptop is conncted to a tv and the icon seems to large for my taste). I know first world problems but im curious :)

Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on March 04, 2018, 05:03:02 pm
419 applied and all very smooth on machines Dan :) ..
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on March 05, 2018, 01:57:55 am
4.19 doing me real good, Dan  8)

win 10 Home 64 bt
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 05, 2018, 01:46:37 pm
Yeah, I see what you mean... and VS is not supposed to be scanning whitelisted items at all.  Do you have any of VS's settings set to anything other than default?  Maybe one of the non default settings is making VS scan the files? 

Also, if you can give me a quick step by step procedure on how to make VS scan a whitelisted item, I will have it fixed in less than 2 minutes ;).  Thank you!

Thanks for looking at this Dan.  I've emailed you the logs and DBs.  I'll repeat what I said in the email: "I don't think I have non-standard settings, apart from disabling cloud scanning"

I should comment now, that I am only assuming VS is going online, unfortunately Glasswire does not yet have user profiles so I cannot check VS is phoning home.

OK.  Step-by-step...  I'm humbly--no, cancel the humble bit--confused.  I'm sure you don't want me to tell you how to code your programs.  So, how to make VS scan whitelisted programs?  Outside of making Rules, which I haven't touched yet, it appears there's no way.  VS lights up at Startup, and I ignore it until a message appears.  Simple, yes?  HOWEVER...  If I enable the three Advanced settings, VS phones home for advice.  Disabled, no delays.  I'm afraid that's the best my B-Boomer mind can do.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on March 07, 2018, 02:05:25 am
I installed 4.19 over 4.18 and was working fine on win7x64, but then the VS service unexpectedly crashed.  Not obvious reason why.  Then the next day (today) I left browser open on a more or less static page and VS was in smart mode and left it on for a few hours, and when I came back to the pc, VS service had crashed again.  I skimmed the logs, I don't see anything that obviously caused the crash.  4.19 seems ok and stable until it crashes.  I restarted VS and about 4 hours ago and have been using pc heavily without incident.  One of those hard to find bugs, or perhaps a conflict with...?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 07, 2018, 06:53:34 pm
Thank you for letting me know... that is quite odd, but there are only a couple of things it could be, since only a couple of changes were made to the service from 3.0 to 4.0.  So if it continues to happen with 4.20, please let me know, and I will compare the code to see what might be causing that.

Here is 4.20: https://voodooshield.com/Download/InstallVoodooShield420.exe

This version is all about usability tweaks, and it should be super fast.  I believe the unnecessary scanning is fixed, along with unnecessary blocks.

Thank you guys, I will catch up on the posts I missed asap!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 08, 2018, 01:56:36 pm
Dan since installing v4.20 over top I get this on Reboot so I tried a clean reinstall with a reboot in between and still getting the same message but after closing the message windows VS seems to be running fine. Win 10 Pro x64 Build 1709 (16299.251)



Title: Re: VoodooShield v4 STABLE Thread
Post by: j9ksf on March 08, 2018, 02:36:26 pm
Same here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 08, 2018, 02:45:49 pm
Getting the same dialog box as TH in an endless loop. Right clicking taskbar icon starts it!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 08, 2018, 03:24:15 pm
I see... thank you guys for letting me know... I think I know what is up with that, and it should be an easy fix.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 08, 2018, 04:14:54 pm
Last windows10 cumulative update (KB4090913) installed day before.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 08, 2018, 04:39:41 pm
That is a bummer that did not work... how is this? https://voodooshield.com/Download/InstallVoodooShield420b.exe

Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 08, 2018, 04:47:09 pm
That did the trick.................. but a tad slower rebooting and not as responsive opening the site!
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 08, 2018, 05:56:46 pm
Dan since installing v4.20 over top I get this on Reboot so I tried a clean reinstall with a reboot in between and still getting the same message but after closing the message windows VS seems to be running fine. Win 10 Pro x64 Build 1709 (16299.251)

I also received this message but only once after I installed and rebooted yesterday, it hasn't happened since and I do shutdowns and reboots often.
Win 10 x64
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on March 09, 2018, 04:06:45 am
That is a bummer that did not work... how is this? https://voodooshield.com/Download/InstallVoodooShield420b.exe

I'm not seeing TH's 4.20 reboot issue on my win7x64.  Should I stick with 4.20 or install 4.20b?
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 09, 2018, 04:20:56 am
vs4.20 win764bit       vs just blocked c:windows\installer\msi162e.temp   (see attach)
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 09, 2018, 05:13:49 am
Installed 4.20 over 4.18 last night, allowed all scanning but still disallowing cloud-source whitelisting: so far app starts are very snappy :D including the browsers ;D

Now, if Glasswire can get multi-user, we should have a solid brass protection system!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:32:30 am
That is a bummer that did not work... how is this? https://voodooshield.com/Download/InstallVoodooShield420b.exe

I'm not seeing TH's 4.20 reboot issue on my win7x64.  Should I stick with 4.20 or install 4.20b?
Very cool, thank you guys!  It is probably better to install 4.20b.  We should have the public release very soon, and you will want to upgrade to that for sure.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:33:31 am
vs4.20 win764bit       vs just blocked c:windows\installer\msi162e.temp   (see attach)
Thank you for letting me know!  If you guys see any blocks, can you please let me know what the parent process is as well?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:34:40 am
Installed 4.20 over 4.18 last night, allowed all scanning but still disallowing cloud-source whitelisting: so far app starts are very snappy :D including the browsers ;D

Now, if Glasswire can get multi-user, we should have a solid brass protection system!
Very cool, thank you for letting me know!  Yeah, VS 4.0 is almost ready finally!  Sorry it took so long... it will be worth it though ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 09, 2018, 06:01:41 am
Sorry it took so long... it will be worth it though ;).

Long?  It took {insert deity here} 13,799,000,000 ± 21,000,000 years to fix the previous Universe Model which unexpectedly imploded soon after the blue touch-paper https://cjewords.blogspot.com/2009/06/light-blue-touch-paper.html (https://cjewords.blogspot.com/2009/06/light-blue-touch-paper.html) was lit. :-[ That's a long time! 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 09, 2018, 04:28:03 pm
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20 is running perfectly on my machine, it is faster and lighter, comfortable.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 09, 2018, 04:34:28 pm
4.20b runnin' smoothly here!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 04:46:36 pm
Sorry it took so long... it will be worth it though ;).

Long?  It took {insert deity here} 13,799,000,000 ± 21,000,000 years to fix the previous Universe Model which unexpectedly imploded soon after the blue touch-paper https://cjewords.blogspot.com/2009/06/light-blue-touch-paper.html (https://cjewords.blogspot.com/2009/06/light-blue-touch-paper.html) was lit. :-[ That's a long time! 8)
Very true :).  Yeah, if VS were not so complex and sophisticated under the hood, VS 4.0 would have been bug free a couple of months ago.  I think most people understand this, and further understand that if VS were to simply lock the computer and call it a day, we would have been done years ago.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:02:44 pm
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20b is running perfectly on my machine, it is faster and lighter, comfortable.
Thank you BryanB for letting me know!  Well, if you ask me, I would say that is the correct result, since it is an unknown file.  It even explains to the user how to handle the prompt.  I think it would be a great idea for users to try some of the other deny-by-default products and compare the number of unnecessary prompts.  I happen to have the luxury of being able to review my local client's VS logs when I am working on their computers, and I know how few blocks they experience.  We actually want a few blocks, so the user can become acclimated to the prompts before there is an attack.

Keep in mind that I have VS installed along with products whos focus is behavior blocking, and I can honestly tell you that on several occasions the behavior blocker quarantined a file and shutdown the business until I was able to go onsite and restore the file from quarantine.  This has not happened once with VS.  This is especially true for medical and other specialty software... here is one of them that produced a false positive that shut the practice down: https://www.dsnsoft.com/

If a user wants zero prompts, that is great, but please understand there will be bypasses... there is no way around it.  If anyone can show me a product that has zero prompts and zero bypasses, I will post VS's source code on GitHub, sell my house and travel the world.  And I am not kidding.

Once a wise old dev said in reference to VS "Security bought by excessive false positives is not security."  I will tell you what else is not security.  Accepting any efficacy that does not approach 100% as adequate.

I cannot count the number of times that a client has looked at me dead in the eyes the last 20 years and asked "I have antivirus software, how did I get a virus?"

It reminds me of this report where 15 of the 16 dog seatbelts failed in a test… https://youtu.be/jQHt1zkPRaM

I actually bought one of these seatbelts, trusting that it was effective, and when I watched the video, I had the same look of astonishment on my face that the people in the video did when I found out that they do not work.  I mean really, do they not test their own products?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:03:30 pm
4.20b runnin' smoothly here!
Thank you, yeah, I think we are there finally ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 09, 2018, 05:08:42 pm
Flashpeak "SlimBrowser" NOT supported!? WHOOPS!....................got it in settings (Custom Browsers and eMail Clients!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 09, 2018, 05:16:06 pm
Flashpeak "SlimBrowser" NOT supported!?
Thank you for reminding me... now that VS is stable, we will give it a few weeks to be sure, then I will add a few things like new web apps.  There will probably never be another major upgrade again... but we will be able to add small things like this that will not create bugs.

So everyone please think of any new web apps we can add in a few weeks, and I will ask for a list soon.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 09, 2018, 06:42:35 pm

Thank you for reminding me... now that VS is stable, we will give it a few weeks to be sure, then I will add a few things like new web apps.  There will probably never be another major upgrade again... but we will be able to add small things like this that will not create bugs.

So everyone please think of any new web apps we can add in a few weeks, and I will ask for a list soon.
I had wished for few things on Wilders and now with RULES wizard I can customize VS for my use.

The only thing remain is VULNERABLE processes customization, it would be good to have VP customization in RULES wizard.
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 09, 2018, 10:32:36 pm
VoodooShield said, "I happen to have the luxury of being able to review my local client's VS logs when I am working on their computers, and I know how few blocks they experience."

In the two days using 4.20 I haven't had any alerts except when I install something and forget to put it in training mode beforehand, speaking of which, you produce a warning when uninstalling programs, very thoughtful, maybe you could produce a similar warning for installing a program? A thought, more work for you yes. ;D also, eliminate Move Shield from right click tray menu, allow the shield to be moved freely with no permissions, cleaner menu and less confusion, I've used other softs with widgets that performed that way. Also, in the program instructions, it says when installing new softs to put VS in training mode, I've done so since I read that and it always works fine but in the tray right click menu it shows Training and also a Disable/Install mode, should be disable only, cleaner less confusion again, and when disabled the shield should be red, when a browser is open the shield should be green, without a browser, blue or orange. When I do forget to put VS Free in training mode and install a software and I do get an alert and select false positive I should not receive a sales prompt at boot, yes VS stopped a potential threat in it's view but it was really a clean software exe I installed without changing to training mode, producing the install alert here would eliminate two issues for me. I seem very opinionated as I read this back, a flaw I'm trying to learn to ignore.

VoodooShield said, "I cannot count the number of times that a client has looked at me dead in the eyes the last 20 years and asked "I have antivirus software, how did I get a virus?"

I bet that's awkward, EVERY TIME, sort of like something I heard listening to a radio interview of an airline stewardess stating that one of the most common questions asked by passengers is how to open the window!  ???

Thank for all of it Dan, great fun and I learned a lot.

Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on March 10, 2018, 01:35:03 am
utility settings VS password
I have not used the pw feature.  does it lock (just lock) the settings OR does it also lock the protection from it being disabled, ie. one or the other or both???
Do you recommend using the pw?  I'm the only one on this win7, that I know of. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 10, 2018, 01:37:01 am
v4.20b is working very well!

Thanks Dano,

Daniel  :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 10, 2018, 01:38:56 am
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20 is running perfectly on my machine, it is faster and lighter, comfortable.
Well the person should know running any file from the user space would react that way with VS. Downloads Folder is within the user space.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ColonelMal on March 10, 2018, 06:43:19 am
I installed v.4.20b over 4.18b. Did anyone notice the first installation dialog? I see a mistake with the version number.  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 10, 2018, 09:06:34 am
VS 4.20b so far running very nicely. Would it be possible to post SHA-256 Hashes for installation files please?

When i deleted the "default ruleset" in rules i coudn't restore it. I didn't press save (after deleting) and i can't find a "restore default" rules button.
I just wanted to mess with rules a bit. Delete all, start from scratch and learn by doing. With no safe default to go back to its not good :D

Bonus Question: How do i get the data for "Digital Signature Signer"? I would expect i could browse for the file on my hdd and VS recognises the signer like AppGuard does. Any tips how it work?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 01:38:53 pm
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20 is running perfectly on my machine, it is faster and lighter, comfortable.
Well the person should know running any file from the user space would react that way with VS. Downloads Folder is within the user space.
Hey TH, how are you?  Yeah, it is best to protect the user space as much as possible ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 01:39:22 pm
I installed v.4.20b over 4.18b. Did anyone notice the first installation dialog? I see a mistake with the version number.  :)
Thank you for letting me know... I will make sure it is correct for the public release.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 01:43:12 pm
VS 4.20b so far running very nicely. Would it be possible to post SHA-256 Hashes for installation files please?

When i deleted the "default ruleset" in rules i coudn't restore it. I didn't press save (after deleting) and i can't find a "restore default" rules button.
I just wanted to mess with rules a bit. Delete all, start from scratch and learn by doing. With no safe default to go back to its not good :D

Bonus Question: How do i get the data for "Digital Signature Signer"? I would expect i could browse for the file on my hdd and VS recognises the signer like AppGuard does. Any tips how it work?
Cool, thank you for letting me know!  Yeah, I will try to start posting the hash for the installer.  Sure, we can add a restore / backup to the rules, and a default.  If you want to reset the rules to default (until I get a chance to do this right), just exit out of VS then delete the "rules.db" from the "C:\ProgramData\VoodooShield" folder, then start VS again.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 02:12:21 pm
Here is 4.21... it should be ready for public release, but please let me know if there are any last minute changes we need to make.

https://voodooshield.com/Download/InstallVoodooShield421.exe

SHA-256: b58954a320d7403c5e1802eca3c4ede0f534f188f03c60efe1bd0e6b4ab247cc

BTW, thank you to all of the people who were patient enough to help me work through VS 4.0... I really appreciate it.  It was a long road, but I always knew it would be worth it.  Just look at what we accomplished together... we now have a product that "far outweighs the effectiveness" of the top free AV's of 2018.  So thank you guys!

Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 10, 2018, 03:12:24 pm
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20 is running perfectly on my machine, it is faster and lighter, comfortable.
Well the person should know running any file from the user space would react that way with VS. Downloads Folder is within the user space.

I should have explained that the problem the tester had was that VS was recomending to Block the file as you may or may not have seen in the alert I posted.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on March 10, 2018, 03:42:42 pm
Here is 4.21... it should be ready for public release, but please let me know if there are any last minute changes we need to make.

https://voodooshield.com/Download/InstallVoodooShield421.exe

SHA-256: b58954a320d7403c5e1802eca3c4ede0f534f188f03c60efe1bd0e6b4ab247cc

BTW, thank you to all of the people who were patient enough to help me work through VS 4.0... I really appreciate it.  It was a long road, but I always knew it would be worth it.  Just look at what we accomplished together... we now have a product that "far outweighs the effectiveness" of the top free AV's of 2018.  So thank you guys!

Hi Dan,

I have a problem since installing V2.20 and now with V2.21 also. When I boot I have a message saying: "Voodooshield is not able to connect to the Voodooshield Service"

A reboot and even a reinstall does not fix the problem.

Anything I can do to fix this?
Thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 10, 2018, 03:50:04 pm
win1064bit 1709.xxxxxx.251   started today with4.20. uninstalled, rebooted, installed 4.21 still getting same popup as antarctia.  on my win764bit vs 4.20(not b on either machine) i'm not getting this popup. thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 10, 2018, 05:16:48 pm
Dan, this was posted elsewhere by a disappointed tester, thought you should see it. 4.20 is running perfectly on my machine, it is faster and lighter, comfortable.
Well the person should know running any file from the user space would react that way with VS. Downloads Folder is within the user space.

I should have explained that the problem the tester had was that VS was recomending to Block the file as you may or may not have seen in the alert I posted.

Yes and that's correct if your trying to execute something from the User Space. So when installing put VS in Disable/Install Mode then install and after put VS back to what it was at.

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 05:23:00 pm
VoodooShield said, "I happen to have the luxury of being able to review my local client's VS logs when I am working on their computers, and I know how few blocks they experience."

In the two days using 4.20 I haven't had any alerts except when I install something and forget to put it in training mode beforehand, speaking of which, you produce a warning when uninstalling programs, very thoughtful, maybe you could produce a similar warning for installing a program? A thought, more work for you yes. ;D also, eliminate Move Shield from right click tray menu, allow the shield to be moved freely with no permissions, cleaner menu and less confusion, I've used other softs with widgets that performed that way. Also, in the program instructions, it says when installing new softs to put VS in training mode, I've done so since I read that and it always works fine but in the tray right click menu it shows Training and also a Disable/Install mode, should be disable only, cleaner less confusion again, and when disabled the shield should be red, when a browser is open the shield should be green, without a browser, blue or orange. When I do forget to put VS Free in training mode and install a software and I do get an alert and select false positive I should not receive a sales prompt at boot, yes VS stopped a potential threat in it's view but it was really a clean software exe I installed without changing to training mode, producing the install alert here would eliminate two issues for me. I seem very opinionated as I read this back, a flaw I'm trying to learn to ignore.

VoodooShield said, "I cannot count the number of times that a client has looked at me dead in the eyes the last 20 years and asked "I have antivirus software, how did I get a virus?"

I bet that's awkward, EVERY TIME, sort of like something I heard listening to a radio interview of an airline stewardess stating that one of the most common questions asked by passengers is how to open the window!  ???

Thank for all of it Dan, great fun and I learned a lot.
Very cool, thank you Bryan!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 05:25:53 pm
utility settings VS password
I have not used the pw feature.  does it lock (just lock) the settings OR does it also lock the protection from it being disabled, ie. one or the other or both???
Do you recommend using the pw?  I'm the only one on this win7, that I know of.
The password locks a bunch of stuff down... everything that you mentioned and a few other small things (I forget which ones).  You would only need to activate the password feature if someone is using your computer and you do not want them to mess it up... or for business use... or you can lock the computer completely tight, set a password, then call one of the scam tech support call centers, and mess with them... like I do.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 05:26:44 pm
For those having the issue with VS not starting correctly... can you please uninstall VS, reboot the computer, then reinstall VS.

If that does not work, please let me know what version worked well for you last, and it will be an easy fix.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on March 10, 2018, 05:42:55 pm
For those having the issue with VS not starting correctly... can you please uninstall VS, reboot the computer, then reinstall VS.

If that does not work, please let me know what version worked well for you last, and it will be an easy fix.  Thank you!

Hi Dan for me it was V4.15 but I have not tested 4.16, 4.17,4.18 and 4.19, so I cannot say for sure...I already tried twice to uninstall and reboot without any success.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 10, 2018, 05:45:34 pm
For those having the issue with VS not starting correctly... can you please uninstall VS, reboot the computer, then reinstall VS.

If that does not work, please let me know what version worked well for you last, and it will be an easy fix.  Thank you!

v4.20b was fine and have issues with v4.21 and tried a clean reinstall but still get the message but VS seams to run normal after closing the message for me anyways.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on March 10, 2018, 05:49:37 pm
Hi Dan!

Now that VS is stable, please don't forget the self-protection  ;D

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on March 10, 2018, 07:06:08 pm

[/quote]v4.20b was fine and have issues with v4.21 and tried a clean reinstall but still get the message but VS seams to run normal after closing the message for me anyways.[/quote]

Yes correct, it works normally after closing the error message. But then sometimes I have two Voodooshield Icon in the taskbar...

Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 10, 2018, 07:25:52 pm
A temporary workaround posted some time back is to change the VS service to delayed startup. Believe that VS is trying to connect to the network a little too quickly, must be a very tricky adjustment but he'll get it. ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 07:31:01 pm
Cool, thank you guys... I think the startup issue is fixed, but I am going to test for a couple more hours just to make sure, then I will post the latest version.

Basically, this all came about because I was trying to get VS and the service to start perfectly in every single scenario... On Windows startup, Log on, switch user, remote desktop connect, etc.  I thought it was just right, but then this came up ;).  The bug is a very obvious bug, now that it was pointed out to me.  Anyway, it should all be fixed soon.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 10, 2018, 09:26:05 pm

v4.20b was fine and have issues with v4.21 and tried a clean reinstall but still get the message but VS seams to run normal after closing the message for me anyways.[/quote]

Yes correct, it works normally after closing the error message. But then sometimes I have two Voodooshield Icon in the taskbar...
[/quote]

I just booted up with v4.21 and no message.... Now other reboots I would get the message and just close it and VS would be running fine and I haven't seen 2 VS tray icons here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 10:07:01 pm
I am hoping this version fixes the startup issues... please let me know!  If it does not work for some reason, please make sure that no other security program is blocking taskkill ;).  Or simply uninstall VS, reboot the computer and reinstall VS.

https://voodooshield.com/Download/InstallVoodooShield422.exe

6afce05cbe59ae5534d2f5e65a037892cac81f83cbfbf7b2322d0091e033f742

Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on March 10, 2018, 11:08:37 pm
I am hoping this version fixes the startup issues... please let me know!  If it does not work for some reason, please make sure that no other security program is blocking taskkill ;).  Or simply uninstall VS, reboot the computer and reinstall VS.

https://voodooshield.com/Download/InstallVoodooShield422.exe

6afce05cbe59ae5534d2f5e65a037892cac81f83cbfbf7b2322d0091e033f742

Dan, you are "the man"! problem is fixed. Thank you, good work. :) :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 11:26:38 pm
Very cool, thank you for letting me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 11:27:22 pm
Hi Dan!

Now that VS is stable, please don't forget the self-protection  ;D

Thank you!
Thank you for reminding me... yeah, after a month or so of VS being stable, I will start working on this.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 10, 2018, 11:32:54 pm

Thank you for reminding me... now that VS is stable, we will give it a few weeks to be sure, then I will add a few things like new web apps.  There will probably never be another major upgrade again... but we will be able to add small things like this that will not create bugs.

So everyone please think of any new web apps we can add in a few weeks, and I will ask for a list soon.
I had wished for few things on Wilders and now with RULES wizard I can customize VS for my use.

The only thing remain is VULNERABLE processes customization, it would be good to have VP customization in RULES wizard.
Very cool, yeah... I think there are A LOT of things we can do with the rules. 

Pretty much all of windows files are considered vulnerable processes by VS... there are only a small handful that are not, and certainly not easily exploitable.  Then there is a massive list of other vulnerable processes that are hardwired in... but I agree, it would be nice for advance users to be able to add new ones.  But for novice and average users... these need to be hardwired in (like they are)... because there is not a chance that non advanced users will ever add new ones.

Hopefully I did not miss any posts that I needed to respond to... if I did, please let me know.  Everyone have a great weekend!  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 11, 2018, 03:29:17 am
4.22 running fine with Kaspersky Internet Security default settings + PUP enabled on Win 10 Pro 64 Bits.

For now, I am running VAi @90, Digital Signature and Blacklist Scan disabled.

My Rules are -
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90.

VAi @90 cause 90 - 100 = Unsafe verdict
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 03:46:05 am
4.22 running fine with Kaspersky Internet Security default settings + PUP enabled on Win 10 Pro 64 Bits.

For now, I am running VAi @90, Digital Signature and Blacklist Scan disabled.

My Rules are -
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90.
Very cool, thank you for letting me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 11, 2018, 04:21:01 am
Dan,

If VS crashes and no programs open and you have to restart the system, does the non-whitelisted programs you tried to open during the time gets added in the whitelist?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 05:04:36 am
Dan,

If VS crashes and no programs open and you have to restart the system, does the non-whitelisted programs you tried to open during the time gets added in the whitelist?
Well, hopefully VS will not crash, and if it does we will fix it asap... but to answer your question... if the gui is not running then nothing is being added to the whitelist, or blocked.  Basically the service is inactive at that point.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 11, 2018, 05:36:08 am
Well, hopefully VS will not crash, and if it does we will fix it asap... but to answer your question... if the gui is not running then nothing is being added to the whitelist, or blocked.  Basically the service is inactive at that point.
If VS crashes and the shield is still on the desktop but cannot be clicked or accessed, does this means GUI running/Service active or GUI not running/Service not active?

This happened few days back and slipped my mind to report it.
VS crashed and the shield was still on the desktop but inaccessible. I tried to start task manager to kill VS and TM didn't start. (VS give Unsafe verdict for DnsJumper and I don't allow or whitelist it) I tried DnsJumper and it didn't start. I tried system restart and it didn't restart. I hard shut down the system. After system restart, I tried DnsJumper and it started. I checked the whitelist and DnsJumper was listed as allowed and the time matched VS crash time.

Why no programs open?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 11, 2018, 12:09:50 pm
Hi Dan, im still hoping for some info if there wil be a cleanup option for the white list.
For me even when using the maximising option the whitelist is not realy good to read. You have to scroll down and/or sideways since the window seems so small.
No maximise button like a browser to get the whole picture or an option to hide "not needed" rows.
When it shows i got 4 times process x whitelisted i got to scroll to the whole right to see why. (E.g 4 different sandboxie sandboxes).


Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 11, 2018, 01:33:38 pm
Well... :o  ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 11, 2018, 02:06:22 pm
@Andi Have you tried if the button gets active if the threat count above is atleast 1? (since its the clear threat counter button).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 02:18:28 pm
Well, hopefully VS will not crash, and if it does we will fix it asap... but to answer your question... if the gui is not running then nothing is being added to the whitelist, or blocked.  Basically the service is inactive at that point.
If VS crashes and the shield is still on the desktop but cannot be clicked or accessed, does this means GUI running/Service active or GUI not running/Service not active?

This happened few days back and slipped my mind to report it.
VS crashed and the shield was still on the desktop but inaccessible. I tried to start task manager to kill VS and TM didn't start. (VS give Unsafe verdict for DnsJumper and I don't allow or whitelist it) I tried DnsJumper and it didn't start. I tried system restart and it didn't restart. I hard shut down the system. After system restart, I tried DnsJumper and it started. I checked the whitelist and DnsJumper was listed as allowed and the time matched VS crash time.

Why no programs open?
It is impossible for me to tell you exactly what happens, but if VS crashes again, please send me your DeveloperLog.log and DeveloperServiceLog.log... something like that will be certainly logged and should be an easy fix.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 02:20:34 pm
Hi Dan, im still hoping for some info if there wil be a cleanup option for the white list.
For me even when using the maximising option the whitelist is not realy good to read. You have to scroll down and/or sideways since the window seems so small.
No maximise button like a browser to get the whole picture or an option to hide "not needed" rows.
When it shows i got 4 times process x whitelisted i got to scroll to the whole right to see why. (E.g 4 different sandboxie sandboxes).
Cool, yeah, VS already has an automatic cleanup feature when it starts.  It basically scans the whitelist to make sure that each of the whitelisted items exists, and removes them from the whitelist if they do not.  At some point we should be able to maximize the whitelist and settings screen.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 02:21:43 pm
@Andi Have you tried if the button gets active if the threat count above is atleast 1? (since its the clear threat counter button).
Yeah, that is what is up.  Maybe it would make more sense to hide the button if the threat count was 0?  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 11, 2018, 02:29:52 pm
@Andi Have you tried if the button gets active if the threat count above is atleast 1? (since its the clear threat counter button).

No, I just install this v4.22 and notice that.
Maybe you right, when count will be at least 1...it's funny for now to see black button and don't know his purpose  ???

Btw: for me and for now v4.22 works flawlessly ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 02:37:34 pm
@Andi Have you tried if the button gets active if the threat count above is atleast 1? (since its the clear threat counter button).

No, I just install this v4.22 and notice that.
Maybe you right, when count will be at least 1...it's funny for now to see black button and don't know his purpose  ???

Btw: for me and for now v4.22 works flawlessly ;)
Cool, thank you.  Yeah, that is what I mean, we can hide the button while the threat count is 0, then show it when the threat count is > 0.  It is super easy to do.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 11, 2018, 02:49:40 pm
https://www.wilderssecurity.com/threads/voodooshield.313706/page-719#post-2743547

I can tell you exactly what they would say…

For VS… “Worrisome to see the frequency of patches lately.”

For others… “Keep up the great work, man, you are killing it!”

I get it… people love the concept of VS and want it to work flawlessly.  I do too.  And people are highly disappointed when there are bugs or obstacles that we have to overcome.  I am too.

Have you ever stopped to think how patient I have been the last 6+ years?  Almost any dev in their right mind would have given up trying to create a truly user-friendly computer lock a long time ago, simply because creating a truly user-friendly computer lock is not quite as easy as it sounds.  We are on uncharted waters.

There are not too many devs who are willing to innovate and take risks to step outside the bounds of being comfortable… but they do so only because they understand that this is the only way to build something cool.  And the funny thing is, users are just as hard on the other devs who believe it is important to innovate, because of their software’s bugs.  And the really funny thing is that these devs react to the unreasonable criticism in the exact way that I do.  Constructive criticism is always welcome… but unreasonable criticism is not… especially when it demonstrates someone’s lack of understanding of what it takes to build something extremely difficult.

We could lock the computer and call it a day, or burden the user with building the whitelist on their own, or have an almost silent product with bypasses, but I believe there is a better way.  People often forget that VS is essentially an anti-executable, but yet they expect zero prompts.  I can create a version with zero prompts just for you, but I promise you there will be bypasses.  Either way, VS has a ridiculously small amount of user prompts, considering that it is a deny-by-default product.

VS has had some bugs, but this is going to happen if we are going to experiment.  There is no way around it.  In my defense… at least the bugs were minor and did not create bypass opportunities or BSOD’s.  That is… VS’s bugs are pretty much all minor, and overall VS works great, and at least the system is protected, which is why a lot of users and companies run VS, and tolerate the minor inconvenient bugs.

Keep in mind that VS runs 100% bug free on my systems, and it is not until the latest build is installed on other systems that bugs are revealed.  If we had other in-house beta testers, we would have far less bugs… but there is only so much testing one person can do on their own.

Also keep in mind, my smart phone has a heck of a lot more inconvenient bugs than VS does… but I tolerate it because overall it works well enough.  I would rather them continue to innovate, and put up with the bugs, because if they did not we would be stuck with 5 year old tech.

If you don’t want to be a beta tester and innovate with VS’s beta testers and I, then don’t.  The reality is VS is now almost bug free… and I suspect that when it is, you might be highly disappointed in yourself that you were not a part of building something cool.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 11, 2018, 03:01:39 pm
I fully agree with you Dan and that's why I posted in that thread! https://www.wilderssecurity.com/threads/voodooshield.313706/page-719#post-2743602
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on March 11, 2018, 08:01:19 pm
So 4.22 seems ok on my win7x64 until, I tried a VS scan of an exe file to get a VT rating and VAi score, and now instead I got a popup

VoodooShield
   Please connect to the internet to scan this file with the cloud based scan engines
   and VoodooAi
               [OK]

could be an issue with 4.22 or I did rrecently install Heimdal Pro which "filters" network traffic.  and when this happened I'm also running vpn, but I'm clearly online, ie, here I am.
Dan you want logs, I'll see if this happens without vpn, etc, but vpn has not been issue in past, so I somewhat suspect Heimdal, but unsure.

EDIT: closed chrome, exited vpn and VS scan worked ok.  Then enabled vpn again, VS scan still works, then opened chrome icognito and VS still scans ok, so the above problem seems to have been a temporary intermittent anomaly (don't you like those) So the above happened, don't know why.
Title: Re: VoodooShield v4 STABLE Thread
Post by: pavo on March 11, 2018, 08:34:05 pm
https://www.wilderssecurity.com/threads/voodooshield.313706/page-719#post-2743547

I can tell you exactly what they would say…

For VS… “Worrisome to see the frequency of patches lately.”

For others… “Keep up the great work, man, you are killing it!”

I get it… people love the concept of VS and want it to work flawlessly.  I do too.  And people are highly disappointed when there are bugs or obstacles that we have to overcome.  I am too.

Have you ever stopped to think how patient I have been the last 6+ years?  Almost any dev in their right mind would have given up trying to create a truly user-friendly computer lock a long time ago, simply because creating a truly user-friendly computer lock is not quite as easy as it sounds.  We are on uncharted waters.

There are not too many devs who are willing to innovate and take risks to step outside the bounds of being comfortable… but they do so only because they understand that this is the only way to build something cool.  And the funny thing is, users are just as hard on the other devs who believe it is important to innovate, because of their software’s bugs.  And the really funny thing is that these devs react to the unreasonable criticism in the exact way that I do.  Constructive criticism is always welcome… but unreasonable criticism is not… especially when it demonstrates someone’s lack of understanding of what it takes to build something extremely difficult.

We could lock the computer and call it a day, or burden the user with building the whitelist on their own, or have an almost silent product with bypasses, but I believe there is a better way.  People often forget that VS is essentially an anti-executable, but yet they expect zero prompts.  I can create a version with zero prompts just for you, but I promise you there will be bypasses.  Either way, VS has a ridiculously small amount of user prompts, considering that it is a deny-by-default product.

VS has had some bugs, but this is going to happen if we are going to experiment.  There is no way around it.  In my defense… at least the bugs were minor and did not create bypass opportunities or BSOD’s.  That is… VS’s bugs are pretty much all minor, and overall VS works great, and at least the system is protected, which is why a lot of users and companies run VS, and tolerate the minor inconvenient bugs.

Keep in mind that VS runs 100% bug free on my systems, and it is not until the latest build is installed on other systems that bugs are revealed.  If we had other in-house beta testers, we would have far less bugs… but there is only so much testing one person can do on their own.

Also keep in mind, my smart phone has a heck of a lot more inconvenient bugs than VS does… but I tolerate it because overall it works well enough.  I would rather them continue to innovate, and put up with the bugs, because if they did not we would be stuck with 5 year old tech.

If you don’t want to be a beta tester and innovate with VS’s beta testers and I, then don’t.  The reality is VS is now almost bug free… and I suspect that when it is, you might be highly disappointed in yourself that you were not a part of building something cool.


LOL.
VS updated regularly - buggy software, bad!
Zemana - no updates since few months - abandonware.
~snip~ logic  ;D ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 12, 2018, 12:02:15 am
v4.22 is working very well and no messages on boot up.

(http://)
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 12, 2018, 01:56:52 am
OK, now we get adventurous  :o  I've needed to lock down the various temp folders for some time, especially %appdata\local%, so I've taken the plunge:

Block items in the folder TEMP when VoodooShield is ON, OFF, AUTOPILOT, 3 times, one for each current user,

and

Block items in the folder PROGRAMDATA when VoodooShield is ON, OFF, AUTOPILOT to take care of garbage.

NOW the computer is locked  ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on March 12, 2018, 02:34:28 am
auto detecting Web Apps shows the same apps detected over and over repeating
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on March 12, 2018, 11:18:10 am
Thanks Dan for all your great work. I am afraid you will always get wingers, just ignore them, the rest of us know you are spending more than enough time refining VS. For the record since the beginning VS has never caused a problem that resulted in any serious problem, mostly they were just annoyances which you soon sorted.

4.20b has been running fine here. Yesterday installed 4.22 over the top and all smooth still. I haven't checked the boot up as I am usually making a cup of tea when it boots but all is fine when I return.

Regards

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 12, 2018, 11:27:36 am
win1064bit  1709......251       4.22 working great-no popup after boot up. love vs. thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 12, 2018, 12:26:55 pm
Same goes here Windows10 64bit 1709.16299.251, VoodooShield v22 Running Smooth. NO issues so far!
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on March 12, 2018, 08:15:02 pm
Dan..Just keep killing it and put out an awesome product like you do!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 12, 2018, 09:36:24 pm
Thank you Dan! VoodooShields v4.22 is working flawlessly after a clean install.  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: jerzy6012.50 on March 13, 2018, 08:06:24 am
thanks to Dan for a great product.
version 4.22 works very well on windows 8.1 there are no problems, so keep going and everything will be great. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 13, 2018, 06:53:55 pm
4.22 is performing without any issues. It works well OSArmor 1.4b41 and there are no issues to report. Very quiet now except a few attaboys! 
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 13, 2018, 08:37:45 pm
Attached is the screenshot.

I was trying to download/install Condusiv I/O Reduction webinar related a temporary software and got the alert.

Exploit block alert recommendation is always to block even if the verdict is Safe?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 13, 2018, 09:33:23 pm
What "Details" say about it?
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 14, 2018, 06:11:37 am
I was trying to download/install Condusiv I/O Reduction webinar related a temporary software and got the alert.

Exploit block alert recommendation is always to block even if the verdict is Safe?

I use ZAM Free and MBAM Free for on-call scanning.  If neither of those see anything wrong with the Conclusiv app, it probably is safe.

FWIW, I often get alerts about syswow.

The other thing to do is lock down %appdata\local\temp% on all accounts in the box with "Block items in the folder TEMP when VoodooShield is ON, OFF, AUTOPILOT".  That will be one rule for each account.  If doing this makes the app sqeak, you probably don't need it (the app).
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 14, 2018, 06:46:16 am
Guys, I don't have any issue with the detection.

I just want to know, if exploit block recommendation is always to block in any/all cases i.e verdict safe or not?
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 14, 2018, 07:07:56 am
I'm pretty sure that VS errs on the side of caution, but will defer to your judgement.  Yes, it (AFAIK) will always recomend Block or Disallow: that's its job.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 14, 2018, 07:21:24 am
I must mention version 4.22 is one of the best stable versions of VS, Thank you and Congratulations!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 14, 2018, 08:15:36 am
Dan,

I am running VAi @90, Digital Signature and Blacklist Scan disabled (Rules Wizard)

My Rules are -
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90.

And "Automatically scan blocked files with blacklist scanner" disabled in Advanced Settings.

Programs not whitelisted are allowed and not blocked on net disconnected or offline.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 15, 2018, 04:22:01 am
Thank you guys, I appreciate that!  It was a very long day, so I will catch up with you guys asap!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 15, 2018, 05:31:29 am
Dan, anything regards Web Console for users with Product Key?

And, would be good if part of the Product Key is obfuscated in the register section.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on March 15, 2018, 01:36:10 pm
4.22 is sweetly quiet so far (Smart mode)... only 1 or 2 popups a day as it learns my more obscure programs. No longer does it quibble with start-up programs and my many "portable" apps. Nice work.

Suggestion... add an "install mode" to the pop-up window, with maybe a reminder popup after the installation completes (or "x" minutes later).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on March 15, 2018, 09:29:25 pm
Why smartscreen block VS 4.22 download? :-\
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 15, 2018, 10:38:08 pm
Why smartscreen block VS 4.22 download? :-\

From Wiki:
"SmartScreen Filter creates a problem for small software vendors when they distribute an updated version of installation or binary files over the internet.Whenever an updated version is released, SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system. This can be fixed by the author digitally signing the distributed software. Reputation is then based not only on a file's hash but on the signing certificate as well."
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on March 15, 2018, 11:16:48 pm
Why smartscreen block VS 4.22 download? :-\

From Wiki:
"SmartScreen Filter creates a problem for small software vendors when they distribute an updated version of installation or binary files over the internet.Whenever an updated version is released, SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system. This can be fixed by the author digitally signing the distributed software. Reputation is then based not only on a file's hash but on the signing certificate as well."

Thank you :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on March 15, 2018, 11:20:13 pm
On the other hand, is someone having problems with VS not detecting the internet connection?

Thanks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on March 15, 2018, 11:54:51 pm
On the other hand, is someone having problems with VS not detecting the internet connection?

Thanks.

one time with 4.22, shortly after install, but been rock solid the past 4 or 5 days. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on March 16, 2018, 02:41:42 am
Hey Dan, I got 4.22 installed and it is running just fine. Been busy so this one caught me off guard.
Stay Frosty brother.
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on March 16, 2018, 02:55:45 am
This was the problem but Dan fixed it along with all the rest.

win1064bit 1709.xxxxxx.251   started today with4.20. uninstalled, rebooted, installed 4.21 still getting same popup as antarctia.  on my win764bit vs 4.20(not b on either machine) i'm not getting this popup. thanks

4.22 running perfect on my Win 10 x64.
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 16, 2018, 04:17:41 pm
win764bit vs4.22     got 3 vs blocks in a row. started with dell update log then the installer temps. i allowed the dell update log and the first temp installer. norton ns never complained and i ran mbam scan and no threats detected. i do not know what these files are for/or do. i hope my attach's show up. thanks. love vs
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 16, 2018, 04:20:04 pm
2nd attach
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on March 16, 2018, 04:22:01 pm
3rd attach
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 16, 2018, 05:32:31 pm
Attached is an alert received today when I started my portable chrome 64 bits.

Alert mention, Not a valid executable file and, details mention, error in VoodooAi, any info?

And, the count down timer on the alert stayed on 20, didn't start.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 16, 2018, 09:26:41 pm
Countdown timer will not start if you move the mouse. Portable apps are packed differently than an .msi or .exe type program. VS simply flagged this fact, brought it to your attention, and if this is a program you want to run, click the install button. When first launching the portable, VS views it as a new software that it has not encountered, hence the "install" button and not "allow". Any anti-exe software operates this way when encountering repackaged software.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 16, 2018, 09:37:00 pm
win764bit vs4.22     got 3 vs blocks in a row. started with dell update log then the installer temps. i allowed the dell update log and the first temp installer. norton ns never complained and i ran mbam scan and no threats detected. i do not know what these files are for/or do. i hope my attach's show up. thanks. love vs

This is dell update attempting to update software on your pc. If VS blocks an install simply right click the tray icon and select disable/install mode. Now run your dell update. VS has an excellent website with detailed instructions on how to use the software. Anti-exe type programs are not like Norton and require a little knowledge of how they work, not much, but a little. Understanding the difference will increase your happiness and confidence in VS.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 16, 2018, 09:57:09 pm
Programs run from user space get more pop-ups than those in the programs folder. Tweeten has a desktop app and it gives me 3 warnings to click before it will run. After reading each pop-up and recognizing the source "tweeten" in the description, I click allow and now tweeten runs with no issues, at least until an update. If an update fails simply lower the protection to "install", run the update, and since the signature and/or hash has changed, I may have to click the pop-ups again. 4 seconds or less to train it to allow the new install and your done.

User Space: (c:\users\fakeuser\appdata\local or roaming or locallow)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 16, 2018, 11:06:48 pm
Countdown timer will not start if you move the mouse. Portable apps are packed differently than an .msi or .exe type program. VS simply flagged this fact, brought it to your attention, and if this is a program you want to run, click the install button. When first launching the portable, VS views it as a new software that it has not encountered, hence the "install" button and not "allow". Any anti-exe software operates this way when encountering repackaged software.
Count down timer starts if you move the mouse away from the alert. In the mentioned case, count down timer didn't start.

And I mentioned the contradiction, VoodooAi - Not A valid executable file and the info below - Error in VoodooAi.

I know how an anti-exe or VS works.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 17, 2018, 10:41:31 am
Vs 4.22 works fine but within the first 20 mins i got 2 times VS couldn't connect to the VS Server to check the reputation(virustotal stuff) of 2 programms. My internet connection was working since i was surfing and listening to online radio.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 18, 2018, 07:44:41 pm
Run from Desktop "hitmanpro_x64.exe"
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on March 18, 2018, 10:17:13 pm
4.22 is working fine for me at present, no problems at all.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 19, 2018, 05:57:59 pm
v4.22 has been running A-OK with no incidents so far. Although Windows Defender did flag the installer as unsafe
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 20, 2018, 01:30:29 pm
Hi Dan - we have a small (I hope it's small!) problem here.  I installed VS4.20 on the daughter's lappy running W10x64 Creator's Fall update, registered to me.  Going through the Web Apps, I cannot get VS to see anything that looks like an email package.  The daughter is using the Mail App, which appears to use wab.exe, wabmig.exe and wabimp.dll in Program Files\Windows Mail.  Unfortunately, I cannot get VS>Web Apps to admit that an email program even exists on this box.

(If anyone has a solution which does NOT involve bending/folding/spindling or mutilation of the box or W10, please chip in.  The daughter is not willing to "waste time" installing a real email client.)

Currently I'm working in her Admin account, but her LUA account gives the same problem.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 20, 2018, 05:07:06 pm
Mornin' gorblimey, Have you tried Settings/WebApps/CustomBrowsers and emailClients/Browse?
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 20, 2018, 09:17:55 pm
Also you can manually type the name of the .exe in an empty box in webapps. Feeddemon was detected automatically by 4.21 but when I fresh installed 4.20 & 4.22 it is not detected. I put it in manually and it the box turns yellow to show it's running in the background and protected.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 21, 2018, 12:32:56 am
And a good morning to you @acooldozen and @dotnetnightmare...  Well, it's gone 8 am here  ;D

Yes, Custom Browsers is what I have to do for K-Meleon.  I tried it with wab.exe and wabmig.exe.  I also tried lighting up the app and hitting "Auto-detect...".   :(

But at least I found where Mail puts its messages: %AppData\Local\Comms\Unistore\data%, with more info at < https://answers.microsoft.com/en-us/windows/forum/apps_windows_10-outlook_mail/windows-10-mail-and-people-apps-storage-locations/062818af-c1cb-46ff-8cbf-66f25b9a854d >.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 21, 2018, 12:47:28 am
HO-O-O-O-KA-A-A-A-YYYYY!  Found it  8)

At < https://answers.microsoft.com/en-us/windows/forum/apps_windows_10-outlook_mail/windows-10-email-exe-file-location/dc8421d4-9011-43c8-a6c0-385c5976f398 >, it seems M$ is too cute  :-[

The executable is not an exe, it's a mui  >:(

Er, Dan?

EDIT: No, M$ is not too cute.  There are no words...  The exe/mui would indeed be in that location, but...  I need a bang head emoticon in this forum.
:END EDIT

EDIT: HxOutlook.exe lives in \Program Files\Windows Apps\microsoft.windowscommunicationsapps_SomethingThatMightChange_x64_SomethingThatMightChange

And VS sees it now.  I will NEVER have W10 EVER EVER EVER
:END EDIT
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 21, 2018, 02:09:41 pm
Happy you got it sorted out gorblimey!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 21, 2018, 05:54:36 pm
Hey guys, sorry I have been away, I am almost caught up 😉.

Most of the bugs are now fixed, but there might be a couple small ones that you guys will not even notice that will be logged with this version.  So after I fix those, VS 4.0 will be completely stable (it already pretty much is).  Then the only thing to do is to implement the new VoodooAi models that Christopher is working on... he should be finshed in a week or two.  My part is super simple... I just have to copy and paste 6 or so lines of code.

Here is 4.23.

1.   Reduced the number of unnecessary blocks even further
2.   Hopefully fixed the issue where VS would crash when using with VPN or configuring router
3.   Several minor bug fixes

I also made a very simple, but major change in VS’s main code… so if for some reason it does not start, please go back to 4.22 and let me know.  I HIGHLY doubt this will happen, but you just never know 😉

https://voodooshield.com/Download/InstallVoodooShield423.exe

SHA256:   8a39459d3173728bf3ae770e208d16acc4f54d60aa6028ee9264de535bca697e

Thank you guys for all of your help, I hope to be able to talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on March 21, 2018, 06:51:08 pm
Thanks Dan, so far so good and no problem with start. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 21, 2018, 08:29:45 pm
Just installed 4.23 and noticed something. Not sure how far this goes back of even if it is an issue.
If you open VS and are looking at web apps, then open Edge, it is not highlighted until you X out of VS and go back in and look at web apps.
Same with closing the browser, it still shows highlighted until you X out of VS and go back in.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 21, 2018, 09:09:12 pm
Not experiencing the same issue here. All is A-OK!
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on March 21, 2018, 11:57:48 pm
No issues here with 4.23
on a 64bit win/10  ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on March 22, 2018, 01:01:05 am
Happy you got it sorted out gorblimey!

Thanks for that cob, so am I!

But I'm concerned it took so long to find it and get VS to recognise it.  (I am going to blame my unfamiliarity with a VERY strange type of non-GUIdance User Interface.  It took me quite a while to figure out Task Manager even.)

However, I would have thought VS could have spotted HxOutlook as a web app when I hit "Auto Detect Additional Running..."?  But then M$ does seem to have done a fairly good job of obfuscation with mixing Apps and Programs.

If I could find W2K drivers for modern boxes...  It was their best ever OS  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 03:48:01 pm
Thanks Dan! Updated to v4.23 and all is going great thus far! ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 04:14:42 pm
Hello all,

Maybe someone here can help me with this. Voodooshields recommends blocking Pale Moon .exe downloaded from their Website.?



Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 22, 2018, 04:41:37 pm
Hi Sheri, I would expect it is a false positive. You should be able to click allow false positive then scan the exe with webroot and VS.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 04:45:50 pm
Hi Sheri, I would expect it is a false positive. You should be able to click allow false positive then scan the exe with webroot and VS.

Hi there!

Thank you Lyle for your quick respond. I will install Pale Moon then. I just wanted to make sure.

Much appreciated! ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 22, 2018, 05:06:34 pm
@ssherjj Upload the file to virustotal to get the latest results. After that it's your brain vs VS ai :D
Was it from a "safe" website? Can you veryfy the sha256/hash anyhow?
VS ai is making a suggestion, but the final decision is yours.

VS 4.23 runnig on win 7 64bit without problem atm.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 22, 2018, 05:20:02 pm
Good suggestion Geri123!
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 05:25:05 pm
@ssherjj Upload the file to virustotal to get the latest results. After that it's your brain vs VS ai :D
Was it from a "safe" website? Can you veryfy the sha256/hash anyhow?
VS ai is making a suggestion, but the final decision is yours.

VS 4.23 runnig on win 7 64bit without problem atm.

Hi Geri123,

Thank you for your help!

I did scan the pale moon.exe downoad file with VirusTotal and it does comes out clean. Also I did download from the Pale Moons Website. I used to have hash tag installed on my system but I've done a clean install this last month and I haven't got or found the Hash application yet. Webroot scanned as well. So it looks good to me to install though. :)

What do I do now with this sha1? @Geri123?

I am always learning...
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 22, 2018, 05:49:32 pm
@ssherjj The text with the sha was meant in general.
On a lot of webpages the developer post the downloads and the SHA256 the downloads have.

Like Dan in the forum here:
https://voodooshield.com/Download/InstallVoodooShield423.exe
SHA256:   8a39459d3173728bf3ae770e208d16acc4f54d60aa6028ee9264de535bca697e

So you could compare if the SHA256 that VirusTotal or tool displays matches the one the developer posted.
If it didn't match i would be suspicous.
Sadly not all websites post them but if they do i compare them. Better safe than sorry
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 05:51:54 pm
@ssherjj The text with the sha was meant in general.
On a lot of webpages the developer post the downloads and the SHA256 the downloads have.

So you could compare if the SHA256 that VirusTotal or tool displays matches the one the developer posted.
If it didn't match i would be suspicous.

I finally figured it out. Thank you Geri!

Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 22, 2018, 06:00:06 pm
@ssherjj My pleasure :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 22, 2018, 11:34:40 pm
Hey everyone... here is 4.24.

1.  Network path bug fixed
2.  Boredog pointed out that the active web apps do not refresh properly... they do now (in realtime).  Thank you boredog!
3.  A couple of other small bugs

https://voodooshield.com/Download/InstallVoodooShield424.exe

SHA-256:    f71e511ba82b9ed29dc84bc05e145b91545b50997430ff2ffaeb3a6d009ab399

Thank you guys, if I do not talk to you before the weekend, have a great weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 22, 2018, 11:58:50 pm
Thank you Dan for the update and fixes. Mucho appreciated!  :)

I have installed Voodooshields over the top of v4.23.

Have a good weekend too.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 23, 2018, 12:02:36 am
Working well here!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 23, 2018, 01:07:24 am
4.24 working fine on Windows 10 Pro 64 Bit latest build with Windows Firewall and Defender.
VAi @90, Digital Signature and Blacklist Scan disabled (Rules Wizard)
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on March 23, 2018, 10:42:13 am
All is A-OK windows10 64bit Build 1709 (OS Build 16299.334)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on March 23, 2018, 05:03:54 pm
All is running great with v4.24 on Windows10 64bit Build 1709  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 23, 2018, 09:18:08 pm
Just a quick mention VS wants to block generaltel.dll and not sure why
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 23, 2018, 09:22:22 pm
FINALLY !!!
We are waiting for this for a long time Dan, thank you  ;)

 
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on March 26, 2018, 11:41:28 am
4.24 been running for a few days here. No apparent problems in fact more or less invisible. Running on Win 8.1
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on March 26, 2018, 10:40:19 pm
What are these Akamai IPs for? [blocked by my firewall]
(http://cloud.screenpresso.com/AWRQb/2018-03-26_17h36_54.png)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 27, 2018, 12:11:57 am
What are these Akamai IPs for? [blocked by my firewall]
(http://cloud.screenpresso.com/AWRQb/2018-03-26_17h36_54.png)

I know Dan is using Microsoft Azure cloud platform and they use some of Akamai infrastructure. https://www.google.com/search?client=firefox-b&ei=wny5WtDhLI-MsQX9nLTADg&q=akamai+technologies+inc+and+azure&oq=Akamai+Technologies,+Inc+and+Aszure&gs_l=psy-ab.1.0.33i21k1.130470.155530.0.157400.16.14.2.0.0.0.104.1164.13j1.14.0....0...1c.1.64.psy-ab..0.13.986...0j0i67k1j35i39k1j0i22i30k1j33i22i29i30k1j33i160k1.0.WfUlv4ihBQ4&gfe_rd=cr&dcr=0&gws_rd=cr

Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on March 27, 2018, 06:46:00 am
Mullvad VPN is having a conflict with VS. Takes over 10 minutes to connect at restart with VS and frequently never connects. I created an allow rule for the folder without digital signature, blacklist, or V Ai, and it takes 45 seconds. The sloooow connect issue was starting to stop it reconnecting after my router & modem reboot daily via timer. 10min or 45sec? Why?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 27, 2018, 02:59:40 pm
Mullvad VPN is having a conflict with VS. Takes over 10 minutes to connect at restart with VS and frequently never connects. I created an allow rule for the folder without digital signature, blacklist, or V Ai, and it takes 45 seconds. The sloooow connect issue was starting to stop it reconnecting after my router & modem reboot daily via timer. 10min or 45sec? Why?
I have the same issue with SlickVPN so I just turn off VS during that time, but I would like to know why VS is not so nice with VPN's?
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on March 27, 2018, 08:34:08 pm
I have no issues with Windscribe VPN. I use Windscribe On-Demand. VS default settings here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 28, 2018, 12:37:27 am
Thank you guys for letting me know about the VPN issues... I have tried purevpn and windscribe, but I could not reproduce the error.  So I will try one of others that you guys have listed and hope that it acts up on me too so I can fix it ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on March 28, 2018, 11:34:32 am


also, auto detecting additional running apps repeats the same apps over and over and doesn't end for a while
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 28, 2018, 03:42:30 pm
Installed the march update for win 7 64bit kb 4088881 and the net framework 4.71 kb 4054852 thing. How can a .exe be not a valid executable file :D ?
sha from the file d0d774b9a1d2ce12562b55dc3b582fbfc92c2f26a528660dd6fe15dc14e54738
It seems to get triggered when sandboxie is closed (and tries to delete the sandbox content). Before the win update i never got this message.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 28, 2018, 07:18:02 pm
Not a valid because it is not digitally signed!

Like... my car is not valid because it is not registered!
 ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 28, 2018, 07:35:02 pm
I never got the "is not valid executable"message only because a file was not signed.
Its not about a file beeing suspicous its about the "not valid executable" comment of vs.
First screenshot is not signed and still no "not valid executable" comment of VS.
Since first and third screenshot are both not signed why is only the message on screenshot 3?
Hope the pictures made it clearer :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 29, 2018, 09:20:37 pm
Noticed the USB stays on when I unplug my smart phone. It appears when I exit VS and start it back up again the icon works like it should. Uurns on when plugging phone and back off when unplugging phone.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 31, 2018, 04:48:57 am
Here is 4.25… it is pretty much an experimental version.  If it works well for everyone, we will move forward with it, and if not, I will revert back to 4.24.  I hope it works well because there are a lot of really cool usability tweaks in this version.

There should not be any major issues… but there is a chance that it will have a couple more unnecessary blocks… although the goal was to reduce them even further 😉.  But if you are running a production machine, or just do not feel like beta testing, you might want to wait a day or two and see how it does for everyone.  If it works well, it is going to be cool.

https://voodooshield.com/Download/InstallVoodooShield425.exe

SHA-256: 8bdeff6271b20601d16b9c506f15269657e46ef72dfdda2f96d6cca51db3892f

Sorry I have not been able to respond much… things are crazy, but I hope to catch up soon, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 08:10:34 am
Dan, you are working on v5 ?
 :D :D :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on March 31, 2018, 08:45:21 am
4.25 working just swell on Windows 10 64bt.

'auto detect additional running web apps' no longer showing doubles!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 31, 2018, 09:05:23 am
Dan, you are working on v5 ?
 :D :D :D
Hehehe, I did not mean to... but I kinda got carried away and one thing let to another ;).

But seriously, VS is almost exactly the way it was meant to be.

Sure, we can tweak it a little, but I like to keep things simple ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 31, 2018, 09:07:40 am
4.25 working just swell on Windows 10 64bt.

'auto detect additional running web apps' no longer showing doubles!
Very cool, thank you Mr.Gump ;).  Yeah, thank you for posting the bug, and sorry I did not reply.  A lot of times I just read the posts and fix the bugs, then I never have time to reply ;).  Either way, I appreciate your guys help ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 11:49:39 am
I have one minor suggestion...

When I manually "Check for Update", it takes cca.10sec to show notification!
(http://)

Somebody will think that nothing happens or that update check is not working or click twice...

My suggestion is to add some notification timer until the result comes in form of some spinning circle or moving line so that users know that Voodoo actually working on that check!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on March 31, 2018, 02:31:22 pm
After reading Andi's suggestion i just wanna add: If i remember right there is also no visual indication that a download of VS is in progress and at what percentage.
Like downloading VS 30%
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 31, 2018, 03:02:56 pm
After downloading 4.25 get virus warning from WD.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 03:12:49 pm
I do not get any warning from Windows Defender about 4.25 installer.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 31, 2018, 03:17:14 pm
I do not get any warning from Windows Defender about 4.25 installer.

Don't know what to tell ya. All I could do is post my screen shot. I do see new updates for WD with restart. Will try that then redownload.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 03:49:09 pm
Dan, I found a problem with v4.25

Right click scann does not work!
I try scanning from Desktop, C:drive,D:drive,G:Drive, exe,jpg,rtf...try to disable Windows Defender "Controlled Folder Access" always the same notification from windows "VoodooShield has stopped working"
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on March 31, 2018, 04:13:24 pm
Wow, that's crazy that WD had a FP for VS!!!  I will try the right click VoodooShield Scan on Windows 10... it is working great with 7 and 8.  Thank you guys, I will catch up soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 04:24:41 pm
VS actually does not stop working, only attempt to scan stop working!
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 31, 2018, 04:32:31 pm
What I thought was just an update to WD the update took about an hour and was a complete Windows update. going to try downloading VS again.

EDIT: After updating Windows VS no longer gets flagged.  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on March 31, 2018, 04:33:29 pm
All running nicely with 4.25 on my systems so far :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 04:37:33 pm
Guys, are you try to manually scan something with "right click scann"?
For me, that's not working  :-\

EDIT:
Well..I update Defender and restart pc and scan is now working but...
When scan txt,docx,pdf,jpg Voodoo says that : "VoodooAi is not yet available for this file type"?!?
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 31, 2018, 04:57:13 pm
Guys, are you try to manually scan something with "right click scann"?
For me, that's not working  :-\

Works for me.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on March 31, 2018, 04:59:10 pm
OK when I unplug my smart phone the USB ON stays. I have my desktop shield set to be movable. If I go to move the desktop icon, then the icon goes to off lol.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on March 31, 2018, 05:06:35 pm
Well...it just needs a little push  :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 31, 2018, 05:45:42 pm
Dan I get this if I lose Internet Connection with v4.25

Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on March 31, 2018, 05:57:38 pm
Dan I get this if I lose Internet Connection with v4.25

After a Reboot it works fine even without a Internet Connection.  beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 01, 2018, 09:25:26 am
Thank you TH for letting me know!  I just wanted to mention something really quick that I just now thought of.  If anyone is having a problem with VS acting up when they lose internet connectivity, please run VS Free for a day or two to see if this fixes the issue.  See, I think the issue is VS Pro is losing its connection to the server, and that is causing the crash.  If I were able to reproduce this issue, it would be a super simple fix, but I am not able to.  But at least this way, we can narrow down the cause.

If anyone is having this issue and they do want to run VS Free for a day or two, you can just go to the Register tab in VS Settings and choose “Reset Registration”.  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on April 01, 2018, 09:52:39 am
@Andi For me the right clicking and VS scan works (but i only do it on .exe).
Since VS is not a full blown antivirus im not sure if it is/was intended to scan .txt or .docx. (As long as VS stops any payload from docx it would be doing it's job). But getting the message for an .exe like i posted before is another thing. .exe are executable files for sure.
100 years ago in school they told me .com, .exe, .bat are executable file types.
Thats what i think which can always be totally wrong :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Baldrick on April 01, 2018, 12:48:17 pm
Hi Dan

Happy Easter...and I hope that you are taking some time out to crack an Easter Egg or two... ;)

No fuss over the top install of v4.25 here...and so far no issues to report in terms of normal, day-to-day operations. Will try some stress testing later today inclcuding what Daniel spotted...but the good news is that things are looking good.

Regards, Baldrick
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on April 01, 2018, 01:55:30 pm
Hi Dan,

Everything is quite on my side also with V4.25 :)
Tanks and Happy Easter to you and your family.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 01, 2018, 05:39:08 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.

See, our new custom VoodooAi engine is almost ready, which we will be implementing into VS soon.  It will no longer rely on Azure or IBM Waston.  So I was thinking that we could quickly and easily build a new product and call it “VoodooShield Silent”.  It actually would not take that long at all.  Last October I created something very similar to this, and it only took 4-5 hours to strip out all of the settings and extra code from VS, to create this product.  I called the product “CrapGuard”, and even registered the domain name back then.  Although the name fit the product… since it guards your computer from crap, I didn’t think that was very professional, so then I was thinking VoodooShield Silent might be a better name.

Then I was thinking that some users would believe it is as secure as VS is, and use it instead of VS, when in fact it will not be as secure, so I never released it.  As everyone knows, I am a true believer in locking the computer when it is at risk, simply because this is when almost all attacks occur… and not locking the computer when it is at risk is simply taking an uncalculated risk. 

This product would be targeted mainly towards SMB and Enterprise customers, whereas VS is targeted toward consumers, SMB and Enterprise customers.  Basically, every web connected device should be locked when it is at risk. 

So anyway, I wanted to get everyone’s opinion, to see if you guys would think a product like this would be useful.  Right now, I am 50/50 on whether to build and release something like this or not.  It would only take 5 or so hours to strip out all of the code from a copy of VS.  And actually, with CrapGuard, once I stripped out all of the code, it was rock solid, since most of the complex code was removed.  It will be even easier this time since VS 4.25 is stable.

Then again, it would not be that different from simply running VS on AutoPilot, so I cannot decided, and would appreciate everyone's opinion.  So what do you guys think? 

Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 01, 2018, 05:40:56 pm
Guys, are you try to manually scan something with "right click scann"?
For me, that's not working  :-\

Works for me.
Cool, thank you... I can refine this a little more... it is super simple to do so.  Yeah, VoodooAi and the Blacklist scan only scan certain file types.  And actually, the right click VoodooShield Scan option should not be available for certain file types.  I will look into it.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 01, 2018, 05:42:09 pm
Hi Dan

Happy Easter...and I hope that you are taking some time out to crack an Easter Egg or two... ;)

No fuss over the top install of v4.25 here...and so far no issues to report in terms of normal, day-to-day operations. Will try some stress testing later today inclcuding what Daniel spotted...but the good news is that things are looking good.

Regards, Baldrick
Yeah, that is what's up, thank you ;).  I will refine it a little more... it is super simple.  I just have to edit the lists of file types.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Baldrick on April 01, 2018, 06:34:47 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.

See, our new custom VoodooAi engine is almost ready, which we will be implementing into VS soon.  It will no longer rely on Azure or IBM Waston.  So I was thinking that we could quickly and easily build a new product and call it “VoodooShield Silent”.  It actually would not take that long at all.  Last October I created something very similar to this, and it only took 4-5 hours to strip out all of the settings and extra code from VS, to create this product.  I called the product “CrapGuard”, and even registered the domain name back then.  Although the name fit the product… since it guards your computer from crap, I didn’t think that was very professional, so then I was thinking VoodooShield Silent might be a better name.

Then I was thinking that some users would believe it is as secure as VS is, and use it instead of VS, when in fact it will not be as secure, so I never released it.  As everyone knows, I am a true believer in locking the computer when it is at risk, simply because this is when almost all attacks occur… and not locking the computer when it is at risk is simply taking an uncalculated risk. 

This product would be targeted mainly towards SMB and Enterprise customers, whereas VS is targeted toward consumers, SMB and Enterprise customers.  Basically, every web connected device should be locked when it is at risk. 

So anyway, I wanted to get everyone’s opinion, to see if you guys would think a product like this would be useful.  Right now, I am 50/50 on whether to build and release something like this or not.  It would only take 5 or so hours to strip out all of the code from a copy of VS.  And actually, with CrapGuard, once I stripped out all of the code, it was rock solid, since most of the complex code was removed.  It will be even easier this time since VS 4.25 is stable.

Then again, it would not be that different from simply running VS on AutoPilot, so I cannot decided, and would appreciate everyone's opinion.  So what do you guys think? 

Thank you guys!

Hi Dan

Anything that simplifies for those that need it is to be welcomed. The only issue I see is that you will have to maintain 2 development streams since if the new product is a stripped down derivative of Vs then I assume that it will have to be reformed from the latest version of VS as and when there are significant changes to the elements in common between the two? O that is sort of a positive followed by a negative...LOL.

Also, if the new product would be effectively be, and as effective as, VS on Autopilot then why bother...why not just change the 'Autopilot' mode to 'Silent Lock' mode. Personally, I am of the opinion that you most likely have enough to do re. VS with out complicating your life & confusing would be punters with another product. So perhaps the approach would be to have, as per WRSA, multiple versions  in the same installer which are differentiated by the key purchased by the user...on that you would have:

1. Voodooshiedl Free
2. Voodooshield Silent Lock or Web Lock
3. Voodooshield Complete

But if a stripped down product is decided upon then why not call it 'Silent Lock' or 'Silent Web Lock'?

Anyway, just some thought. I will give it further consideration and get back anon.

Cheers, Baldrick
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on April 01, 2018, 07:12:59 pm
Happy Easter Dan!

VoodooShields is running great with V4.25. Running on W 10 Pro 64bit.  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on April 01, 2018, 08:55:34 pm
Guardian,  nextgen protection from the maker of VoodooShield.
     or
1.VS Guardian
2.VS Guard
3.Voodoo Ai
4.VS Locker
5.Voodoo Protect
6.Voodoo Advanced

Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 01, 2018, 09:27:38 pm
-VoodooShield Light ( like BitDefender free ), full auto mode, no complicated settings for users, no many prompts, just install and forget.

-VoodooShield Pro ( like it is now in paid version )
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 02, 2018, 01:43:45 am
Then again, it would not be that different from simply running VS on AutoPilot, so I cannot decided, and would appreciate everyone's opinion.  So what do you guys think?

We already have a VoodooShield Lite...  Install VS, just don't register it.  It WILL protect the box, you just can't lift the hood  :P

To borrow shamelessly from the Meerkats ( https://www.comparethemarket.com.au/meerkat/compare-meerkats/ ), "Simples, yes?"
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 02, 2018, 04:07:03 am
Dan,

The New Product...

You mean VoodooAi ONLY with few Rules, and NO VirusTotal and other stuffs?

And, Custom VoodooAi Engine, you mean "Local VoodooAi"?


And, please add VS installer link in your signature..easy to find the new builds.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on April 02, 2018, 12:10:58 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.


Thank you guys!

Hi Dan - from what you say this is just the Lite version without any interface. Just wonder if this will produce any worthwhile income stream.
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on April 02, 2018, 06:18:44 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.

See, our new custom VoodooAi engine is almost ready, which we will be implementing into VS soon.  It will no longer rely on Azure or IBM Waston.  So I was thinking that we could quickly and easily build a new product and call it “VoodooShield Silent”.  It actually would not take that long at all.  Last October I created something very similar to this, and it only took 4-5 hours to strip out all of the settings and extra code from VS, to create this product.  I called the product “CrapGuard”, and even registered the domain name back then.  Although the name fit the product… since it guards your computer from crap, I didn’t think that was very professional, so then I was thinking VoodooShield Silent might be a better name.

Then I was thinking that some users would believe it is as secure as VS is, and use it instead of VS, when in fact it will not be as secure, so I never released it.  As everyone knows, I am a true believer in locking the computer when it is at risk, simply because this is when almost all attacks occur… and not locking the computer when it is at risk is simply taking an uncalculated risk. 

This product would be targeted mainly towards SMB and Enterprise customers, whereas VS is targeted toward consumers, SMB and Enterprise customers.  Basically, every web connected device should be locked when it is at risk. 

So anyway, I wanted to get everyone’s opinion, to see if you guys would think a product like this would be useful.  Right now, I am 50/50 on whether to build and release something like this or not.  It would only take 5 or so hours to strip out all of the code from a copy of VS.  And actually, with CrapGuard, once I stripped out all of the code, it was rock solid, since most of the complex code was removed.  It will be even easier this time since VS 4.25 is stable.

Then again, it would not be that different from simply running VS on AutoPilot, so I cannot decided, and would appreciate everyone's opinion.  So what do you guys think? 

Thank you guys!

I think this sounds good Dan, quiet, simple but still impassable?! You seem to have your MoJo back, good to see. Also, the name will be very important and I would like to see some suggestions from other members here, I'll suggest "Shadow VS" or any variation on that, "VS Sentinal" any variation of it, "VoodooShield AI".
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 02:54:04 pm
Hi Dan

Anything that simplifies for those that need it is to be welcomed. The only issue I see is that you will have to maintain 2 development streams since if the new product is a stripped down derivative of Vs then I assume that it will have to be reformed from the latest version of VS as and when there are significant changes to the elements in common between the two? O that is sort of a positive followed by a negative...LOL.

Also, if the new product would be effectively be, and as effective as, VS on Autopilot then why bother...why not just change the 'Autopilot' mode to 'Silent Lock' mode. Personally, I am of the opinion that you most likely have enough to do re. VS with out complicating your life & confusing would be punters with another product. So perhaps the approach would be to have, as per WRSA, multiple versions  in the same installer which are differentiated by the key purchased by the user...on that you would have:

1. Voodooshiedl Free
2. Voodooshield Silent Lock or Web Lock
3. Voodooshield Complete

But if a stripped down product is decided upon then why not call it 'Silent Lock' or 'Silent Web Lock'?

Anyway, just some thought. I will give it further consideration and get back anon.

Cheers, Baldrick
Thank you Baldrick, that helps!  Yeah... it might be kind of a pain to maintain 2 sets of source code.  But as simple as the code for this new product would be... it might not be all that bad.  Either way, it is something to think about ;).

I did start working on this project a little yesterday, and I am just going to kind of work on it slowly over time.  To do it right, it is going to take a little more than 5 hours, which is fine with me... there have been several days the last several years where I coded for 16 hours a day ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 02:54:34 pm
Happy Easter Dan!

VoodooShields is running great with V4.25. Running on W 10 Pro 64bit.  :)
Thank you ssherjj for letting me know ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 02:55:09 pm
Guardian,  nextgen protection from the maker of VoodooShield.
     or
1.VS Guardian
2.VS Guard
3.Voodoo Ai
4.VS Locker
5.Voodoo Protect
6.Voodoo Advanced
Very cool... thank you for the ideas, if you think of more, please let me know ;).  I think the name is the hardest part ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 02:57:54 pm
Thank you Andi and gorblimey.  Yeah, it is difficult to figure out for sure because there are so many options.  Slyguy mentioned that we probably offer a little too much in the free version... and I totally agree.  The only thing is that it is difficult to find other features that can be removed in the free version... but if you guys think of any, please let me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 03:07:44 pm
Dan,

The New Product...

You mean VoodooAi ONLY with few Rules, and NO VirusTotal and other stuffs?

And, Custom VoodooAi Engine, you mean "Local VoodooAi"?


And, please add VS installer link in your signature..easy to find the new builds.
Well, I am not sure yet, but VoodooAi would certainly be a big part of the new product.  The analysis will not be able to run locally because it simply takes way too much compute power and memory to perform the analysis.  The faster machines would not have an issue with it, but older, slower machines would.  The blacklist scan will probably be available to on access scanning... basically when something is "blocked", but obviously we will not be able to scan the entire drive with the blacklist scan like we will with VoodooAi.  Yeah, there will be a large list of rules and algos that will help determine whether a file should be auto allowed or not... just like AutoPilot in VS is now.  But we will not have to be so aggressive with the blocking.  That is... with VS, I do not take any chances at all (at least that I am aware of ;)).  As I always say, there are plenty of products on the market that take chances and auto allow items... which is perfectly fine... that is what they are designed to do.  But I just wanted to do something different with VS, and basically lock the computer and take zero chances.  But with this new product, we will be able to take some chances.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 03:11:42 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.


Thank you guys!

Hi Dan - from what you say this is just the Lite version without any interface. Just wonder if this will produce any worthwhile income stream.
Great point... I am not sure whether it will or not.  One thing we do not want to happen is for users to install it instead of VS.  This new product would be for users or admins who simply will never entertain the idea of locking the computer at all.  And then if it turns out like I think it is going to, maybe that will pique their interest in VS, and maybe they will run it for a little while, and discover that it really is not that much of a hassle to lock the computer when it is at risk... especially being that it is far more secure to do so.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 03, 2018, 03:20:00 pm
Thank you guys, nice to see you Baldrick ;), I will catch up soon... I hope ;).

Real quick... I have been thinking about developing a new product and I wanted to get everyone’s opinion.  It really would not be too much different from VS on AutoPilot, except there would not be a desktop shield gadget, and most of the VS settings, toggling and modes would be removed.  It would resemble some of Next-Gen ML/Ai products, except it would include some of the rules and algos that VS utilizes while on AutoPilot.

See, our new custom VoodooAi engine is almost ready, which we will be implementing into VS soon.  It will no longer rely on Azure or IBM Waston.  So I was thinking that we could quickly and easily build a new product and call it “VoodooShield Silent”.  It actually would not take that long at all.  Last October I created something very similar to this, and it only took 4-5 hours to strip out all of the settings and extra code from VS, to create this product.  I called the product “CrapGuard”, and even registered the domain name back then.  Although the name fit the product… since it guards your computer from crap, I didn’t think that was very professional, so then I was thinking VoodooShield Silent might be a better name.

Then I was thinking that some users would believe it is as secure as VS is, and use it instead of VS, when in fact it will not be as secure, so I never released it.  As everyone knows, I am a true believer in locking the computer when it is at risk, simply because this is when almost all attacks occur… and not locking the computer when it is at risk is simply taking an uncalculated risk. 

This product would be targeted mainly towards SMB and Enterprise customers, whereas VS is targeted toward consumers, SMB and Enterprise customers.  Basically, every web connected device should be locked when it is at risk. 

So anyway, I wanted to get everyone’s opinion, to see if you guys would think a product like this would be useful.  Right now, I am 50/50 on whether to build and release something like this or not.  It would only take 5 or so hours to strip out all of the code from a copy of VS.  And actually, with CrapGuard, once I stripped out all of the code, it was rock solid, since most of the complex code was removed.  It will be even easier this time since VS 4.25 is stable.

Then again, it would not be that different from simply running VS on AutoPilot, so I cannot decided, and would appreciate everyone's opinion.  So what do you guys think? 

Thank you guys!

I think this sounds good Dan, quiet, simple but still impassable?! You seem to have your MoJo back, good to see. Also, the name will be very important and I would like to see some suggestions from other members here, I'll suggest "Shadow VS" or any variation on that, "VS Sentinal" any variation of it, "VoodooShield AI".
Thank you Bryan... well, this new product will be bypassable, and we will be releasing it knowing that it is.  That is the thing I am having an issue with.  I am not sure if I can come to terms with releasing a product that I know is bypassable, and at the same time make users believe they are protected.

Please do not get me wrong... every product will eventually be bypassed.  The difference is releasing a product that knowingly can be bypassed.  At least with VS, I tried my best (and continue) to make it as bulletproof as possible.

I was watching a youtube video last night about a very specific attack... and the video was 1.5 hours long.  They went into ever detail about what all considerations needed to be made in order to successfully block the attack.  When really all they had to do was lock the computer when it is at risk.  I mean, the video almost gave me a headache with all of the stuff that had to be considered in order to block the attack... I mean, it was crazy.  I am not sure why infosec people do this to themselves... the attackers will always be one step ahead.  It must be job security. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 03, 2018, 06:39:43 pm
Dan, what's the point to spend your time on build "not so good" product?
Voodoo reputation will be compromised!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 03, 2018, 07:47:19 pm
Dan, what's the point to spend your time on build "not so good" product?
Voodoo reputation will be compromised!

+1


Don't give weapons to the VS enemies :o
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on April 03, 2018, 10:03:15 pm
Baldrick and dotnetnightmare, sorry I missed your posts with name suggestions, they are great suggestions too. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 04, 2018, 02:54:34 am
Great points, thank you guys!  We can think it over some more and talk about it again in a week or two.  I am not going to work on the new product for at least a week anyway.

Also, I am getting closer to figuring out the VPN issues, and have talked to a couple of different people about it.  From what I understand so far, if the VPN blocks the communication to the database, then we have to talk to the VPN provider.

So I tried SlickVPN and I had the same issues, and I spoke with SlickVPN through email... here is what they said "This sounds like a case of our NAT firewall getting in the way of connections. We are able to remove this restriction, on a per account basis, on request."

If anyone is running SlickVPN and is having this issue, please email me and I will send you the email of the gentleman I was talking to, so they can adjust your account to see if it fixes the issue.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 04, 2018, 04:48:40 pm
win764bit    started up computer and ran live update for norton ns. i shutdown computer every night. while norton was updating, vs blocks a file. norton finish updating. vs has never interfered with norton before and i'm not sure if this was related to norton. just passing along information for dan. thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 05, 2018, 08:14:08 pm
Cool, thank you for letting me know.  We could go either way on this... I can see where it may not be a bad idea for VS to continue to block items like this, but I think there is a safe way we can auto allow certain items from this location.  I will look into it, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 05, 2018, 08:18:11 pm
Hey CloneRanger!

https://www.wilderssecurity.com/threads/voodooshield.313706/page-720#post-2749192

Thank you for reporting the bug... it is fixed and will be included in the next release.

The Blue / ON and Red / OFF is simply represents the status of the lock... it just lets the user know if the lock is ON or OFF.  VS still protects the endpoint when the lock is OFF, but it also auto allows items that are safe, so that it can continuously build the tiny, customized whitelist, so the user is not bombarded with prompts.  So the ON and OFF simply refer to the status of the lock.

You can right click on VS and select "Hide", and the desktop shield gadget will hide.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 05, 2018, 08:49:28 pm
Hi,

This file appears in virustotal clean but VS marks it malicious why?

https://www.7-zip.org/a/7z1801-x64.exe
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 05, 2018, 08:59:17 pm
It is not digitally signed.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 05, 2018, 09:04:46 pm
It is probably a false positive... ML/Ai will always have some false positives, although they are extremely uncommon for commonly downloaded files (at lease for VoodooAi they are).  Someone once said that VoodooAi would not do so well with the top 100 files from a major download site.  If they would have tested instead of speculated, they would have found that it does extremely well ;).

Here is the Cuckoo analysis of that file: http://voodooshield.ddns.net:8080/analysis/12417/

So that file certainly has a lot of characteristics and features of a malicious file, even though it is not.  The funny thing is that I cannot tell you exactly what triggered our Ai algos to believe it was malicious.  I could get an idea of what features triggered the false positive, but there is simply no way the human mind will ever be able to understand all of the extremely complex interconnected relationships between features in an Ai model.

Just for the heck of it, I digitally signed the file and reanalyzed the file with VoodooAi, and the result was 17/100 (Safe).  Sometimes just signing the file makes all of the difference in the world, and sometimes it makes hardly no difference at all.  It all depends on the complex relationships between features in the Ai model.

ML/Ai engines will always have false positives and false negatives.  In real world performance, it is essentially mathematically impossible to achieve anything greater than a 95% or so efficacy with ML/Ai models alone.  If we were able to achieve an efficacy that approached 100%, we would not need to lock our computers when they are at risk ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 05, 2018, 09:06:22 pm
 For Cuckoo Sandbox is malicious. Would it be safe if I install it?   :-\
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 05, 2018, 09:10:23 pm
Instead of 7-zip, I use Bandizip and it is great and digitally signed :D

https://www.bandisoft.com/bandizip/en/ (https://www.bandisoft.com/bandizip/en/)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 05, 2018, 09:20:42 pm
I think I'm going to install Bandizip  ;D

Thanks Andi/Dan !
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 06, 2018, 04:13:22 pm
how would one know to allow or block the msiexe.exe file? what does it do?  attch is info for dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 06, 2018, 05:30:05 pm
Hey Everyone… here is 4.26!  It looks like the major changes in 4.25 worked out pretty well, so we are good to go.  There are no major changes in 4.26, just a couple of small bug fixes, some usability tweaks, and even less command lines should be blocked now.

This will probably be the last version for at least a few weeks, simply because it looks like pretty much all of the bugs are finally worked out… thank you guys for your patients and help while working with me through all of that.

We will release it publicly in a couple of days, assuming there is not a major bug.

www.voodooshield.com/Download/InstallVoodooShield426.exe

SHA256: 204de3fbee5a628a9fa5f9029f29dc475c6ec34d2ca6067dc485cb74bb9b446b

Thank you guys, have a great weekend!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 06, 2018, 05:45:43 pm
For Cuckoo Sandbox is malicious. Would it be safe if I install it?   :-\
Hehehe... that is the $64,000 question ;).  In this case we hopefully can assume it is safe, since it is 7zip... but these days it seems impossible to tell for sure.  Usually, out of the Blacklist Scan, VoodooAi and Cuckoo, I usually see which 2 (or 3) are in agreement, and assume that is the correct verdict.  But in this case, the results are kind of all over the board... which is quite uncommon.

Here is the interesting thing (I actually just noticed this)... if you look at the 3 individual VoodooAi models, they average out to 45 (safe).  So it might have been a bug in the old code that recorded a 100 for the VoodooAi composite score, assuming the initial VoodooAi analysis for that file was performed several months ago.

Here is what I will do... in a couple of days, I will delete the old VoodooAi result for that file, and we can reanalyze it.  The reason I am waiting is so you guys will have a chance to look at the 3 models, so you will see what I mean.  I am hoping that after we reanalyze the file, the VoodooAi score will be 45.

So basically, now that I look at this more, I think the 100 was a bug in the old code... but we will see in a couple of days.

One thing is for sure, if a file has a VoodooAi score of > 75, I look extra hard at that file before I allow it.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 06, 2018, 05:52:32 pm
how would one know to allow or block the msiexe.exe file? what does it do?  attch is info for dan
Hi... in your example, it looks like they are blocking network connections, pretty much like a firewall would.  VS handles msiexec a little different.  Basically it parses the command line and obtains the path of the actual executable associated with this block, and basically converts it to a path.  We can then analyze that file and figure out what to do next.  VS doesn't do anything with network connections / firewalls... yet ;). 

VS 5.0 will probably be focused on post-execution behaviors and network connections / firewalls.  This is so that if a user does allow something they should not have, VS can block it later down the line.  VS was not initially intended to perform operations like this, but what can I say... things change ;).  The biggest motivating factor is that the built in Windows Security in Windows 10 has become so killer the last year or so (I believe because of ML/Ai implementations ;)), that some day it will probably reach the point that the only thing left to do is to lock the computer when it is at risk.

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 06, 2018, 05:53:08 pm
Why update again not recognize that there is a new version?

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 06, 2018, 05:55:07 pm
Why update again not recognize that there is a new version?
Hehehe, sorry, this is a beta version, so you will need to install 4.26 manually.  Once I release 4.26 publicly, it will work as expected ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 06, 2018, 06:00:58 pm
FINALLY !!!
We are waiting for this for a long time Dan, thank you  ;)
Reply #363   https://calendarofupdates.org/index.php?topic=770.msg5681#msg5681

Dan, I have been so happy for this... ::)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Askmark on April 06, 2018, 09:07:53 pm
Hi Dan,

I've just installed 4.26 and it's asking to restart the computer to complete installation. This is the first time i've ever been required to reboot after installing Voodooshield. Has something changed?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 06, 2018, 09:37:47 pm
For Cuckoo Sandbox is malicious. Would it be safe if I install it?   :-\
Hehehe... that is the $64,000 question ;).  In this case we hopefully can assume it is safe, since it is 7zip... but these days it seems impossible to tell for sure.  Usually, out of the Blacklist Scan, VoodooAi and Cuckoo, I usually see which 2 (or 3) are in agreement, and assume that is the correct verdict.  But in this case, the results are kind of all over the board... which is quite uncommon.

Here is the interesting thing (I actually just noticed this)... if you look at the 3 individual VoodooAi models, they average out to 45 (safe).  So it might have been a bug in the old code that recorded a 100 for the VoodooAi composite score, assuming the initial VoodooAi analysis for that file was performed several months ago.

Here is what I will do... in a couple of days, I will delete the old VoodooAi result for that file, and we can reanalyze it.  The reason I am waiting is so you guys will have a chance to look at the 3 models, so you will see what I mean.  I am hoping that after we reanalyze the file, the VoodooAi score will be 45.

So basically, now that I look at this more, I think the 100 was a bug in the old code... but we will see in a couple of days.

One thing is for sure, if a file has a VoodooAi score of > 75, I look extra hard at that file before I allow it.  Thank you!

Hi Dan,

Thanks for the explanation, we will wait for the new analysis for that file.
On the other hand, I have three more questions:


1-Can VS block command lines executed using UNC path?
2-Could VS block (powershell.exe, mshta.exe, etc.) if it is renamed and executed in another folder?
3-VS can detect very obfuscated scripts?

Thank you! :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 07, 2018, 01:31:14 am
Hi Dan,

I've just installed 4.26 and it's asking to restart the computer to complete installation. This is the first time i've ever been required to reboot after installing Voodooshield. Has something changed?
I noticed that too... it has something to do with InnoSetup, it kind of has a mind of its own... and it is such a great installer builder that I just let it figure everything out.  But no, nothing has changed in the VS code that would trigger this.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 07, 2018, 01:38:08 am
For Cuckoo Sandbox is malicious. Would it be safe if I install it?   :-\
Hehehe... that is the $64,000 question ;).  In this case we hopefully can assume it is safe, since it is 7zip... but these days it seems impossible to tell for sure.  Usually, out of the Blacklist Scan, VoodooAi and Cuckoo, I usually see which 2 (or 3) are in agreement, and assume that is the correct verdict.  But in this case, the results are kind of all over the board... which is quite uncommon.

Here is the interesting thing (I actually just noticed this)... if you look at the 3 individual VoodooAi models, they average out to 45 (safe).  So it might have been a bug in the old code that recorded a 100 for the VoodooAi composite score, assuming the initial VoodooAi analysis for that file was performed several months ago.

Here is what I will do... in a couple of days, I will delete the old VoodooAi result for that file, and we can reanalyze it.  The reason I am waiting is so you guys will have a chance to look at the 3 models, so you will see what I mean.  I am hoping that after we reanalyze the file, the VoodooAi score will be 45.

So basically, now that I look at this more, I think the 100 was a bug in the old code... but we will see in a couple of days.

One thing is for sure, if a file has a VoodooAi score of > 75, I look extra hard at that file before I allow it.  Thank you!

Hi Dan,

Thanks for the explanation, we will wait for the new analysis for that file.
On the other hand, I have three more questions:


1-Can VS block command lines executed using UNC path?
2-Could VS block (powershell.exe, mshta.exe, etc.) if it is renamed and executed in another folder?
3-VS can detect very obfuscated scripts?

Thank you! :D
1.  Yes.  I heard about the \\localhost\c$\Windows\System32\cmd.exe issue, and forgot to fix it in 4.26, but I just now fixed it for the next version.  We will wait a couple of days to see if there are any other bugs, then I will release a fixed version.  It turns out... the code was correct, but VS tripped when it tried to get the digital signature for this command line, so it threw an exception.  It was a super easy fix, and this issue will also be fixed for any other time that VS trips when trying to obtain the digital signature.  Obviously it does not happen that often, or we would have seen it cause a lot more problems.

2.  Yes.  For example, if you copy powershell.exe to your desktop, VS will think it is just another random non-whitelisted item and block it.  See what I mean?

3.  Yes, it doesn't matter how obfuscated something is, VS is going to block it.  And actually, the more obfuscated an executable is, the higher the VoodooAi score, in general.

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 07, 2018, 01:55:42 am
how would one know to allow or block the msiexe.exe file? what does it do?  attch is info for dan

It's the Microsoft Installer package.  It's almost certainly "protected", but in any case just leave it alone.

If you think it might be compromised, exit all of your AV suites: turn them off/disable them, then run an offline scan.  msiexec lives in many locations, this could take time.

I see your security app mentioned the program could be a hijack candidate.  The bad news is that almost any exe file is a hijack candidate: notepad, calculator, wordpad...

This sort of thing brings up the subject of Security 101: "Never assume your box is clean.  You must assume it has already been penetrated, and your task is to mitigate the damage."  Ideally, you start (over) with a fresh clean offline OS install.  Then you add the security system of choice, and only then do you add your productivity apps/suite(s) and maybe register the OS online.  At this stage you are desperately hoping the security suite is uncompromised...

Having said all that, assuming VS is installed on a clean box, it will protect you because anything that hijacks msiexec is not on the whitelist.  It is possible that msiexec is also not whitelisted but OTOH it is a system file and gets close attention from VS anyway.

My personal experience is that all of these wonderful security suites are a complete waste of time on a good day and a major hazard on all other days.  I use ZAM Free and MBAM Free separately to scan the system once a month, after which both are totally disabled (they have services) and VS is re-enabled to hold my hand for the rest of the month.  As soon as Glasswire gets multi-user capabilities I'll install it, light up Windows Firewall, and enjoy the best protection on the planet.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on April 07, 2018, 05:44:08 am
4.26 working great Win 10 64bt

I'm not a smart man , Dan, but i do know what love is. I love you..
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 07, 2018, 06:12:10 am
VS 5.0 will probably be focused on post-execution behaviors and network connections / firewalls.  This is so that if a user does allow something they should not have, VS can block it later down the line.

Hi Dan - I'm a firm and True Believer in "One purpose for each app  >:(".  I can see where a limited network oversight could be useful, but firewalling is best done by a professional bricklayer purpose-built firewall.  And I certainly would never entertain a firewall which claims AV capabilities.  As far as VS is concerned, I would be satisfied with a popup informing me that some.exe/dll/whatever is phoning out and would I like to tell WF about it?

This is the major reason I'm interested in Glasswire as a frontend to WF which I am told is highly effective even in Win7.  I'm very thankful Slyguy posted his experience with an unsuspected infection and how Terra Privacy Hacker Defender told him about it.  Slyguy's experience is a lesson for us all.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 07, 2018, 06:44:24 am
VS 5.0 will probably be focused on post-execution behaviors and network connections / firewalls.  This is so that if a user does allow something they should not have, VS can block it later down the line.

Hi Dan - I'm a firm and True Believer in "One purpose for each app  >:(".  I can see where a limited network oversight could be useful, but firewalling is best done by a professional bricklayer purpose-built firewall.  And I certainly would never entertain a firewall which claims AV capabilities.  As far as VS is concerned, I would be satisfied with a popup informing me that some.exe/dll/whatever is phoning out and would I like to tell WF about it?

This is the major reason I'm interested in Glasswire as a frontend to WF which I am told is highly effective even in Win7.  I'm very thankful Slyguy posted his experience with an unsuspected infection and how Terra Privacy Hacker Defender told him about it.  Slyguy's experience is a lesson for us all.
It depends.. what Dan means with network protection.

Comodo guys implemented network protection (no firewall) in Comodo Cloud Antivirus.. it blocks connections of programs running in sandbox.. prevents keyloggers, etc malicious/unknown items from transmitting data to their server.
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 07, 2018, 01:57:52 pm
gorblimey thanks for your reply.   my set-up: win764bit, sandboxie, vs, norton ns, firefox w/ ubo, unchecky, mbam on-demand.  i had made an earlier post about (pg 28) vs blocked an msiexe.exe file. i didn't know what the file was and why it even showed up. i do not have nvt sysharder installed, just reading the post and saw msiexe.exe mentioned.  thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on April 07, 2018, 10:21:00 pm
Ok try this:

Without any browser open, plug in your smart phone to the USB port to charge. The desktop icon will turn blue with USB on it.
Now open Edge and unplug the USB cord. The USB will go away. Now plug the USB cable back in a on my machine the USB never comes back.

Step 2: Now shut down Edge and wait a few min. The desktop icon remains blue with no USB. Now unplug the USB and it should go to off. Now plug the USB back in and you will see blue with USB again.
I am just wondering if this is just my machine or other see this too.
Title: Re: VoodooShield v4 STABLE Thread
Post by: acooldozen on April 08, 2018, 12:36:12 am
Tell me you are kidding?
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 08, 2018, 02:34:36 am
Ok try this:

Without any browser open, plug in your smart phone to the USB port to charge. The desktop icon will turn blue with USB on it.
Now open Edge and unplug the USB cord. The USB will go away. Now plug the USB cable back in a on my machine the USB never comes back.

Step 2: Now shut down Edge and wait a few min. The desktop icon remains blue with no USB. Now unplug the USB and it should go to off. Now plug the USB back in and you will see blue with USB again.
I am just wondering if this is just my machine or other see this too.

ON and USB are same i.e computer locked and protected.

ON - when a web app is running.
USB - when a USB is inserted.

ON - when a web app is run first and then a USB is connected.
USB - when a USB is connected first and then a web app is run.

The above is my understanding.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 08, 2018, 03:34:41 pm
4.26 working great Win 10 64bt

I'm not a smart man , Dan, but i do know what love is. I love you..
How funny, thank you Mr.Gump ;).  Usually people just say they love VS, but this is cool too ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on April 08, 2018, 04:50:28 pm
Ok try this:

Without any browser open, plug in your smart phone to the USB port to charge. The desktop icon will turn blue with USB on it.
Now open Edge and unplug the USB cord. The USB will go away. Now plug the USB cable back in a on my machine the USB never comes back.

Step 2: Now shut down Edge and wait a few min. The desktop icon remains blue with no USB. Now unplug the USB and it should go to off. Now plug the USB back in and you will see blue with USB again.

Ok but still seems strange to me. I won't mention it again.



I am just wondering if this is just my machine or other see this too.

ON and USB are same i.e computer locked and protected.

ON - when a web app is running.
USB - when a USB is inserted.

ON - when a web app is run first and then a USB is connected.
USB - when a USB is connected first and then a web app is run.

The above is my understanding.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 08, 2018, 04:58:19 pm
how would one know to allow or block the msiexe.exe file? what does it do?  attch is info for dan

It's the Microsoft Installer package.  It's almost certainly "protected", but in any case just leave it alone.

If you think it might be compromised, exit all of your AV suites: turn them off/disable them, then run an offline scan.  msiexec lives in many locations, this could take time.

I see your security app mentioned the program could be a hijack candidate.  The bad news is that almost any exe file is a hijack candidate: notepad, calculator, wordpad...

This sort of thing brings up the subject of Security 101: "Never assume your box is clean.  You must assume it has already been penetrated, and your task is to mitigate the damage."  Ideally, you start (over) with a fresh clean offline OS install.  Then you add the security system of choice, and only then do you add your productivity apps/suite(s) and maybe register the OS online.  At this stage you are desperately hoping the security suite is uncompromised...

Having said all that, assuming VS is installed on a clean box, it will protect you because anything that hijacks msiexec is not on the whitelist.  It is possible that msiexec is also not whitelisted but OTOH it is a system file and gets close attention from VS anyway.

My personal experience is that all of these wonderful security suites are a complete waste of time on a good day and a major hazard on all other days.  I use ZAM Free and MBAM Free separately to scan the system once a month, after which both are totally disabled (they have services) and VS is re-enabled to hold my hand for the rest of the month.  As soon as Glasswire gets multi-user capabilities I'll install it, light up Windows Firewall, and enjoy the best protection on the planet.
Absolutely... I am not going to turn VS into a security suite or a Swiss Army Knife.  I just think it would also be cool to add post execution behavior analysis to VS in a very unique way, especially since it is not like we are going to have to redesign VS from the ground up like we did in VS 4.0, which cause a lot of bugs.  There will actually be very, very few new bugs introduced.  Basically, now that VS is stable, there is not a chance that I am going to put the users or myself through a massive debugging process again.

In general, what I mean by this new feature that implements post execution behavior analysis is this...

First of all, from a high level, computers are machines that essentially perform one function... execute code.  The only practical way to keep them safe is to only allow them to execute the code that you knowingly want them to allow.   If you consider most or all of the non-Windows operating systems, they pretty much all operate on this principle, and typically require SU rights (e.g. password) in order for new executable code to be introduced / executed.  Somehow, the cybersecurity industry as a whole, has abandoned this model in favor of a more user-friendly model, and somehow actually believe that they are able to sufficiently protect the system.  This is where the cybersecurity industry went wrong, and the end result has been massive breaches and massive growth in malware in the wild.... 6 years ago there were 15,000 new malware today, now there are 300,000-1,000,000.

For example, have you ever noticed how a lot of the anti-ransomware tools start off as post-execution behavior blockers, and eventually evolve into anti-executables?  Well, there is a reason for that ;).  If you ask me, this is exactly backwards.  If all I ever run on my computer is Microsoft Word (to write letters), games, Quickbooks, Photoshop, etc., and never launch a web browser or email client (or USB), the computer is simply never going to become infected.  It is only when you are connected to the internet and start browsing the web and checking email, that you are at risk for infection. 

And this is exactly what a lot of people do not understand about VS.  They do not understand that if you simply block all known and unknown executable code when the user is engaged in risky activity, you have pretty much eliminated the problem.  I mean really, why would anyone ever allow new, non-whitelisted executable code when the user is browsing the web or checking email?

So you start with locking the computer when it is at risk.  But it would also be nice to monitor post-execution behaviors, such as ransomware, cryptominer, MBR, etc.., in the event the user accidentally allowed something they should not have.  Basically, VS will be performing similar post-execution behavior analysis that the anti-ransom tools currently perform, but only after most of the bad items have already been filtered out by our lock.

Here is where things get interesting... if the user introduces new code while they were browsing the web or checking email, because of our initial patent, only VS can offer multiple levels of protection.  Basically, if a new item is allowed while the computer is at risk, it will be examined more closely by our post-execution behavior blocker than, for example, medical software that was installed when the computer was not at risk.  In OSX, there is warning "This is an application downloaded from the Internet. Are you sure you want to open it?"  Well, this new feature will take this one step further... VS will simply mark / flag the item as being introduced while the user was doing something risky, if and only if, the new item actually originated from a web app.

For example, I am sure that most of us have a folder where we store all of our favorite utilities / installers, much the same way SMB and enterprises store these items on a network share.  These items, and their associated child process will either not be subject to examination by the behavior blocker at all, or if they are, they will be examined less aggressively.

So basically any new executable code that originated from the internet, and was actively downloaded during the session, will be subject to close(r) examination by VS's post-execution behavior blocker.  Essentially what we will have is a behavior blocker that is aggressive when it needs to be, and far fewer false positives than traditional behavior blockers.  It is going to be seriously cool.  And trust me, there is not a chance that I will do anything to introduce tons of new bugs ;).

BTW, I think it is important to elaborate on the distinction between pre-execution and post-execution behavior blockers.  Examples of pre-execution "behavior" blockers are technologies like VS on AutoPilot (and when VS is in Smart OFF mode)... and another example is OSArmor.  When VS is ON (Always ON, Smart ON), it does not need these "behavior" blockers, simply because all new executable code should be blocked when the lock is on (usually because the computer is at risk).  This new behavior blocker feature will all happen post-execution, and will be a similar technology to the other security products that are focused on behavior blocking.  The main difference will be VS should have far less false positives, because it will only closely monitor dangerous new items, as described above.

Either way, we will continue to offer the current version of VS until everyone is happy with the end result ;).  I am going to keep everything extremely simple... that is the whole point of VS ;).  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 08, 2018, 04:59:36 pm
Ok try this:

Without any browser open, plug in your smart phone to the USB port to charge. The desktop icon will turn blue with USB on it.
Now open Edge and unplug the USB cord. The USB will go away. Now plug the USB cable back in a on my machine the USB never comes back.

Step 2: Now shut down Edge and wait a few min. The desktop icon remains blue with no USB. Now unplug the USB and it should go to off. Now plug the USB back in and you will see blue with USB again.
I am just wondering if this is just my machine or other see this too.

ON and USB are same i.e computer locked and protected.

ON - when a web app is running.
USB - when a USB is inserted.

ON - when a web app is run first and then a USB is connected.
USB - when a USB is connected first and then a web app is run.

The above is my understanding.
That sounds about right to me... let me read through the various posts on the USB toggling and revisit this feature.  The last post took a lot longer than I expected, and I am running late, but I will catch up soon, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 08, 2018, 07:42:31 pm
Dan,

This means that with the new post execution behavior analysis that VS will have, it will be able to block attacks like the ccleaner?
That is, supposedly "trusted" applications (3rd party/OS) that with an update become bad ( Keylogging, Data exfiltration, Code injection, etc.)

I am right?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 08, 2018, 11:14:01 pm
Dan,

This means that with the new post execution behavior analysis that VS will have, it will be able to block attacks like the ccleaner?
That is, supposedly "trusted" applications (3rd party/OS) that with an update become bad ( Keylogging, Data exfiltration, Code injection, etc.)

I am right?
Pretty much, yeah... but we will need to handle automatic software updates a little differently (since most do not utilize a web app to perform the update) , but yeah, the whole point of this new feature is to mitigate attacks like you mentioned.  I have a couple of ideas on how to handle automatic software updates... it should be quite easy.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 09, 2018, 03:45:15 am
I have a couple of ideas on how to handle automatic software updates... it should be quite easy.  Thank you!

You need to take things like Zemana Anti Malware into account.  See https://www.wilderssecurity.com/threads/zam-free.395690/#post-2700849 (https://www.wilderssecurity.com/threads/zam-free.395690/#post-2700849) for a really bad example.  IMHO VS handled the problem with flair and aplomb.

Ummmm... Of course.  Screenshot somewhere.  What ZAM does is generate a randomly named tmp update file (exe?) into %appdata\temp%, and then ¿executes? it.  I have now locked down %appdata\temp% on all accounts plus Program Data with a small set of Rules, so that will never happen again.

(Ummmm, yes.  On the Rules, is it possible to have something in the Rule name that looks like a qualified path to the folder/file of interest?  ATM it appears like I am referencing the same folder several times.)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 09, 2018, 07:56:28 am
I have a couple of ideas on how to handle automatic software updates... it should be quite easy.  Thank you!

You need to take things like Zemana Anti Malware into account.  See https://www.wilderssecurity.com/threads/zam-free.395690/#post-2700849 (https://www.wilderssecurity.com/threads/zam-free.395690/#post-2700849) for a really bad example.  IMHO VS handled the problem with flair and aplomb.

Ummmm... Of course.  Screenshot somewhere.  What ZAM does is generate a randomly named tmp update file (exe?) into %appdata\temp%, and then ¿executes? it.  I have now locked down %appdata\temp% on all accounts plus Program Data with a small set of Rules, so that will never happen again.

(Ummmm, yes.  On the Rules, is it possible to have something in the Rule name that looks like a qualified path to the folder/file of interest?  ATM it appears like I am referencing the same folder several times.)
A while back, I mentioned that at some point I was going to write some malware (I had never done this before, honest ;)), and since I had some time, I decided to do so.  Obviously, the whole purpose of this adventure was to see how well security products do against true zero day malware.

Of course I had to make this a ransomware type malware, so I started my malware project with a typical VisualStudio winforms project and wrote some simple code to rename the extensions of the files in the My Pictures folder, and borrowed some online code to encrypt the files.  This took all of 15 minutes.

So I played around with all of this and performed a lot of tests. It turns out that a lot of security products rely highly upon digital signatures.  This is truly sad because you can buy one for $80 or so, and make $100,000 with ransomware.  I am actually not that familiar with the details of obtaining a digital signature, so please ignore my last statement.  But please do not ignore this... SECURITY SOFTWARE SHOULD NOT RELY ON DIGITAL SIGNATURES, and it should not rely on cloud based reputation / global whitelists (those are simply pre-approved items that were scanned with the blacklist and executed in a sandbox... especially when the average time to discovery is like 231 days (I could be wrong about 231, but it is something like that).

Anyway, my whole point to all of this... Zemana actually did the best out of all of products that I tested.  Most of the anti-ransomware products did really well too.  I was surprised that the behavior based anti-malware products completely missed it.  Just lock the computer when it is at risk, and then there is no guessing.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 09, 2018, 10:11:26 am
But please do not ignore this... SECURITY SOFTWARE SHOULD NOT RELY ON DIGITAL SIGNATURES, and it should not rely on cloud based reputation / global whitelists (those are simply pre-approved items that were scanned with the blacklist and executed in a sandbox... especially when the average time to discovery is like 231 days (I could be wrong about 231, but it is something like that).

+1

I chose ZAM because it is held in very high esteem.  But any Anti-Malware that behaves like a malware will have a very short stay on my box.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 11, 2018, 02:23:51 pm
Hey everyone, I just released 4.28 to the public, you can download it here:    https://voodooshield.com/Download/InstallVoodooShield.exe

Or it will auto update when VS starts.

I was going to post 4.28 on here, but there were only a few very small changes... one was a change that will further limit command line blocks, one was fixing an issue with git.exe since it is treated as a vulnerable process (all of the github type apps should work great with VS now), and a user suggested that if a password is enabled in VS, that the user is only prompted when they try to change to a less aggressive mode.

SHA-256: ca76e36595e83605ae07d76f15f6fcc3cf7ec77b60aced1d9f8b94c6feca25a5

Thank you guys for all of your help!  That should be it for now.  I am going to take a couple weeks break from coding and work on some marketing items (unless some major bug appears out of nowhere).  This will give me time to think about what VS 5.0 should look like, and then you guys and I will discuss everything to make sure we are on the right path.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on April 11, 2018, 02:39:43 pm
Hey everyone, I just released 4.28 to the public, you can download it here:    https://voodooshield.com/Download/InstallVoodooShield.exe

Or it will auto update when VS starts.

I was going to post 4.28 on here, but there were only a few very small changes... one was a change that will further limit command line blocks, one was fixing an issue with git.exe since it is treated as a vulnerable process (all of the github type apps should work great with VS now), and a user suggested that if a password is enabled in VS, that the user is only prompted when they try to change to a less aggressive mode.

SHA-256: ca76e36595e83605ae07d76f15f6fcc3cf7ec77b60aced1d9f8b94c6feca25a5

Thank you guys for all of your help!  That should be it for now.  I am going to take a couple weeks break from coding and work on some marketing items (unless some major bug appears out of nowhere).  This will give me time to think about what VS 5.0 should look like, and then you guys and I will discuss everything to make sure we are on the right path.

Thanks Dan installing it now!
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on April 11, 2018, 04:27:00 pm
V. 4.28 Auto Update, very smooth.
VS has been running without 'any' issues on my OS's for quite some time now.
Thanks Dan. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 11, 2018, 07:55:49 pm
win10 w/ windows defender   auto-update 4.28 installs without a peep     win7 w/ norton ns   auto-updated triggered norton firewall but still installed. i love vs.  attach is info for dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on April 11, 2018, 10:38:11 pm
Hey everyone, I just released 4.28 to the public, you can download it here:    https://voodooshield.com/Download/InstallVoodooShield.exe

Or it will auto update when VS starts.

I was going to post 4.28 on here, but there were only a few very small changes... one was a change that will further limit command line blocks, one was fixing an issue with git.exe since it is treated as a vulnerable process (all of the github type apps should work great with VS now), and a user suggested that if a password is enabled in VS, that the user is only prompted when they try to change to a less aggressive mode.

SHA-256: ca76e36595e83605ae07d76f15f6fcc3cf7ec77b60aced1d9f8b94c6feca25a5

Thank you guys for all of your help!  That should be it for now.  I am going to take a couple weeks break from coding and work on some marketing items (unless some major bug appears out of nowhere).  This will give me time to think about what VS 5.0 should look like, and then you guys and I will discuss everything to make sure we are on the right path.

Thank you Dan! I just installed 4.28 manually and everything went smoothly. 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 11, 2018, 11:24:42 pm
The automatic update also went smoothly and v4.28 is running fine  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 12, 2018, 06:50:55 am
Downloaded manually and did over install and running absolutely fine here.

By the way, did you skip version 4.27?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 12, 2018, 04:29:46 pm
Downloaded manually and did over install and running absolutely fine here.

By the way, did you skip version 4.27?
Very cool, thank you guys!

Yeah, 4.27 was just a quick git.exe test with a couple of the github users.  It went really quick, and there we no reason to bother you guys with it.  It took forever to be able to reliably reproduce the git.exe bug, but once we finally figured out a way, the fix took about a minute ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 12, 2018, 04:34:22 pm
win10 w/ windows defender   auto-update 4.28 installs without a peep     win7 w/ norton ns   auto-updated triggered norton firewall but still installed. i love vs.  attach is info for dan
Hmmm, very interesting, thank you for letting me know!  If you go to c:\Program Files\VoodooShield\VoodooShield.exe, and right click and check out the digital signature, does everything look okay?  I just double checked it and it looks good on my end.

Is anyone else having this issue?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on April 12, 2018, 08:23:35 pm
Hmmm, very interesting, thank you for letting me know!  If you go to c:\Program Files\VoodooShield\VoodooShield.exe, and right click and check out the digital signature, does everything look okay?  I just double checked it and it looks good on my end.

Is anyone else having this issue?

What issue? What is interesting? Am I missing some posts?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 12, 2018, 08:36:03 pm
Hmmm, very interesting, thank you for letting me know!  If you go to c:\Program Files\VoodooShield\VoodooShield.exe, and right click and check out the digital signature, does everything look okay?  I just double checked it and it looks good on my end.

Is anyone else having this issue?

What issue? What is interesting? Am I missing some posts?
Sorry, I forgot to quote... it is fixed directly above, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 12, 2018, 08:59:22 pm
dan,  attach of digital sigs.  does this look right
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 13, 2018, 02:23:57 am
Yeah, looks right to me... very odd.  If you double click on each one, it should say "The digital signature is OK".  Does it?

I am thinking that it must just be a fluke of some kind.

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on April 13, 2018, 11:24:42 am
win10 w/ windows defender   auto-update 4.28 installs without a peep     win7 w/ norton ns   auto-updated triggered norton firewall but still installed. i love vs.  attach is info for dan
Hmmm, very interesting, thank you for letting me know!  If you go to c:\Program Files\VoodooShield\VoodooShield.exe, and right click and check out the digital signature, does everything look okay?  I just double checked it and it looks good on my end.

Is anyone else having this issue?

Hi Dan - I did get "no digital sig" at the last element to be loaded and also got a "code (5)" popup whatever that means, but continued to install ok. This was an auto update on Win 8.1. Have just tried installing 4.28 again and no issues. Maybe it is only on auto that it happens.
Title: Re: VoodooShield v4 STABLE Thread
Post by: topo on April 13, 2018, 01:04:30 pm
dan,   digital sigs are ok
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on April 13, 2018, 09:00:35 pm
Hi Dan, no indicator thingy on the green till yellow scale again. VS 4.28. Win 7 64bit
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on April 13, 2018, 09:02:40 pm
I get the attached popup with v4.28. The file is located in the nvidiacontainer folder in c:\Program Files.  If I hit either Block or Allow, the popup just keeps coming back immediately.  Endless loop.  Any suggestions?
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 14, 2018, 05:46:55 am
@Silver0066 - what does the "Details" button (bottom right of the red box) tell you?  Also, at what stage does the popup appear--booting, lighting an app, etc?  (I do seem to remember that Nvidia can be problematical at times, but this doesn't seem to be one of those.)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 15, 2018, 08:31:46 am
dan,   digital sigs are ok
Hmmm, that is odd... it must be a bug on their end.  I have tested our signature in several different ways, and it all looks good.  For a second I was concerned that there was the possibility that I was writing demo malware and playing around with signing it... but I think we are good to go.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 15, 2018, 08:32:59 am
Hi Dan, no indicator thingy on the green till yellow scale again. VS 4.28. Win 7 64bit
Is it just for this item?  Hopefully so... but if not, please let me know.  It is a very long story, but it will be fixed soon either way ;).  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 15, 2018, 08:34:59 am
I get the attached popup with v4.28. The file is located in the nvidiacontainer folder in c:\Program Files.  If I hit either Block or Allow, the popup just keeps coming back immediately.  Endless loop.  Any suggestions?
I searched our logs and found the error... can you please send me your DeveloperLog.log (support@voodooshield.com)... it might have more info that I need.  I have a hunch what is going on... and it should be a simple fix.  Thank you for reporting that!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 15, 2018, 08:39:57 am
win10 w/ windows defender   auto-update 4.28 installs without a peep     win7 w/ norton ns   auto-updated triggered norton firewall but still installed. i love vs.  attach is info for dan
Hmmm, very interesting, thank you for letting me know!  If you go to c:\Program Files\VoodooShield\VoodooShield.exe, and right click and check out the digital signature, does everything look okay?  I just double checked it and it looks good on my end.

Is anyone else having this issue?

Hi Dan - I did get "no digital sig" at the last element to be loaded and also got a "code (5)" popup whatever that means, but continued to install ok. This was an auto update on Win 8.1. Have just tried installing 4.28 again and no issues. Maybe it is only on auto that it happens.
Are you talking about when you install or upgrade VS?  If so... I just fixed this today, and it will be fixed in the next release.  Basically, the service used to not start VS after installation, but now it does.  We used to have the installer start VS after installation.  Well... the two conflicted because they were essentially trying to start VS at the same time.  It was an easy fix... I just had to comment out the code in the installer that started VS after installation ;).  Please try the next version in a couple of days, and if you have any problems, please let me know... thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on April 15, 2018, 09:49:15 am
Hi Dan, no indicator thingy on the green till yellow scale again. VS 4.28. Win 7 64bit
Is it just for this item?  Hopefully so... but if not, please let me know.  It is a very long story, but it will be fixed soon either way ;).  Thank you!
It was just this programm at that moment. When i see that happening i just report it so it is hopefully easier to fix :)
Have a nice weekend all
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on April 15, 2018, 01:42:32 pm
@Silver0066 - what does the "Details" button (bottom right of the red box) tell you?  Also, at what stage does the popup appear--booting, lighting an app, etc?  (I do seem to remember that Nvidia can be problematical at times, but this doesn't seem to be one of those.)
I re-installed the Nvidia drivers and everything is now OK.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 16, 2018, 12:09:26 am
Dan,

Is there any time set to connect to cloud for the verdict?
Like couple secs, and if VS cannot connect to cloud for some reasons within those secs, it will give an alert "connect to internet......" or cloud error or something.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 16, 2018, 07:26:53 am
I re-installed the Nvidia drivers and everything is now OK.

No worries  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Silver0066 on April 16, 2018, 01:26:06 pm
I get the attached popup with v4.28. The file is located in the nvidiacontainer folder in c:\Program Files.  If I hit either Block or Allow, the popup just keeps coming back immediately.  Endless loop.  Any suggestions?
I searched our logs and found the error... can you please send me your DeveloperLog.log (support@voodooshield.com)... it might have more info that I need.  I have a hunch what is going on... and it should be a simple fix.  Thank you for reporting that!
Hi Dan,
Before I saw this reply, I did a full restore of my system drive and reinstalled the Nvidia driver and all is working well.  As a result, I don't have the logs.
Thanks anyway,
Silver
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 20, 2018, 05:44:29 am
Dan,

On one of my systems, I use the following tweaked settings-

Mode - AutoPilot

Advanced Settings
Automatically scan blocked files with the multi-engine blacklist scanner [ Unchecked ]

Rules
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90

Offline i.e internet disconnected or not available, UNSAFE programs are allowed instead of generating alerts.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 20, 2018, 02:05:34 pm
Hmmm, interesting, thank you for letting me know.  There must be a reason... what was the VoodooAi score?  Out of curiosity, what was the blacklist scan result?

Can you send me the file?

Now that you mention this... we should consider disabling certain options when VS is on AutoPilot.  When VS is on AutoPilot, all of the file insight mechanisms really should be enabled.  In other words... AutoPilot utilizes the file insight mechanisms to determine whether to automatically allow a file or not... and if the user starts turning off these mechanisms, who knows what could go wrong.

Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 20, 2018, 02:23:17 pm
I get the attached popup with v4.28. The file is located in the nvidiacontainer folder in c:\Program Files.  If I hit either Block or Allow, the popup just keeps coming back immediately.  Endless loop.  Any suggestions?
I searched our logs and found the error... can you please send me your DeveloperLog.log (support@voodooshield.com)... it might have more info that I need.  I have a hunch what is going on... and it should be a simple fix.  Thank you for reporting that!
Hi Dan,
Before I saw this reply, I did a full restore of my system drive and reinstalled the Nvidia driver and all is working well.  As a result, I don't have the logs.
Thanks anyway,
Silver
Thank you for letting me know... there is a slight tweak I need to make for drivers, and I found a way to reproduce a similar situation, so I will do that today or this weekend and release the next version.  There were a couple of other small bug fixes the last couple of weeks that I have already fixed as well...

1.  Startup message after installation - The installer used to start VS after installation, but since the service starts the gui now, I needed to remove the startup entry from the installer... otherwise sometimes both were trying to start VS at the exact same time, and it would display an error message.

2.  Weird command line bug when the process name was nothing - A user reported a bug and it was easy to reproduce and fix... it was a very, very odd situation.

BTW, the error logs are pretty much completely error free at this point, so we are in great shape.

Thank you guys, have great weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 20, 2018, 02:27:02 pm
Dan,

Is there any time set to connect to cloud for the verdict?
Like couple secs, and if VS cannot connect to cloud for some reasons within those secs, it will give an alert "connect to internet......" or cloud error or something.
Yes, there is currently a 3 second timeout.  Is that about right, or should I increase or decrease it?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 20, 2018, 02:31:14 pm
Hi Dan, no indicator thingy on the green till yellow scale again. VS 4.28. Win 7 64bit
Is it just for this item?  Hopefully so... but if not, please let me know.  It is a very long story, but it will be fixed soon either way ;).  Thank you!
It was just this programm at that moment. When i see that happening i just report it so it is hopefully easier to fix :)
Have a nice weekend all
I see... that makes sense.  Yeah, there are still a few invalid VoodooAi results being stored in the database from old versions of VS.  As users upgrade to 4.28, this will occur less and less frequently.  These invalid entries are removed from the database twice a day... but every one in a while, this will probably continue to happen until everyone is on 4.28 or above.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 20, 2018, 06:04:14 pm
Dan,

Two comments:

1-I have VS free , how can I reinstall it if I forgot the password?
2-Relatively often, I have this message: Internet Connection Not Detected!
   What could it be? The firewall is discarded because VS is completely allowed.


Thanks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 20, 2018, 07:09:29 pm
Dan,

Is there any time set to connect to cloud for the verdict?
Like couple secs, and if VS cannot connect to cloud for some reasons within those secs, it will give an alert "connect to internet......" or cloud error or something.
Yes, there is currently a 3 second timeout.  Is that about right, or should I increase or decrease it?  Thank you!
I think an option would be good. And users can set as per their fast or slow internet connection.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 20, 2018, 07:34:31 pm
Hmmm, interesting, thank you for letting me know.  There must be a reason... what was the VoodooAi score?  Out of curiosity, what was the blacklist scan result?

Can you send me the file?

Now that you mention this... we should consider disabling certain options when VS is on AutoPilot.  When VS is on AutoPilot, all of the file insight mechanisms really should be enabled.  In other words... AutoPilot utilizes the file insight mechanisms to determine whether to automatically allow a file or not... and if the user starts turning off these mechanisms, who knows what could go wrong.

Thank you!
Is this a reply to my post 473?

my post 473
"On one of my systems, I use the following tweaked settings-
Mode - AutoPilot
Advanced Settings
Automatically scan blocked files with the multi-engine blacklist scanner [ Unchecked ]
Rules
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90

Offline i.e internet disconnected or not available, UNSAFE programs are allowed instead of generating alerts."

It happens on any Modes, with the above mentioned tweaks.

As per Rules, programs with Safe and Suspicious verdict should be allowed and programs with Unsafe verdict should generate alerts.
And it works fine online i.e internet connected.

offline i.e internet disconnected, VS gives alert "connect to internet...........".
I don't get this alert and programs with Unsafe verdict are allowed offline i.e internet disconnected, with the above mentioned tweaks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on April 20, 2018, 08:53:39 pm
I noticed a thread on MT where they are mentioning VS and one of the posters says VS can not stop file less attacks although it might stop the payload. Also same poster claims VS has no exploit protection. opcode's post

https://malwaretips.com/threads/av-comparatives-real-world-av-test-for-march-2018.82017/page-4
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 03:33:18 am
Dan,

Two comments:

1-I have VS free , how can I reinstall it if I forgot the password?
2-Relatively often, I have this message: Internet Connection Not Detected!
   What could it be? The firewall is discarded because VS is completely allowed.


Thanks.
Cool... there is not a password for VS Free, just enter your email address and you are good to go.

Hmmm, I am not sure why you are seeing "Internet Connection Not Detected!".  VS uses a built in detection mechanism to first detect if a network connection is connected, then it pings google.  As long as both of these pass, then VS will believe it has a network connection and not display that message.  Are you on wireless, or is there anything else unique about your setup?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 03:34:11 am
Dan,

Is there any time set to connect to cloud for the verdict?
Like couple secs, and if VS cannot connect to cloud for some reasons within those secs, it will give an alert "connect to internet......" or cloud error or something.
Yes, there is currently a 3 second timeout.  Is that about right, or should I increase or decrease it?  Thank you!
I think an option would be good. And users can set as per their fast or slow internet connection.
Sure, we can definitely consider adding an option in the future... it would be super easy to add, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 03:37:21 am
Hmmm, interesting, thank you for letting me know.  There must be a reason... what was the VoodooAi score?  Out of curiosity, what was the blacklist scan result?

Can you send me the file?

Now that you mention this... we should consider disabling certain options when VS is on AutoPilot.  When VS is on AutoPilot, all of the file insight mechanisms really should be enabled.  In other words... AutoPilot utilizes the file insight mechanisms to determine whether to automatically allow a file or not... and if the user starts turning off these mechanisms, who knows what could go wrong.

Thank you!
Is this a reply to my post 473?

my post 473
"On one of my systems, I use the following tweaked settings-
Mode - AutoPilot
Advanced Settings
Automatically scan blocked files with the multi-engine blacklist scanner [ Unchecked ]
Rules
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90

Offline i.e internet disconnected or not available, UNSAFE programs are allowed instead of generating alerts."

It happens on any Modes, with the above mentioned tweaks.

As per Rules, programs with Safe and Suspicious verdict should be allowed and programs with Unsafe verdict should generate alerts.
And it works fine online i.e internet connected.

offline i.e internet disconnected, VS gives alert "connect to internet...........".
I don't get this alert and programs with Unsafe verdict are allowed offline i.e internet disconnected, with the above mentioned tweaks.
Yeah, sorry, that was a reply to your post... I must have forgot to quote it.

This might be easiest... starting with all default settings, can you tell me what settings to change and what steps to take to reproduce this behavior?  Right now I am a little confused, but if you walk me through each step, it should be easy to reproduce, and even easier to fix.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 04:10:38 am
I noticed a thread on MT where they are mentioning VS and one of the posters says VS can not stop file less attacks although it might stop the payload. Also same poster claims VS has no exploit protection. opcode's post

https://malwaretips.com/threads/av-comparatives-real-world-av-test-for-march-2018.82017/page-4
I see what he is saying, and I see where someone would be confused on his wording.  If he were to remove the word "file-less", it would be a less confusing and more accurate statement.

He is talking about exploits... he is NOT talking about fileless malware, which VS will block beautifully.  Hopefully he was not intending to mislead users by making them think that VS cannot mitigate against file-less malware.

He is absolutely correct that VS is not capable of blocking the actual exploit, but VS is capable of blocking the payloads and command lines that the exploit requires to successfully complete the attack.  Because of this, VS has had very strong anti-exploit capabilities for quite some time, since we introduced this method of blocking child processes of vulnerable parent processes (and web apps) a few years ago, and that other security products have adopted.

The only other way to protect against exploits is to do what the specialty anti-exploit products do, like EMET, HMPA, etc.  They utilize specific anti-exploit mechanisms that protect against the 25 or so common exploit techniques, which are listed in the following well written and informative document.

http://www.sophos.si/media/files/000/000/228/original/comprehensive-exploit-prevention-wp.pdf

At some point we might consider adding specific exploit mitigations, but that is far in the future.  And as we have seen with recent attacks the last year or so, even specifically defending against these types of attacks is absolutely no guarantee that the exploit will not succeed, without applying a patch to the security software that mitigates a new attack.  I just believe it is a lot simpler and easier to focus on blocking the payload and command lines.

Opcode mentions "it might stop the payload if the payload is crap but this depends on the payload and the VoodooShield configuration".  I am still waiting for him to provide a non-crap payload that will bypass VS.  I think his words would have a lot more meaning if he were able to do so.  Also, I am not aware of any VS configuration change that would make a bit of difference either way.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 04:27:04 am
Also, because exploits are extremely limited in regards to memory, exploits themselves are required to spawn a payload to do anything "interesting".  And when it does so, VS should block the payload or the command line.  But as with specialty anti-exploit products, there is no guarantee that VS will block all exploits from succeeding and doing something interesting.  The only thing that really matters is if the attack is somehow blocked.

It would be cool to see one in action that successfully bypasses VS and is capable of doing something interesting.  Hopefully Opcode will come up something really cool!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on April 21, 2018, 05:14:05 am
The only other way to protect against exploits is to do what the specialty anti-exploit products do, like EMET, HMPA, etc.  They utilize specific anti-exploit mechanisms that protect against the 25 or so common exploit techniques, which are listed in the following well written and informative document.

http://www.sophos.si/media/files/000/000/228/original/comprehensive-exploit-prevention-wp.pdf

At some point we might consider adding specific exploit mitigations, but that is far in the future.

But that's "enumerating badness", which is what standard (but not very useful) AVs do.

Quote
Opcode mentions "it might stop the payload if the payload is crap but this depends on the payload and the VoodooShield configuration".

WannaCry didn't have a "crap payload", even by today's standards.  How many other anti-malware solutions stopped it?  I'm with Dan on this one: put up or stop talking.  FWIW, the only companion VS is getting is WFC (to stop apps from phoning home) from Binisoft when I get around to installing it.  So even if it does bypass VS, it won't work.

VS.  +1.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on April 21, 2018, 07:03:47 am
I noticed a thread on MT where they are mentioning VS and one of the posters says VS can not stop file less attacks although it might stop the payload. Also same poster claims VS has no exploit protection. opcode's post

https://malwaretips.com/threads/av-comparatives-real-world-av-test-for-march-2018.82017/page-4

yeah, but he's not exactly attacking VS, and that comment is a small fraction of the entire post that's discussing MS, vulnerabilities, and ... 

EDIT: wrote the above before I saw Dan's reply.  But don't really see any need to change it. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 01:51:26 pm

But that's "enumerating badness", which is what standard (but not very useful) AVs do.


Hmmm, I never quite thought of it that way.... but you bring up an interesting point.  I imagine the various specific exploit mitigations are required to perform a vast array of functions, so it might be difficult to apply some form of deny by default mechanism to protect against them.  BUT, I love what you are suggesting, and if it is possible, that would be super, super cool... especially if it was implemented with VS's proprietary toggling feature, so that the mitigations would only be active when necessary, which as we all know from using VS, has the potential to make a technology like you are suggesting user-friendly for the masses.

That is, I imagine that if such mitigations were applied full-time, they would be far from user-friendly.  It reminds me of a time when I had an extended conversation with a potential investor.  He explained to me in a creative analogy what he believed to be the potential Achilles heel of VS when he said something like "For example, if I force my daughter to always stay home and never to any wild parties, she is always going to be safe and healthy.".  For which I replied something like "Well, with VS, your daughter is able to go to the wild parties and have a hell of a time, and at the same time remain safe and healthy."  Needless to say, he did not invest ;).

If he were to have tried VS, he would understand that it is user-friendly for the masses yet secure.

But my point is... I like what you are thinking, and if there is a way to combine something like what you are suggesting with VS's toggling, that might be super cool.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 02:14:51 pm
I noticed a thread on MT where they are mentioning VS and one of the posters says VS can not stop file less attacks although it might stop the payload. Also same poster claims VS has no exploit protection. opcode's post

https://malwaretips.com/threads/av-comparatives-real-world-av-test-for-march-2018.82017/page-4

yeah, but he's not exactly attacking VS, and that comment is a small fraction of the entire post that's discussing MS, vulnerabilities, and ... 

EDIT: wrote the above before I saw Dan's reply.  But don't really see any need to change it.
Yeah, I agree that Opcode is not exactly attacking VS... he even later on in his posts says "Therefore, using an anti-executable solution alongside a reputable, well-made security solution which are both compatible with each other makes perfect sense to me."  So that was pretty cool of him to say, thank you Opcode!

I think if the word "file-less" was absent in the opening sentence, it would be less confusing, and people would not potentially mistakenly believe he is suggesting that VS is not capable of blocking fileless malware.

I really do not want to get involved in another extended exploit discussion...  it is a huge time waster for everyone to discuss complex topics like this, and it would be a lot more productive for people to simply perform tests.  You can speculate all day long, but until you actually perform the tests, you simply do not know they truth.  There are an incalculable number of intricacies that can determine the outcome of the test, and until you test, you will never know.  I think if Opcode were to test VS, he would see how effective it is.  Please do not get me wrong... almost certainly an exploit and payload can be developed that will fully bypass VS... I have just never seen one that is capable of doing so.

But I can tell you what I have seen on multiple occasions... I have seen several different people test various attacks on VS, and they are usually surprised how tough it is.  For example when Black Cipher Security said "CB Defense, Cylance, Voodoo Shield, Eset NOD32, Kaspersky and Bitdefender are tough for sure. But we are working on them ;-) The ones posted so far are easy to get around even when configured for maximum security."

Zoltan from MRG made the most progress out of everyone that I have seen test VS, but even in his tests, VS blocked most of the interesting malicious tools.  And certainly, if he spent a lot more time testing VS, he would almost for sure come up with something that would fully bypass VS.  There is no such thing as 100% bulletproof.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on April 21, 2018, 04:07:02 pm
Sorry but has anyone tried one of these yet?  http://www.foxnews.com/food-drink/2018/04/20/voodoo-doughnut-opening-doughnut-palace-companys-first-east-coast-location.html
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 21, 2018, 05:47:52 pm
Interesting... Voodoo doughnuts sound good ;).

I forgot to mention, since VS is now stable, we will be implementing self-protection soon, and will have a beta in the next week or two for you guys to try.

A dev who is familiar with kernel level coding will be doing the work, and it looks to be pretty straightforward, which is cool, that way it will hopefully be done right the first time.

Have a great weekend, I am going to the park with Gracie ;).

Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 22, 2018, 03:47:54 am
Hmmm, interesting, thank you for letting me know.  There must be a reason... what was the VoodooAi score?  Out of curiosity, what was the blacklist scan result?

Can you send me the file?

Now that you mention this... we should consider disabling certain options when VS is on AutoPilot.  When VS is on AutoPilot, all of the file insight mechanisms really should be enabled.  In other words... AutoPilot utilizes the file insight mechanisms to determine whether to automatically allow a file or not... and if the user starts turning off these mechanisms, who knows what could go wrong.

Thank you!
Is this a reply to my post 473?

my post 473
"On one of my systems, I use the following tweaked settings-
Mode - AutoPilot
Advanced Settings
Automatically scan blocked files with the multi-engine blacklist scanner [ Unchecked ]
Rules
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90

Offline i.e internet disconnected or not available, UNSAFE programs are allowed instead of generating alerts."

It happens on any Modes, with the above mentioned tweaks.

As per Rules, programs with Safe and Suspicious verdict should be allowed and programs with Unsafe verdict should generate alerts.
And it works fine online i.e internet connected.

offline i.e internet disconnected, VS gives alert "connect to internet...........".
I don't get this alert and programs with Unsafe verdict are allowed offline i.e internet disconnected, with the above mentioned tweaks.
Yeah, sorry, that was a reply to your post... I must have forgot to quote it.

This might be easiest... starting with all default settings, can you tell me what settings to change and what steps to take to reproduce this behavior?  Right now I am a little confused, but if you walk me through each step, it should be easy to reproduce, and even easier to fix.  Thank you!
Advanced Settings - Uncheck the option "automatically scan blocked files with the multi-engine blacklist scanner".

Rules - Create a New Ruleset.. attached are the screenshots.

Try the following portable programs.
Dns Jumper - hxxps://www.sordum.org/files/downloads.php?dns-jumper
VidCoder - hxxps://github.com/RandomEngy/VidCoder/releases/download/v2.63/VidCoder-2.63-x64-Portable.exe

Both programs are Unsafe as per VAi.

Offline/Internet Disconnected - VS doesn't generate alerts for not whitelisted programs.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on April 22, 2018, 05:59:35 am
Great catch, thank you ya5hkh4n... it was an easy fix, and will be included in the next release.

What happened was when the network connection was disabled, VS was unable to obtain the VoodooAi results, so it returned a -1 (-1 means there was no VoodooAi result), which is less than 90, so VS allowed the file.  So all I had to do was to tell VS that if the result is -1, to ignore the rule and to not allow the file because of that rule.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on April 22, 2018, 06:15:15 am
Dan,

Always ON - It's the max protection.. so I think it shouldn't turn to OFF mode if the icon is left-clicked and shouldn't turn to install/disable mode when programs are installed, wot you say?

And, why not keep it simple? i.e Safe, Suspicious and Unsafe, no need "Be Careful".

It seems, when the option "automatically scan blocked files with the multi-engine blacklist scanner" is Unchecked, Suspicious Alerts appear in Red color like Unsafe Alerts, Suspicious Alerts should be Purple color, right?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 27, 2018, 01:08:46 am
Dan,

Two comments:

1-I have VS free , how can I reinstall it if I forgot the password?
2-Relatively often, I have this message: Internet Connection Not Detected!
   What could it be? The firewall is discarded because VS is completely allowed.


Thanks.
Cool... there is not a password for VS Free, just enter your email address and you are good to go.

Hmmm, I am not sure why you are seeing "Internet Connection Not Detected!".  VS uses a built in detection mechanism to first detect if a network connection is connected, then it pings google.  As long as both of these pass, then VS will believe it has a network connection and not display that message.  Are you on wireless, or is there anything else unique about your setup?  Thank you!


Dan,

1- I don't understand exactly why if I reinstall from 0, the VS PRO/FREE window does not appear. To achieve it I need to press the Reset Registration button.

2- Yes, I'm in wireless mode, does that cause some problem?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 27, 2018, 01:21:44 am
On the other hand, would there be any possibility of adding a button to reset the blocked threats counter?  ;D

Thank you
Title: Re: VoodooShield v4 STABLE Thread
Post by: Gandalf on April 27, 2018, 01:50:35 pm
On the other hand, would there be any possibility of adding a button to reset the blocked threats counter?  ;D

Thank you
There already is that possibility:
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on April 27, 2018, 09:02:13 pm
Today for the first time I got a warning about a Windows Defender being suspicious. mpsigstub.exe, it was blocked.
Right after that I got a Windows notification that updates were ready and to restart my computer. Should I just whitelist it?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on April 27, 2018, 10:49:29 pm
On the other hand, would there be any possibility of adding a button to reset the blocked threats counter?  ;D

Thank you
There already is that possibility:

Thank you Gandalf!

I did not know it was available only in the PRO version.
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 01, 2018, 12:28:50 am
Hi all ~ apologies if doing this is a terrible forum faux pas, if so don't yell, I promise not to repeat it ~ but I'm referencing my own other post because desperate  :o

OP at https://calendarofupdates.org/index.php?PHPSESSID=ak8sk0dgonsrla6pupvg4a5s42&topic=1898.0

Bottom line: under Windows [7 x64] VoodooShield v4 does not connect to the internet for file upload/analysis or program updates unless run as an Administrator, and for overall security I use a Standard / Limited user account at all times. None of my other security apps have this limitation.

Is it possible to release a version of VS that does not require Admin superpowers? If so, one vote for such from me.

THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on May 01, 2018, 06:34:46 am
Hi all ~ apologies if doing this is a terrible forum faux pas, if so don't yell, I promise not to repeat it ~ but I'm referencing my own other post because desperate  :o

OP at https://calendarofupdates.org/index.php?PHPSESSID=ak8sk0dgonsrla6pupvg4a5s42&topic=1898.0

Bottom line: under Windows [7 x64] VoodooShield v4 does not connect to the internet for file upload/analysis or program updates unless run as an Administrator, and for overall security I use a Standard / Limited user account at all times. None of my other security apps have this limitation.

Is it possible to release a version of VS that does not require Admin superpowers? If so, one vote for such from me.

I run win7x64 in standard / limited user account currently with VS 4.28 and previously with v3.xx, no issues with internet connection and there should not be.  Something is configured atypically on your system, but not sure what that might be, but do not blame VS for this.  Try emailing Dan directly at support at voodooshield dot com
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 01, 2018, 05:04:49 pm
Quote
I run win7x64 in standard / limited user account currently with VS 4.28 and previously with v3.xx, no issues with internet connection and there should not be.  Something is configured atypically on your system, but not sure what that might be, but do not blame VS for this.  Try emailing Dan directly at support at voodooshield dot com

Something may indeed be atypical but since I'm not the only one to report this issue -- search this thread and others -- I doubt it's caused by something unique to me. In addition, SMART mode does not function correctly either: VS will not enable/disable itself (lock/unlock) even though set to that mode, but runs as if ALWAYS ON (blue shield at all times) unless run with Admin creds, in which case all functions are as expected.

I will try emailling, thanks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on May 01, 2018, 08:42:56 pm
This is definitely an error on your system configuration. It could be in permissions, firewall, antivirus, or any number of issues. I see 2 users have reported this. Your original posting of "*UPDATE* VS latest reports" is not the way to label a post asking for help  as this is neither an update to VS or a latest reports. It's a bug post that effects 2 users and is not due to VS. Reinstall Windows 7 is the only guaranteed fix if your level of expertise does not include trouble shooting your system configuration. Not trying to be a jerk. I would contact Microsoft support and they can remote access into your system and fix it for you. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 02, 2018, 12:28:40 am
This is definitely an error on your system configuration. It could be in permissions, firewall, antivirus, or any number of issues. I see 2 users have reported this. Your original posting of "*UPDATE* VS latest reports" is not the way to label a post asking for help  as this is neither an update to VS or a latest reports. It's a bug post that effects 2 users and is not due to VS. Reinstall Windows 7 is the only guaranteed fix if your level of expertise does not include trouble shooting your system configuration. Not trying to be a jerk. I would contact Microsoft support and they can remote access into your system and fix it for you.

Not even VoodooShield is worth reinstalling Windows when absolutely every other aspect of it is working perfectly. And the day I pay somebody at Microsoft to monkey around with my system is... just plain not ever gonna arrive. And I'm comfortable enough with my general ability to troubleshoot my system, which of course doesn't mean I can solve every given issue, which is why I asked for help here with this one. BTW I did email Dan and he was very responsive -- though no fix. Oh well. Back to the sulphur mines of Mizar-5 for me.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 02, 2018, 04:27:28 am
... And the day I pay somebody at Microsoft to monkey around with my system is... just plain not ever gonna arrive.

+ the fact that W7 will cost an arm and a leg being out-ofservice...

Anyway--I'm running W7HPx64 SP1--let's see if we can't do better than M$ :)

First, which flavour of W7?  It does matter.

Second, are you going through a router, or direct-to-modem?

Third, my practice has forever been to install as Admin and (if given the choice) select "For all users".  As a trouble-shooter, I must ask this question: Did you click on "Utility<Use individual settings for each user"?  See the attachment :)  I wish this forum gave us the option to show thumbnails  >:(

You need to be in Admin to set that one, and you will need a restart after.

Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 02, 2018, 04:37:19 am
Today for the first time I got a warning about a Windows Defender being suspicious. mpsigstub.exe, it was blocked.
Right after that I got a Windows notification that updates were ready and to restart my computer. Should I just whitelist it?

I wouldn't bother.  Look at the path structure.  It will probably never be exactly the same again, and VS uses the path structure in its whitelisting.  And, FWIW, Windows Firewall will also probably block its outbound anyway, for exactly the same reason.

EDIT: Backtrack on the CLSID and see if that contains any useful info.  There is a low probability it may form a constant folder path.
END EDIT.
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on May 02, 2018, 05:26:10 am
... And the day I pay somebody at Microsoft to monkey around with my system is... just plain not ever gonna arrive.

+ the fact that W7 will cost an arm and a leg being out-ofservice...

Anyway--I'm running W7HPx64 SP1--let's see if we can't do better than M$ :)

First, which flavour of W7?  It does matter.


Second, are you going through a router, or direct-to-modem?

Third, my practice has forever been to install as Admin and (if given the choice) select "For all users".  As a trouble-shooter, I must ask this question: Did you click on "Utility<Use individual settings for each user"?  See the attachment :)  I wish this forum gave us the option to show thumbnails  >:(

You need to be in Admin to set that one, and you will need a restart after.

That was very gracious of you gorblimey, I tip my hat.
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 02, 2018, 06:24:06 am
... And the day I pay somebody at Microsoft to monkey around with my system is... just plain not ever gonna arrive.

+ the fact that W7 will cost an arm and a leg being out-ofservice...

Anyway--I'm running W7HPx64 SP1--let's see if we can't do better than M$ :)

First, which flavour of W7?  It does matter.

Second, are you going through a router, or direct-to-modem?

Third, my practice has forever been to install as Admin and (if given the choice) select "For all users".  As a trouble-shooter, I must ask this question: Did you click on "Utility<Use individual settings for each user"?  See the attachment :)  I wish this forum gave us the option to show thumbnails  >:(

You need to be in Admin to set that one, and you will need a restart after.

Thanks for your assistance. First, I'm running the same, Win7 HP x64 SP1. Ethernet connection to an AT&T U-Verse modem/router (Arris, with AT&T custom firmware). Second, I have two profiles, Standard (daily) and Admin (for installs/updates) and I'm conversant in the benefits and uses of each. Third, unfortunately I'm using the free version of VS for these tests, so I have no access to any program settings within VS itself (other than running mode, which I leave at Whitelist / Smart). The only rights accesses I have are through Windows per se.

But I have sorta-kinda narrowed the problem down a touch further without actually getting any closer to the cause: there is something in my Standard user profile settings that is cripping VS. I know this because the problem does not occur running the Admin profile, nor does it occur if VS is manually loaded as/by that profile from within a Standard user session, but -- this being the point -- it DOES occur if the Standard profile is changed to Admin and VS is then installed and/or run: no good. Further, if from within the changed, now-Admin daily profile, Vs is manually loaded "as an administrator" it works correctly.

So bottom line: VS works correctly in one profile but not in the other. So far no matter what, running it as my regular daily user profile, whether set to Standard or Admin, cripples it.

What the conflict is I don't know -- is it obvious to anyone? -- but the next logical step would be to create a third user profile and try things from that. We'll see if I have the patience and fortitude for that.

Cheers.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 02, 2018, 08:05:24 am
@BryanB - Thank you for your kind words.  Most people respond well to civil and courteous behaviour.

@JLJ - There's a faint thought wandering around my brain, along the lines of the FREE (aka UNregistered) version will not work for all users.  I missed that in my earlier reply, 'cos I didn't read all of your posts properly.

You could try uninstalling from Admin, then reinstall in your User Account.  (This will test my theory as well as going toward solving your problem :))

EDIT: Don't install "As Admin" within your LUA, just make a non-elevated install.
END EDIT.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on May 02, 2018, 05:39:01 pm
I still think having someone remote logging in to your desktop is the best solution. I hate remote access personally, but when your trying to solve a tech problem it's faster. It doesn't have to be Microsoft, it could be a VS knowledgeable member who could poke around on a temporary remote log-in. Not myself as I lack the Win 7 mutli user account knowledge needed. Best of luck to you and leave out the "check the floppy disk" joke I had for 7 & XP users. Have you tried unplugging it and waiting 30 seconds then plugging it back in?
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 02, 2018, 06:56:30 pm
@JLJ - You could try uninstalling from Admin, then reinstall in your User Account.  (This will test my theory as well as going toward solving your problem :))
EDIT: Don't install "As Admin" within your LUA, just make a non-elevated install.

I've tried every combo pack of uninstalls/wipes/reinstalls and still have the same result. Indeed the very first time I installed VS was from within the LUA. At this point I don't remember if the installer demanded Admin creds or not at the time, but if not it isn't a solution.

The only flavor I haven't tried is reducing the original Admin account rights, but I don't think I want to risk that. Whether or not switching account rights multiple times is what led to the root cause of this issue is beyond my pay grade, but with my luck it's a possibility.

I also tried both taking ownership of the entire VS folder(s) and granting full control rights to my LUA, but neither worked.

The vexing part is that no other related app -- A/V, firewall, et al -- ever had this problem. Indeed my reason for looking into VS is as a quasi-replacement for CryptoPrevent, which used significantly more RAM and seemed to make things a little sluggish (and I'm already a little sluggish thanks to MS' Meltdown mitigations).

Possibly worth noting is this: the app SendAnywhere, which installs to your phone (mine's Android) and PC for wireless file transfer in either direction, had a recent update which caused the app to simply not respond to send/receive commands unless loaded w/ Admin creds. This had not previously been the case. I wrote to the author and he noted it as a widely-reported bug which he would fix in the next release -- and did (fixed version is 8.4.55151.459 -- will try to find previous version number.) The app now functions perfectly from within an LUA. Whether or not there is any fundamental relation to my VS issue I don't know, but the behavior was essentially identical: no ethernet connection w/o Admin rights.

And yes, I've tried turning it off and on again. Thanks, Roy.

So pending your Sudden Insight or me running out of hair to pull out, whichever comes first, seems I'll either jettison VS entirely, take the time to load it manually w/ Admin creds at logon, or try a third profile. THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 03, 2018, 03:36:30 am
Whether or not switching account rights multiple times is what led to the root cause of this issue is beyond my pay grade, but with my luck it's a possibility.
...
So pending your Sudden Insight or me running out of hair to pull out ...

We-e-e-ll, my thinking is that Windows per se isn't the culprit (this bit is hard for me, as I've always considered Windows to be a malware you have to pay for).  However, bits of Windows, and some accessories as well, do misbehave from time to time.  Certainly fiddling with account rights is not to be recommended without a Restore Point in place.  Not just Windows, but any modern OS is sufficiently complex they make race-horses look positively mellowed out.  dotnetnightmare may have a point, as some things are easier fixed by a reinstall--just something to keep in mind, but I'm not sure it's called for ATM.

It would be interesting to check your firewall logs, and see if VS produces a "block" entry when it complains about lack of internet.  You could also check the Ruleset...  FWIW, I just had a surprise on this box, when the Safely Remove applet got caught phoning out to Akamai.  Of course I permanently blocked that behaviour  >:(

And a favourite trouble-shooting tactic is to re-boot into Safe Mode to see what happens.
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 03, 2018, 04:49:38 am
Whether or not switching account rights multiple times is what led to the root cause of this issue is beyond my pay grade, but with my luck it's a possibility.
...
So pending your Sudden Insight or me running out of hair to pull out ...

We-e-e-ll, my thinking is that Windows per se isn't the culprit (this bit is hard for me, as I've always considered Windows to be a malware you have to pay for).  However, bits of Windows, and some accessories as well, do misbehave from time to time.  Certainly fiddling with account rights is not to be recommended without a Restore Point in place.  Not just Windows, but any modern OS is sufficiently complex they make race-horses look positively mellowed out.  dotnetnightmare may have a point, as some things are easier fixed by a reinstall--just something to keep in mind, but I'm not sure it's called for ATM.

It would be interesting to check your firewall logs, and see if VS produces a "block" entry when it complains about lack of internet.  You could also check the Ruleset...  FWIW, I just had a surprise on this box, when the Safely Remove applet got caught phoning out to Akamai.  Of course I permanently blocked that behaviour  >:(

And a favourite trouble-shooting tactic is to re-boot into Safe Mode to see what happens.

Restore points have their uses, I prefer redundant full image backups which have saved my bacon on occasion. VS leaves no trace I can find anywhere in my firewall -- still it seems to function correctly when it... functions correctly... so I've been taking a "You're running the latest version" result of an update check to demonstrate a working connection (esp since it replaces "no connection detected"). I was asked to submit one of the VS logs to Support, which I did, and there are "exceptions" -- or one instance repeated -- noted, which might be clue, culprit and solution path all in one. We shall see. As for reinstalling Windows, the time it takes to do so, update, reinstall applications and get everything set the way you like it is prohibitive, hence the redundant image backups. Simply put: not gonna happen for a single application no matter what it is. I appreciate the help very much, but one must draw the line somewhere. ;-)

I'll try Safe Mode-ing tomorrow and report. THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on May 03, 2018, 06:45:27 am
Quote
I run win7x64 in standard / limited user account currently with VS 4.28 and previously with v3.xx, no issues with internet connection and there should not be.  Something is configured atypically on your system, but not sure what that might be, but do not blame VS for this.  Try emailing Dan directly at support at voodooshield dot com

Something may indeed be atypical but since I'm not the only one to report this issue -- search this thread and others -- I doubt it's caused by something unique to me. In addition, SMART mode does not function correctly either: VS will not enable/disable itself (lock/unlock) even though set to that mode, but runs as if ALWAYS ON (blue shield at all times) unless run with Admin creds, in which case all functions are as expected.

I will try emailling, thanks.

ok, but I have none of those issues with VS on my win7
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on May 03, 2018, 07:06:55 am
@JLJ - You could try uninstalling from Admin, then reinstall in your User Account.  (This will test my theory as well as going toward solving your problem :))
EDIT: Don't install "As Admin" within your LUA, just make a non-elevated install.

 Indeed my reason for looking into VS is as a quasi-replacement for CryptoPrevent,

I wonder if cryptoprevent modified permissions in such a way to cause a conflict with VS? ie, assuming you uninstalled cryptoprevent, was it a full uninstall putting win7 permissions back to default?  Just wondering out loud.  I have no idea of compatibility of cp with VS.  Thinking uninstall cp, reboot, make sure cp is gone, reinstall VS...  But you may have tried this and be well past it...
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 03, 2018, 12:53:13 pm
I wonder if cryptoprevent modified permissions in such a way to cause a conflict with VS?

I was using an early-ish version of CP when I found VS.  I ran VS 3.59  in parallel with CP for several months, then worked out that eventually one of them would have to go, especially as CP was beginning to do things far past merely ownership and permissions.  But running both was--at the time--fault-free.  I don't think they play nice together now but.  And yes, a full-out uninstall would definitely be necessary to put ownership and permissions back again.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on May 03, 2018, 01:05:03 pm
VS leaves no trace I can find anywhere in my firewall -- still it seems to function correctly when it... functions correctly...
...
I'll try Safe Mode-ing tomorrow and report. THX

It's odd VS isn't logged by your firewall.  Maybe not inbound, but certainly a good firewall should be able to log all outbound, allowed and blocked.

How far back do your images go?  Or would that lose too much development?
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 03, 2018, 10:40:04 pm
Re my firewall: apologies, I misspoke -- VS is logged for outbound connections correctly when run with Admin creds -- in other words, as I said, it works correctly when it works correctly. Since it won't recognize the connection at other times there's nothing to log. Sorry for the confusion.

Re CryptoPrevent: yes, it was completely rolled back and uninstalled prior to my first install of VS. If anything is left over I'm not aware of it, though clearly it's not impossible.

Re my image backups: I make one about every two months, so there's not much to lose -- still, I don't think it called for since this one program, however nifty, is the only problematic one.

I'm supposed to see if Support identified something in the logfile in a few days, will report back. THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 12, 2018, 12:51:41 am
Well: no news. No grand discoveries, no lightning bolts of understanding. Sorry, chief. It may just remain one of life's great mysteries: what's wrong with John's machine?

The only thing I can add now, if ever, is that I installed AppCheck 2.5.4.2 alongside VS -- installed it from within the LUA using Admin creds -- and it is working correctly: all internet traffic it requires in either direction is allowed, logged, and successful. So the VS block remains the only such thing. I appreciate all the input along the way. THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: F13Reboot on May 14, 2018, 05:12:55 am
A few days ago, I had the same problem, "Internet connection not detected".
(VS 4.28 free, Win 10 Pro with April Update, default settings firewall). I looked at this forum in the hope that I would find a solution.
 
I did everything that was advisable, set administrator privileges, enabled / disable .NET framework, I spied VS using TCPView and ProcMon for his "internet conversation"  ;D (he saw ("Update check") and not seen at the same time, and there were no clues in the logs) - unfortunately nothing helped. Till this day.

Today I have updated the drivers for the wifi network card and ... it works! VS has regained the ability to connect to the internet. So… JLJ - try to update/reinstall the device drivers with which you connect to the internet. For me it solved the "Internet connection not detected" problem.

/sorry for my quasi-English from the translator  ::)
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 14, 2018, 09:04:11 pm
A few days ago, I had the same problem, "Internet connection not detected".
(VS 4.28 free, Win 10 Pro with April Update, default settings firewall). I looked at this forum in the hope that I would find a solution.
 
I did everything that was advisable, set administrator privileges, enabled / disable .NET framework, I spied VS using TCPView and ProcMon for his "internet conversation"  ;D (he saw ("Update check") and not seen at the same time, and there were no clues in the logs) - unfortunately nothing helped. Till this day.

Today I have updated the drivers for the wifi network card and ... it works! VS has regained the ability to connect to the internet. So… JLJ - try to update/reinstall the device drivers with which you connect to the internet. For me it solved the "Internet connection not detected" problem.

/sorry for my quasi-English from the translator  ::)

Well... maybe. Not sure I want to bother messing with Everything Else That Isn't Broken at this point, esp since (1) all other applications can connect correctly now; and (2) VoodooShield does recognize my connection normally when run with Admin creds. Perhaps after my next full system backup. THX though!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on May 14, 2018, 09:20:58 pm
A few days ago, I had the same problem, "Internet connection not detected".
(VS 4.28 free, Win 10 Pro with April Update, default settings firewall). I looked at this forum in the hope that I would find a solution.
 
I did everything that was advisable, set administrator privileges, enabled / disable .NET framework, I spied VS using TCPView and ProcMon for his "internet conversation"  ;D (he saw ("Update check") and not seen at the same time, and there were no clues in the logs) - unfortunately nothing helped. Till this day.

Today I have updated the drivers for the wifi network card and ... it works! VS has regained the ability to connect to the internet. So… JLJ - try to update/reinstall the device drivers with which you connect to the internet. For me it solved the "Internet connection not detected" problem.

/sorry for my quasi-English from the translator  ::)

Well... maybe. Not sure I want to bother messing with Everything Else That Isn't Broken at this point, esp since (1) all other applications can connect correctly now; and (2) VoodooShield does recognize my connection normally when run with Admin creds. Perhaps after my next full system backup. THX though!

F13Reboot asked for his account to be removed so don't expect a reply back from him.
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on May 14, 2018, 10:34:22 pm
Quote
F13Reboot asked for his account to be removed so don't expect a reply back from him.

That's odd. I think.
Is that odd? or am I just unskilled in the Ways of the Forum?
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on May 15, 2018, 03:38:46 am
JLJ, that was odd, it was not your doing, it's hard to figure for translation software and yes there are people listening here, I think were all old people, it takes awhile to come up with replies.  :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on May 15, 2018, 06:43:44 pm
Quote
F13Reboot asked for his account to be removed so don't expect a reply back from him.

That's odd. I think.
Is that odd? or am I just unskilled in the Ways of the Forum?

We Admins see it and it was at his request.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 18, 2018, 08:00:07 am
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on May 18, 2018, 10:14:13 am
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Working on something new?

CS?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 18, 2018, 06:15:19 pm
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Working on something new?

CS?
Always :).

No idea, and I doubt we will ever know.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on May 18, 2018, 07:13:46 pm
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Working on something new?

CS?
Always :).

No idea, and I doubt we will ever know.
I meant, CS, you mean cruelsister on MalwareTips? Where did you read that?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 18, 2018, 10:26:06 pm
Several people have asked me about this throughout the years, and I did not know either way.

CS suggested that VS was no longer being developed... https://www.youtube.com/watch?v=yDwBxID5C14 (look at the "Nil" comment).

If people are going to start rumors, then we have the right to know if they are who they say they are, because it speaks directly to their credibility.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on May 18, 2018, 10:29:22 pm
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Who knows , All I know is I saw what was a pic of here sahe posted. and in an pri said she did shoe commercials at one time.
She has claimed to work for a bank. And many other things. Like you say she or he remains unknown and that is how she and you like it.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 18, 2018, 10:56:45 pm
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Who knows , All I know is I saw what was a pic of here sahe posted. and in an pri said she did shoe commercials at one time.
She has claimed to work for a bank. And many other things. Like you say she or he remains unknown and that is how she and you like it.
How funny ;).  I admit, it is clever of her to remain a mystery... but I just feel sorry for anyone who might have flirted with her in the past, because it would possibly mean that they were flirting with a dude ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on May 18, 2018, 11:04:55 pm
Several people have asked me about this throughout the years, and I did not know either way.

CS suggested that VS was no longer being developed... https://www.youtube.com/watch?v=yDwBxID5C14 (look at the "Nil" comment).

If people are going to start rumors, then we have the right to know if they are who they say they are, because it speaks directly to their credibility.
I checked the "Nil" comment. It's strange coming from CS as she knows well from Wilders and MalwareTips how active you are and VS development is.

And, you are right, "VS is perhaps the most misunderstood security product on the market".
Many users think, VS is like an antivirus with VT scan.
Many users mention "Suspicious" verdict as FPs.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on May 18, 2018, 11:51:28 pm
Several people have asked me about this throughout the years, and I did not know either way.

CS suggested that VS was no longer being developed... https://www.youtube.com/watch?v=yDwBxID5C14 (look at the "Nil" comment).

If people are going to start rumors, then we have the right to know if they are who they say they are, because it speaks directly to their credibility.
I checked the "Nil" comment. It's strange coming from CS as she knows well from Wilders and MalwareTips how active you are and VS development is.

And, you are right, "VS is perhaps the most misunderstood security product on the market".
Many users think, VS is like an antivirus with VT scan.
Many users mention "Suspicious" verdict as FPs.

Never flirted with her
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 19, 2018, 10:32:32 pm
Several people have asked me about this throughout the years, and I did not know either way.

CS suggested that VS was no longer being developed... https://www.youtube.com/watch?v=yDwBxID5C14 (look at the "Nil" comment).

If people are going to start rumors, then we have the right to know if they are who they say they are, because it speaks directly to their credibility.
I checked the "Nil" comment. It's strange coming from CS as she knows well from Wilders and MalwareTips how active you are and VS development is.

And, you are right, "VS is perhaps the most misunderstood security product on the market".
Many users think, VS is like an antivirus with VT scan.
Many users mention "Suspicious" verdict as FPs.
This is just a small sample.  The funny thing is that no one gets upset at CS for attacking VS and myself out of the blue and without provocation, but yet when I ask the question that has crossed most people's minds, some people get upset.  Yet somehow I am not surprised.  A precedent has been set where it is okay to attack VS and people are simply numb to it.  I guess that is the price one pays for being open, upfront and honest.  Oh well, the truth always comes out in the end.  Seriously.  It really does.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 19, 2018, 10:50:07 pm
Several people have asked me about this throughout the years, and I did not know either way.

CS suggested that VS was no longer being developed... https://www.youtube.com/watch?v=yDwBxID5C14 (look at the "Nil" comment).

If people are going to start rumors, then we have the right to know if they are who they say they are, because it speaks directly to their credibility.
I checked the "Nil" comment. It's strange coming from CS as she knows well from Wilders and MalwareTips how active you are and VS development is.

And, you are right, "VS is perhaps the most misunderstood security product on the market".
Many users think, VS is like an antivirus with VT scan.
Many users mention "Suspicious" verdict as FPs.

Never flirted with her
You may not have, but I imagine that I probably have at some point way back when ;).

And I am certainly not the only one who has been potentially catfished... here is one just from today... https://www.wilderssecurity.com/threads/the-basics-of-manual-malware-identification-and-removal.403791/

She mentions lipstick and people get excited.  The first response on the second page is priceless.  I often questioned whether CS and Umbra were the same person as well.

She might be a female, she might be male, I have no idea and really could care less either way.  My issue is that if someone is going to maliciously attack VS and myself, they are going to be man enough to not hide in the shadows while doing so.

As CS would say... fin.
Title: Re: VoodooShield v4 STABLE Thread
Post by: 17410742 on May 20, 2018, 04:31:03 am
Finally, turned off my VPN to create an account (kept getting flagged as spam IP)

I can finally say how much i love my VoodooShield!

Running a very secure & low system impact profile:

Win 10 / Spring Creators / Completely De-Botnetted / Black Viper / NVT Sys Hardener / O&O Shut Up 10

Sandboxie (Lifetime)
VoodooShield Pro (3yr)
Keyscrambler Premium

Private Internet Access (On the Router)
Cloudflare DNS (On the Router)

HitmanPro as my On-Demand (Although it is actually a HitmanPro.Alert license)

------

Looking forward very much to future updates & the Mobile Security!  ;D

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 20, 2018, 04:38:56 pm
Finally, turned off my VPN to create an account (kept getting flagged as spam IP)

I can finally say how much i love my VoodooShield!

Running a very secure & low system impact profile:

Win 10 / Spring Creators / Completely De-Botnetted / Black Viper / NVT Sys Hardener / O&O Shut Up 10

Sandboxie (Lifetime)
VoodooShield Pro (3yr)
Keyscrambler Premium

Private Internet Access (On the Router)
Cloudflare DNS (On the Router)

HitmanPro as my On-Demand (Although it is actually a HitmanPro.Alert license)

------

Looking forward very much to future updates & the Mobile Security!  ;D
Thank you, I appreciate that!
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on May 20, 2018, 10:38:15 pm
Sorry I have been away... been working on some really cool stuff.

BTW, is CS really a dude?  That shocked me.  Just curious.
Who knows , All I know is I saw what was a pic of here sahe posted. and in an pri said she did shoe commercials at one time.
She has claimed to work for a bank. And many other things. Like you say she or he remains unknown and that is how she and you like it.

I just looked at this post. Looked at the video and comments and do not see anything here where CS said VS is not being developed any longer. I know I am old but I am missing it. I am way to old to get excited over lipstick Dan. I guess I missed put on any threads where CS was bashing VS. I know CS whoever they are very intelligent. She did a bypass for Appguard by using one of the signed cert in protected mode but that would not have worked in locked down mode.
.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on May 20, 2018, 11:25:40 pm
 This is what CruelSister wrote "SecureAPlus and Voodoo Shield (is the latter still being actively developed?) rely too much on AV detection, and thus are prone to true zero day malware. "
 The issue with that is because CS is a security expert and knew that VS is being actively developed 3 months ago when it was posted. 3mths ago was the height of VS 4 releases and actively posted builds where on Wilders, Malwaretips, and Calendar. Also VS does not rely on AV detection and is not prone to zero day malware. 
 It's a veiled stab at Dan that has been ongoing. CS is not misinformed and is not the typical user. When someone of her caliber added "(is the latter still being actively developed?)" when they know for a fact it is, it's like a slap in the face from a once respected expert.
 CS also claims to have bypassed CFW, but then with her expert help, gave the exploits and flaws to the Comodo team. Now CS says it's the best. If CS found flaws in other security software like stated, then is CS good enough to tell the developers so they can fix any exploits? Apparently not! Sounds like the white paint is rubbing of her black hat.
 
Title: Re: VoodooShield v4 STABLE Thread
Post by: scootnod on May 21, 2018, 01:14:49 am
I dont think that VS relies at all upon AV detection. It is a feature to assist and for that matter could be taken out, and we all know it is actively being developed.
Title: Re: VoodooShield v4 STABLE Thread
Post by: scootnod on May 21, 2018, 01:36:50 am
Just like some of these AV testings sites results, some the the security forum regulars you have to wonder who they are and who they are working for. Its like creating a god like alter ego that people don't question and if they do are ostracized or banned.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 21, 2018, 02:07:17 am
This is what CruelSister wrote "SecureAPlus and Voodoo Shield (is the latter still being actively developed?) rely too much on AV detection, and thus are prone to true zero day malware. "
 The issue with that is because CS is a security expert and knew that VS is being actively developed 3 months ago when it was posted. 3mths ago was the height of VS 4 releases and actively posted builds where on Wilders, Malwaretips, and Calendar. Also VS does not rely on AV detection and is not prone to zero day malware. 
 It's a veiled stab at Dan that has been ongoing. CS is not misinformed and is not the typical user. When someone of her caliber added "(is the latter still being actively developed?)" when they know for a fact it is, it's like a slap in the face from a once respected expert.
 CS also claims to have bypassed CFW, but then with her expert help, gave the exploits and flaws to the Comodo team. Now CS says it's the best. If CS found flaws in other security software like stated, then is CS good enough to tell the developers so they can fix any exploits? Apparently not! Sounds like the white paint is rubbing of her black hat.
Exactly.  And I want to thank the VS supporters for not resorting to dirty tricks, I sincerely appreciate that.  In the end, knowing this will make this whole experience that much more rewarding.

"is the latter still being actively developed?" was CS's attempt to persuade users to stop using VS... much like what happens when a brand new forum member signs up and lists VS on their config.  Yet somehow we always kill it in the polls.  Ironic innit? ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 21, 2018, 02:11:18 am
Just like some of these AV testings sites results, some the the security forum regulars you have to wonder who they are and who they are working for. Its like creating a god like alter ego that people don't question and if they do are ostracized or banned.
Totally.  It is disgusting and scandalous.  The only two things that really matter in a security product are 1) Efficacy and 2) Usability, and more often then not, recommendations are not based on these... they are based on an agenda.

I am not going to say anything else about this... I could write a book.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on May 22, 2018, 04:02:07 am
Dan, did you contact CS on this?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on May 24, 2018, 05:07:20 pm
Dan, did you contact CS on this?
Not directly... just my reply to CS on youtube.  I'm not worried about it... hopefully CS will be a little more careful next time.
Title: Re: VoodooShield v4 STABLE Thread
Post by: 17410742 on May 24, 2018, 06:02:00 pm
& here's me, I don't even know who CS is, nor do I care.  ;D

I'm just here for VoodooShield,

Always looking for info on future improvements to the pro version that you have in mind, screenshots of upcoming new releases/technologies, possible beta releases or simply just help with any issues that may turn up - who knows.

VoodooShield Mobile Security is what im currently very much interested in! 8)

Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on May 25, 2018, 11:45:55 pm
All Youtube testers suck IMO as they don't take the time to get to know the products intimately and only judge on what they think they see on the surface.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on May 26, 2018, 10:34:40 pm
Not sure she gets paid like umbra for bypassing software but I am in the dark on this CS -Dan issue.
I know she is highly respected but I have not seen her produce a security product as of yet.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on June 02, 2018, 12:38:15 pm
Ashampoo Office still gets a "bad" flag even uploading to Virustotal didn't help.
I know i can still run it but why flag it when it a legit bought software from a legit firm?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 04, 2018, 03:42:31 pm
So here is 4.29… there were some massive optimizations and a few new really cool features.  Do you guys remember all of the times that I have said that once VS is stable, I was going to add self-protection and many, many usability optimizations?  Well, it is finally ready.

This is technically a beta version, although I really think the only thing that might have any issues at all is the new self-protection feature, but I tested the heck out of it, so I think we are good to go.

You can install over the top of 4.28, or uninstall, reboot and reinstall… it should not matter either way.

New features

- Self-Protection utilizing ObRegisterCallbacks in the driver.  BTW, the self-protection may not activate until the computer is rebooted after installation. 

- Many, many new optimizations that will further reduce unnecessary blocks

- Editable Vulnerable Process List… Keep in mind ALL Windows files / components are covered under this feature, with the exception of 5 that are not vulnerable.  I was going to add all of these to the list, but it would be a massive list of thousands of files… but trust me, they are on the list.  You can always try to add a vulnerable windows executable, and VS should tell you that it is already on the list.  This new feature is found in VoodooShield Settings / Advanced.

- Security Postures… this is the feature that I am most excited about.  Ever since we started scanning child processes of whitelisted parents at the very beginning of VS 4.0 development, the number of unnecessary blocks increased somewhat significantly.  But the question is… what is the best way to balance usability and security?  A lot of people love the concept of VS, but it might have been a little too aggressive for them… well, this new feature fixes that.  Anyway, I think you guys will really like all of the new features, especially this one.  This new feature is found in VoodooShield Settings / Basic.  Please click in the “About Security Postures” in the top right of this tab and let me know if you guys think the checks are about where they should be.  I honestly NEVER receive any unnecessary blocks, even though I have to reset my whitelist on a daily basis… so I had to kind of guess on these parameters.  But either way, they can easily be tweaked.

www.voodooshield.com/Download/InstallVoodooShield429beta.exe

SHA256: 91cdc0f33f6d519a6bae1b9668aba329b517cae46517872e833e46ad11cc8eeb

Thank you guys... I will catch up on pm's and anything else that I missed asap!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on June 04, 2018, 07:39:39 pm
@Dan Uninstalled VS and installed the beta without reboot. All seems to work fine atm.(Win 7 64bit)

I was able to sort the anti-exploit programms so that you could only see 3mm from the first programm on the list.
Which could confuse people ^^. Is there any way that the list can get an extra window like the whitelist editor?
Reading and scrolling in such a small window makes it hard to get "the whole picture" when you only can see 5 items at a time.




Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on June 05, 2018, 12:28:30 am
Thank you @Dan... I have installed VS 4.29. I will holler if I find anything out of the norm.   ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on June 05, 2018, 02:54:02 am
3 hours in...many reboots...all is fine.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 05, 2018, 06:36:12 am
So here is 4.29…

www.voodooshield.com/Download/InstallVoodooShield429beta.exe

SHA256: 91cdc0f33f6d519a6bae1b9668aba329b517cae46517872e833e46ad11cc8eeb
issed asap!

interesting FWIW, running chrome with malwarebytes browser extension, and mb REALLY tries hard to block me from downloading 4.29.  "Bad Reputation" yadi yadi yahah!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on June 05, 2018, 10:06:00 pm
Dan..this is a ass kick'n version and thank you!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on June 06, 2018, 04:50:33 am
the 'Anti-Exploit/Vulnerable Protected Applications box seems to be glitching. I cant see all the words and they seem to be obscured
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 06, 2018, 05:04:05 am
installed 4.29 over 4.28 no problem with that, was working aok, left the computer idle for a few hours, returned and saw that vs had crashed on my win7x64.  Restarted vs about 10 min ago, and as I'm sitting here typing this message with chrome browser vs crashed again.  Will check logs and send them to Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 05:33:57 am
Dan..this is a ass kick'n version and thank you!!
Thank you, I appreciate that!  Yeah, after several years, things are finally coming together ;).  Who would have thought it would have been so difficult to make a simple toggling desktop shield gadget / computer lock? ;)

Thank you guys for the bug reports... they were all super quick fixes.  Sorry I have not had time to respond to you guys individually or to the PM's, but I really will catch up soon.  Also, if anyone from the other security forums would like me to extend their licenses, I certainly will.  Just email me at support at voodooshield.com and I will set you up. 

I think once you guys start using the VoodooShield Security Posture feature, you are really, really going to like it.  I added a new Security Posture called "Silent".  This SP is probably not recommended if VS is the only security software running on your system, but if you have a quality AV running, you might consider using the Silent SP.  BTW, if you are using the Silent SP and encounter ANY prompts at all, please let me know.

Here is 4.30... I think it is ready for release, but please let me know if you guys find anything before I release it in a couple of days.

http://www.voodooshield.com/Download/InstallVoodooShield430.exe

SHA256:    7c42d469b8160d778747570f643e74f0f62a7090fd815f7e9921104c9165c506

As far as our development roadmap is concerned... I am going to take a couple of weeks break from coding and try to figure out what direction to take VS.  I was going to create VoodooShield Silent as a standalone product, but as Andi mentioned in post #405 "Dan, what's the point to spend your time on build "not so good" product?".  And that made a lot of sense to me... VoodooShield has always been about not compromising, so thank you Andi!  But now we at lease have the Silent SP option, just in case some users want to use it.  I know I talked about implementing a behavior blocker into VS, but after trying several different BB products and talking to several different people, I have decided to not implement a BB... it is not a rabbit hole that I want to go down.  Besides, we do not want to compete with other security products, we want to complement them.  I am thinking that our next step will be to redesign and simplify the gui.  If you guys have any suggestions on what you think our next step should be, please let me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 05:39:16 am
installed 4.29 over 4.28 no problem with that, was working aok, left the computer idle for a few hours, returned and saw that vs had crashed on my win7x64.  Restarted vs about 10 min ago, and as I'm sitting here typing this message with chrome browser vs crashed again.  Will check logs and send them to Dan.
Hmmm, very odd, I am not seeing the error in the error reporting logs, can you please send me your logs and I will take a look?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 05:39:40 am
the 'Anti-Exploit/Vulnerable Protected Applications box seems to be glitching. I cant see all the words and they seem to be obscured
This is fixed btw ;).  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 06, 2018, 06:51:14 am
installed 4.29 over 4.28 no problem with that, was working aok, left the computer idle for a few hours, returned and saw that vs had crashed on my win7x64.  Restarted vs about 10 min ago, and as I'm sitting here typing this message with chrome browser vs crashed again.  Will check logs and send them to Dan.
Hmmm, very odd, I am not seeing the error in the error reporting logs, can you please send me your logs and I will take a look?  Thank you!

sent the logs, thanks for the immediate feedback! glad you could easily spot my snafu,  did what you suggested, ie, uninstalled 4.29 totally, then installed 4.30. so far all good.  if I understood your above post, also running in Silent SP.  It seems the default is Aggressive. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 06, 2018, 11:03:15 am
Thanks Dan for all your hard work.

Installed 4.29 over the top. Win 8.1 Pro. All seems to be running ok since yesterday.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:33:32 pm
installed 4.29 over 4.28 no problem with that, was working aok, left the computer idle for a few hours, returned and saw that vs had crashed on my win7x64.  Restarted vs about 10 min ago, and as I'm sitting here typing this message with chrome browser vs crashed again.  Will check logs and send them to Dan.
Hmmm, very odd, I am not seeing the error in the error reporting logs, can you please send me your logs and I will take a look?  Thank you!

sent the logs, thanks for the immediate feedback! glad you could easily spot my snafu,  did what you suggested, ie, uninstalled 4.29 totally, then installed 4.30. so far all good.  if I understood your above post, also running in Silent SP.  It seems the default is Aggressive.
Cool thank you... it looks like the issue was caused by some code in the VoodooShieldService that automatically cleans up the whitelist by searching for each item that is in the current whitelist, to see if the file still exists, and if not, removes it from the whitelist.  I put this code in the service a while back so that the gui did not have to perform this task, but it looks like VS crashed because the gui and service tried to modify the whitelist database at the same time.  I did find the error in the error reporting logs... it was late and I was looking at the wrong version number ;).  This error is extremely uncommon and there are several ways to fix it, and I will do that today for the next release.

BTW, the biggest complaint that I commonly hear about VS is this... "VS is great unless your computer is already infected... make sure your computer is clean before you install VS, or you are screwed.  As a matter of fact, VS becomes a malware protector".  Well, this is not true at all.  If malware is running on a system and a user installs VS, it will inadvertently / temporarily whitelist the malware, but once the malware is detected and removed by whatever malware removal tool you use, VS will remove this item from the whitelist automatically.  And VS certainly does not protect the malware.

As I always say... "if you have a cold, that does not mean that you should not get a flu shot" ;).  I was on a conference call recently with a few very smart people and I gave them my flu shot analogy, and they did not understand it, but I think you guys will ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:33:56 pm
Thanks Dan for all your hard work.

Installed 4.29 over the top. Win 8.1 Pro. All seems to be running ok since yesterday.

David
Very cool, thank you David!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:34:35 pm
3 hours in...many reboots...all is fine.
Very cool, thank you Schank873-2!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:36:19 pm
So here is 4.29…

www.voodooshield.com/Download/InstallVoodooShield429beta.exe

SHA256: 91cdc0f33f6d519a6bae1b9668aba329b517cae46517872e833e46ad11cc8eeb
issed asap!

interesting FWIW, running chrome with malwarebytes browser extension, and mb REALLY tries hard to block me from downloading 4.29.  "Bad Reputation" yadi yadi yahah!!!
Oh the irony.  I tried to contact MB to report the FP, but I was not able to figure out how without becoming a member of their forum... and as you guys know, the last thing I want to do is join another security forum ;).  If anyone knows how to report a FP to MB, please let me know, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on June 06, 2018, 02:36:25 pm
I am thinking that our next step will be to redesign and simplify the gui.  If you guys have any suggestions on what you think our next step should be, please let me know!
Redesign and Simplify the GUI would be good.

VoodooShield has advanced modes and options. It can be used standalone. I use VS only. I am sure many others too.
I think, an option to register VoodooShield in Security Center would be good, it will disable Windows Defender.
wot you say?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:43:25 pm
All Youtube testers suck IMO as they don't take the time to get to know the products intimately and only judge on what they think they see on the surface.
Yeah, YouTube tests should be taken with a grain of salt, especially when the tests only consists of copying a bunch of malware to the desktop and executing them, or simply modifying malware with Notepad++ to turn them into a simulated zero day.  I think a test like this helps to demonstrate a products detection capabilities, but does nothing to demonstrate its actual protection capabilities.  Then again, VS should perform well at such a test, so I really should not complain ;).  Thank you TH!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:47:26 pm
Not sure she gets paid like umbra for bypassing software but I am in the dark on this CS -Dan issue.
I know she is highly respected but I have not seen her produce a security product as of yet.
I just think that people should be very, very careful what they say and be certain that what they are saying is true, if they want to be a respected member of the security community.  I have absolutely no problem with someone bashing VS if what they are saying is true... because if it true, then I will fix it.  Critics of any security software should spend one day walking in a devs shoes.  And this is not about my supposed pride in VS... it is about respect for the truth.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:53:31 pm
Ashampoo Office still gets a "bad" flag even uploading to Virustotal didn't help.
I know i can still run it but why flag it when it a legit bought software from a legit firm?
This is interesting... that is a super high VoodooAi score for a legit product.  Can you please post a link to the actual installer for this product so I can check it out?  BTW, you won't get this prompt if you enable the setting in VS to automatically allow all software from the program file folders.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:54:06 pm
@Dan Uninstalled VS and installed the beta without reboot. All seems to work fine atm.(Win 7 64bit)

I was able to sort the anti-exploit programms so that you could only see 3mm from the first programm on the list.
Which could confuse people ^^. Is there any way that the list can get an extra window like the whitelist editor?
Reading and scrolling in such a small window makes it hard to get "the whole picture" when you only can see 5 items at a time.
This is fixed in 4.30, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 02:56:03 pm
Thank you @Dan... I have installed VS 4.29. I will holler if I find anything out of the norm.   ;D
Very cool, thank you ssherjj!

BTW, I have some other stuff to catch up on, then I will respond to the pm's and look further back into this thread to see if I missed anything.  I think there are a couple of license extensions I need to do in the PM's, and I will do them asap, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on June 06, 2018, 06:53:08 pm
Thank you Dan for your hard work. Installed V 4.30 over the top and so far working great!
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on June 06, 2018, 07:14:14 pm
I have installed V 4.30 after uninstalling V 4.29. Working great. Very good hard work, bravo Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 08:40:04 pm
Thank you guys, I appreciate that! 

Also, I just finished fixing the bug that simmerskool reported, and also noticed a bug in the blacklist scan... it is fixed as well.

So we will wait a day or two and see if any other bugs appear, and then fix those, then release 4.3x to the public.

In the interest of clearing up some confusion... the new self protection feature has nothing to do with an old self protection feature that I played around with a year ago or so.  The new self protection feature utilizes an ObRegisterCallback in the driver (I thought I had mentioned this, but I guess not ;))... it is the method that most security software uses for self protection.  Anyway, we started the new self protection feature on April 21, 2018 at 9:52am... so it took around 6 weeks, but that also included all of the other features I added.

I really appreciate you guys believing in and sticking with VS and I all these years.  When we first started, we thought VS would be a 6 month project tops.  We had no idea what we were in for... I mean really, how hard is it to create a user-friendly toggling desktop shield gadget ;).  It was certainly a rough road, although several years from now, I am certain those will be the most memorable moments.

In the end, the only thing that matters is that we are in an amazing place now.  So thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 06, 2018, 08:44:02 pm
Cool, thank you... yeah, I really want to simplify and modernize the gui... I will probably hire a graphic designer to help.  Yeah, I think VS would be a great addition to the Security Center... I will look into that as well.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on June 06, 2018, 09:58:22 pm
I have installed V 4.30 over the top of the previous build and I have seen no problems as yet thankfully.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 06, 2018, 10:29:06 pm
So here is 4.29…

www.voodooshield.com/Download/InstallVoodooShield429beta.exe

SHA256: 91cdc0f33f6d519a6bae1b9668aba329b517cae46517872e833e46ad11cc8eeb
issed asap!

interesting FWIW, running chrome with malwarebytes browser extension, and mb REALLY tries hard to block me from downloading 4.29.  "Bad Reputation" yadi yadi yahah!!!
Oh the irony.  I tried to contact MB to report the FP, but I was not able to figure out how without becoming a member of their forum... and as you guys know, the last thing I want to do is join another security forum ;).  If anyone knows how to report a FP to MB, please let me know, thank you!

mb_browser_extension was blocking your URL if I was not clear.  their popup said "bad reputation" did the same when I tried to DL 4.30.  Shouldn't mb know better or this was deliberate??
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on June 06, 2018, 11:52:41 pm
Dan, Can you peak here and post something here about 'dereks' question on notifications?
https://www.dslreports.com/forum/r31988981-App-Update-EDIT-VoodooShield-v4-30-STABLE-Released
Title: Re: VoodooShield v4 STABLE Thread
Post by: Darek on June 07, 2018, 03:30:53 am
Yeah... there is not any notification about new version since 4.29.

But it was working before.

Is it not working now?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 07, 2018, 05:11:27 am
I have installed V 4.30 over the top of the previous build and I have seen no problems as yet thankfully.
Very cool, thank you for letting me know... we are almost there!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 07, 2018, 05:20:02 am
So here is 4.29…

www.voodooshield.com/Download/InstallVoodooShield429beta.exe

SHA256: 91cdc0f33f6d519a6bae1b9668aba329b517cae46517872e833e46ad11cc8eeb
issed asap!

interesting FWIW, running chrome with malwarebytes browser extension, and mb REALLY tries hard to block me from downloading 4.29.  "Bad Reputation" yadi yadi yahah!!!
Oh the irony.  I tried to contact MB to report the FP, but I was not able to figure out how without becoming a member of their forum... and as you guys know, the last thing I want to do is join another security forum ;).  If anyone knows how to report a FP to MB, please let me know, thank you!

mb_browser_extension was blocking your URL if I was not clear.  their popup said "bad reputation" did the same when I tried to DL 4.30.  Shouldn't mb know better or this was deliberate??
Yeah, I knew what you meant ;).  I doubt it was deliberate, but they certainly know about VS.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 07, 2018, 05:21:34 am
Yeah... there is not any notification about new version since 4.29.

But it was working before.

Is it not working now?
Hey Darek, nice to meet you!  Once we release VS to the public, it will auto update... these are just betas.  We will be releasing it soon.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 07, 2018, 06:16:43 am
hummm 4.30 crashed while using chrome in vpn.  Looks (feels) like the crash I had yesterday with 4.29 under similar circumstances.  4.30 was a clean install.  Perhaps a tad unclear (to me) whether 4.30 fixed the 4.29 crash or you saw issue in my 4.29 crash logs and the fix is coming with 4.31?  In any event sending you the 4.30 crash logs, should be short list.  was running win7x64 in Silent SP.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on June 07, 2018, 09:17:57 pm
Nothing to report. Upgrade to 4.30 looks nice.

Questions: How often is the whitelist scanned/cleaned for orphans? Is the command line list scanned as well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on June 08, 2018, 03:12:19 am
Updated to 4.30 over the top of 4.29. No issues or freezes. Running great on my system.

Thank you @Voodooshield! @Dan! beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: jerzy6012.50 on June 08, 2018, 08:21:50 am
updated to version 4.30 works on my Windows 8.1 system
no problem.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 08, 2018, 11:14:13 am
Updated 4.3 over 4.29. No problems encountered to date.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: 17410742 on June 08, 2018, 11:42:16 am
4.30 installed over 4.28 - No issues so far.

Really excited about the new version, however i still dont like that double clicking the VS tray icon doesn't just load up the app, it would be nice if it did like every other software. (would be even better if it loaded up a status more-friendly-front-page GUI too rather than just a settings page)  8)

& im still eagerly waiting VoodooShield Mobile Security! ;D

Intrigued to see how it compares to my current Drweb Security Space as that offers everything from call blocking/anti theft etc  :P

VoodooShield is going in the right direction, 3yr Pro all the way! TEAM DAN.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 08, 2018, 04:06:06 pm
4.30 installed over 4.28 - No issues so far.

Really excited about the new version, however i still dont like that double clicking the VS tray icon doesn't just load up the app, it would be nice if it did like every other software. (would be even better if it loaded up a status more-friendly-front-page GUI too rather than just a settings page)  8)

& im still eagerly waiting VoodooShield Mobile Security! ;D

Intrigued to see how it compares to my current Drweb Security Space as that offers everything from call blocking/anti theft etc  :P

VoodooShield is going in the right direction, 3yr Pro all the way! TEAM DAN.

Just Right Click on the Tray Icon and click on VoodooShield Settings! Double Clicking on the Tray Icon is a feature to temporary turn VS off.



Title: Re: VoodooShield v4 STABLE Thread
Post by: 17410742 on June 08, 2018, 08:55:06 pm
In autopilot mode, double clicking the tray icon does nothing T.H so I think it should just load up the app.

It's no big deal I know, just a little request. 😁
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on June 09, 2018, 01:23:54 pm
... yeah, I really want to simplify and modernize the gui... I will probably hire a graphic designer to help.

I've included a screenshot of WFC About as well as VS.  The VS alert has been played with.  Alex's alerts do do the job,  but VS alerts are more noticeable and easier (mostly) to read.  This is because Alex uses a small font size to display quite a bit of information.  OTOH, Alex does organise his alerts into logical sections.

Ummmm.  The GUI schema is no problem for me, I'm old enough to remember some really klunky UI schemes.  I did appreciate the ability to mod some colours but.  In my attachments, please note I'm using the Windows Classic Desktop which is no longer natively available on W8 and W10, youse will need to download Classic Desktop™.  I mention this because both you and Alexandru seem to use Windows Desktop settings, which enables me to get that parchment paper and green ink.

HOWEVER.  VS alerts are too bitty, and and information seems to be very shy about coming forward, in a visual sense.  First, I would start with font selection, and we want a font which passes the "OIl" test: paste this string into your fave notepad: "O-0 I-1-l", then change the display font until all characters look different.  Most fonts happily make O and 0 look similar, and ditto with I1l.  And watch for fancy serif fonts that play funny with numerics.  And some fonts are easier to read than others, glyphs have better spacing.

Second, the standard VS alert does not use colours intelligently.  Proper colour selection can make information jump off the page.  It is important to keep in mind that most users are mentally in a distant galaxy when alerts are generated--it's equivalent to the fire alarm going off at 3am :(

FWIW, "Forms Design" made up a substantial part of my System Design course back in the '70s.  We were being taught how to include humans in the IT process... 

Quote from: Telos link=https://malwaretips.com/threads/voodooshield-discussion.63827/post-688380
Not a bug, but I was wondering if it would be a big thing to have a resizable GUI that could be maxed to view screen dimension. That would reduce the need to scroll the whitelist, etc..

A resizeable GUI is highly desirable.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 10, 2018, 10:53:59 pm
Hey Guys, sorry I have been away… I got carried away again, but I think you guys will really like how it turned out.  I really will catch up on PM’s, emails and posts asap… sorry for the delay, I should be able to do so tonight or tomorrow at the latest.

A couple of people requested that I add a double click event to the tray icon and to the desktop shield gadget to open settings.  It made perfect sense to me… I mean really, if you are going to double click on VS or the tray icon, all that would do is toggle VS OFF, then ON again, which accomplishes nothing.  So anyway, thank you guys for the recommendation!  The implementation was a little more difficult than I envisioned, but I am very happy how it turned out.  The only downside is that there is a 0.5 second delay when the user clicks on the desktop shield gadget or tray icon, before it toggles, but it is not bad at all.  The reason there is a delay is because VS is waiting to see if there will be a second click or not, based on the user’s double click speed as specified in the control panel.

Also, I totally reworked all of the right click menu items… I mean completely.  Please check out the old “Display simple right click menu” option in UI Tweaks and let me know which you guys think we should set as default.

There will almost certainly be a few minor GUI glitches, but they will be super easy to fix… just let me know what is acting up and I will take care of it.  Once we get any new gui kinks worked out, I am going to focus heavily on VS’s Silent and Relaxed Postures… there are some seriously cool things we can do with them.
BTW, if VS is the only security product you have installed, please make sure you only use the Aggressive Security Posture for now.  It is going to take a month or two to write the rules and get it where it really needs to be.  But if you are running other effective security software as well, it should do really well.

SHA-256: c6d922e8bf86f9aa3fdec2a6126a252b838fd8b1df449e428a35c81a3f6d4251

http://www.voodooshield.com/Download/InstallVoodooShield431.exe

Thanks again guys, I really hope to catch up very soon 😉.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on June 11, 2018, 06:56:03 am
VS 431 clean install running fine on Win 10 Pro 64 Bits. VS + Windows Firewall.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 11, 2018, 07:32:24 am
clean install of 4.31 on win7x64.  4.30 had been crashing here, perhaps a conflict with my vpn client, ie, 4.30 would have crashed by now since the time I've been online at cou tonight, but happy to report that 4.31 is cohabiting with vpn and chrome 67 so far so good.  and perhaps the bug was unrelated to vpn, in any event, very good.  first look at right click gui, works for me, but need to play some more.  Left setting settings default, smart | aggressive.  thanks, Dan!
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on June 11, 2018, 04:46:22 pm
I really like what you have done with the right click menu Dan. This version Rocks.

Still not sure how the Voodooshield mode and Security Posture intermingle.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on June 11, 2018, 05:57:10 pm
Thank you! Just got it installed and can't wait to check things out. beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on June 11, 2018, 06:46:46 pm
Clean install of 4.31 on both win 10. Laptop and desktop working very smoothy, no problem at all with Sophos Home Premuim, Glasswire Elite and Win Patrol plus.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on June 11, 2018, 07:12:31 pm
Thank you, I have just installed it over the top of the previous build with no problems. I love the look of it already.
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on June 11, 2018, 08:43:46 pm
Hi Dan,

I updated from 4.30 to 4.31 and have not experienced any issues.

I would like to point out one anomaly. When I go to the Registration page and click on the Confirm Registration button, I get a popup window with some error messages (see attached screenshot). Then, when I click OK, the VS interface has the Windows 10 equivalent of an hourglass and I am unable to interact with anything. If I right-click on the VS button on the Windows 10 taskbar, I am able to close the VS interface. Despite this, VS stays up and running. No harm, no fowl. I just wanted to bring it to your attention.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 12, 2018, 10:40:00 am
Win 8.1 Pro.
Installed 4.31 over 4.3. All running smoothly.

Just a couple points. Double click on TB icon only brings up VS on the taskbar. I expected it to come up as a window. I had several VS windows running before I realised what was happening.

Second it would be helpful if the right click on the icon included an option to open VS for those who prefer to do it that way.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on June 12, 2018, 02:26:42 pm
You can right click on either the desktop icon or tray and select Voodooshield settings. Otherwise I am not sure what you are trying to say.
Title: Re: VoodooShield v4 STABLE Thread
Post by: frowner on June 12, 2018, 05:09:37 pm
Hi with latest 4.31 what is happening twith the color blue or red, does not seem to change color for being on or off?
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 12, 2018, 05:26:50 pm
Nice job Dan.
IMO very user friendly! 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:44:09 am
Nothing to report. Upgrade to 4.30 looks nice.

Questions: How often is the whitelist scanned/cleaned for orphans? Is the command line list scanned as well.
Hey Telos, how are you?  The whitelist is cleaned every time VS is started, but the command list list is not yet... that might be kinda tricky to do so.  thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:45:58 am
4.30 installed over 4.28 - No issues so far.

Really excited about the new version, however i still dont like that double clicking the VS tray icon doesn't just load up the app, it would be nice if it did like every other software. (would be even better if it loaded up a status more-friendly-front-page GUI too rather than just a settings page)  8)

& im still eagerly waiting VoodooShield Mobile Security! ;D

Intrigued to see how it compares to my current Drweb Security Space as that offers everything from call blocking/anti theft etc  :P

VoodooShield is going in the right direction, 3yr Pro all the way! TEAM DAN.
Very cool, thank you!  BTW... the new double click feature is working even better in the new version I am about to post (4.32).  There were a couple of minor bugs but they are fixed now.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:47:56 am
... yeah, I really want to simplify and modernize the gui... I will probably hire a graphic designer to help.

I've included a screenshot of WFC About as well as VS.  The VS alert has been played with.  Alex's alerts do do the job,  but VS alerts are more noticeable and easier (mostly) to read.  This is because Alex uses a small font size to display quite a bit of information.  OTOH, Alex does organise his alerts into logical sections.

Ummmm.  The GUI schema is no problem for me, I'm old enough to remember some really klunky UI schemes.  I did appreciate the ability to mod some colours but.  In my attachments, please note I'm using the Windows Classic Desktop which is no longer natively available on W8 and W10, youse will need to download Classic Desktop™.  I mention this because both you and Alexandru seem to use Windows Desktop settings, which enables me to get that parchment paper and green ink.

HOWEVER.  VS alerts are too bitty, and and information seems to be very shy about coming forward, in a visual sense.  First, I would start with font selection, and we want a font which passes the "OIl" test: paste this string into your fave notepad: "O-0 I-1-l", then change the display font until all characters look different.  Most fonts happily make O and 0 look similar, and ditto with I1l.  And watch for fancy serif fonts that play funny with numerics.  And some fonts are easier to read than others, glyphs have better spacing.

Second, the standard VS alert does not use colours intelligently.  Proper colour selection can make information jump off the page.  It is important to keep in mind that most users are mentally in a distant galaxy when alerts are generated--it's equivalent to the fire alarm going off at 3am :(

FWIW, "Forms Design" made up a substantial part of my System Design course back in the '70s.  We were being taught how to include humans in the IT process... 

Quote from: Telos link=https://malwaretips.com/threads/voodooshield-discussion.63827/post-688380
Not a bug, but I was wondering if it would be a big thing to have a resizable GUI that could be maxed to view screen dimension. That would reduce the need to scroll the whitelist, etc..

A resizeable GUI is highly desirable.
Very cool, thank you for your input and ideas, this will be very helpful when we redesign the gui.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:49:31 am
Hi Dan,

I updated from 4.30 to 4.31 and have not experienced any issues.

I would like to point out one anomaly. When I go to the Registration page and click on the Confirm Registration button, I get a popup window with some error messages (see attached screenshot). Then, when I click OK, the VS interface has the Windows 10 equivalent of an hourglass and I am unable to interact with anything. If I right-click on the VS button on the Windows 10 taskbar, I am able to close the VS interface. Despite this, VS stays up and running. No harm, no fowl. I just wanted to bring it to your attention.
Thank you for letting me know... this is fixed in 4.32!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:50:14 am
Win 8.1 Pro.
Installed 4.31 over 4.3. All running smoothly.

Just a couple points. Double click on TB icon only brings up VS on the taskbar. I expected it to come up as a window. I had several VS windows running before I realised what was happening.

Second it would be helpful if the right click on the icon included an option to open VS for those who prefer to do it that way.

David
I think other people answered your question, but if not, please let us know, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:51:10 am
Hi with latest 4.31 what is happening twith the color blue or red, does not seem to change color for being on or off?
Hi, nice to meet you... yeah, I noticed that too.  It is fixed in 4.32, but if you still encounter this issue, please let me know!  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 03:53:48 am
Thank you simmerskool, ssherjj, jerzy6012.50, djg05, TH, ya5hkh4n, simmerskool, boredog, vonvon, Jasper The Rasper and schmidthouse... and everyone else!

Here is 4.32... there were 4-5 bug fixes and I added a couple of small new features you guys will notice immediately.  But mainly this version was focused on refining the right click menu and double click feature.

http://www.voodooshield.com/Download/InstallVoodooShield432.exe

SHA256: e840bd1fae4990e4334a3abd7d31fead17ad01df607b0f65ce3c50e9baaae9c0

This should be ready for public release, but if you guys find anything, please let me know.  Thank you guys!

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 13, 2018, 05:17:29 am
BTW, I think I am finally caught up on all of the posts, PM's, emails and subscription extensions, but if I missed anything, please let me know.  Thank you guys for all of your help throughout the years!
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 13, 2018, 06:29:11 am
uninstalled 4.31 completely, installed 4.32, went smoothly as usual.  been having some issues perhaps related to the vpn service I use, and Dan is looking into it as he has time. THANKS
the "small new features" that Dan added to 4.32... I have not stumbled across them yet, but just did a quick skim of settings.  are "notice immediately" and "very obvious" synonyms? One person's obvious is another person's oblivious :-) 
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 13, 2018, 10:53:33 am
You can right click on either the desktop icon or tray and select Voodooshield settings. Otherwise I am not sure what you are trying to say.

Seems that no one understands my message.

Have just installed 4.32 over the top of 4.31 and the problem is still there.

I'll try again. If I double click on any other icon in the sys tray then it will open a window on the screen. This does not happen with VS. It does load it but is minimised to the task bar. So for new users it may be confusing since it is not following convention. I do run the taskbar hidden and that might be causing the problem.

Hope you can understand this.

David

Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 13, 2018, 11:10:36 am
Hi Dan,

I notice two minor issues with v4.31, one cosmetic and one practical...

For first, look at the picture and second is when a user manually checks for an update, the message window appears beneath the open Voodoo window so it is hidden until user close or move the main window. I wait and wait for a response of update and when I give up and close main Voodoo window, then I saw that notification is already there!

Edit: and 4.31 won't recognize that there is 4.32 version and says "You are running the latest version..."

Title: Re: VoodooShield v4 STABLE Thread
Post by: Askmark on June 13, 2018, 12:13:08 pm
I'll try again. If I double click on any other icon in the sys tray then it will open a window on the screen. This does not happen with VS. It does load it but is minimised to the task bar. So for new users it may be confusing since it is not following convention. I do run the taskbar hidden and that might be causing the problem.
Tested on 4.32 and double-clicking icon in system tray results in main Voodooshield window opening as expected. It does not minimise to the task bar on my system.

Edit: and 4.31 won't recognize that there is 4.32 version and says "You are running the latest version..."
I expect it's because 4.32 is a beta build.
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on June 13, 2018, 03:56:21 pm
another fine release Dan, couple more bugs to fix and if
I were you I would release a 'final' and take a long break..you have
worked your ass off for a long time bro!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: frowner on June 13, 2018, 04:20:08 pm
Hi with latest 4.31 what is happening twith the color blue or red, does not seem to change color for being on or off?
Hi, nice to meet you... yeah, I noticed that too.  It is fixed in 4.32, but if you still encounter this issue, please let me know!  Thank you!

Hi Dan Nice to meet you also great hreat product Thanks for the fix.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Homer712 on June 14, 2018, 04:06:52 am
Just downloaded 4.32 and installed over 4.31. Everything works well so far but I noticed a strange issue. If you double click on the tray icon the small window comes up to have you enter the password. If you are not in an active application (tray icon is red) even though the small window seems active, typing does nothing. You have to put the pointer in the box and click to make it active so what you are typing gets entered. If you are in an active application (web or email and the tray icon is blue) and you double click the tray icon the window is active and as soon as you start typing it shows up in the password window. Reproducible (at least on my machine, Dell laptop, Win 10, 1803, latest updates as of June 12th).
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 14, 2018, 11:12:56 am
I'll try again. If I double click on any other icon in the sys tray then it will open a window on the screen. This does not happen with VS. It does load it but is minimised to the task bar. So for new users it may be confusing since it is not following convention. I do run the taskbar hidden and that might be causing the problem.
Tested on 4.32 and double-clicking icon in system tray results in main Voodooshield window opening as expected. It does not minimise to the task bar on my system.

Edit: and 4.31 won't recognize that there is 4.32 version and says "You are running the latest version..."
I expect it's because 4.32 is a beta build.

Thanks

I am running win 8.1 pro and using Start8 instead of standard windows. Are you on win 10

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: CyberGhosT on June 14, 2018, 08:45:07 pm
Thanks and Howdy Dan, 432 is running very smooth on my Win10 monster.
Stay frosty brother :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on June 14, 2018, 11:46:15 pm
Hi Dan,

What do you think about this?
https://avlab.pl/en/best-antivirus-software-2018-based-three-security-tests
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:20:56 am
You can right click on either the desktop icon or tray and select Voodooshield settings. Otherwise I am not sure what you are trying to say.

Seems that no one understands my message.

Have just installed 4.32 over the top of 4.31 and the problem is still there.

I'll try again. If I double click on any other icon in the sys tray then it will open a window on the screen. This does not happen with VS. It does load it but is minimised to the task bar. So for new users it may be confusing since it is not following convention. I do run the taskbar hidden and that might be causing the problem.

Hope you can understand this.

David
Hey David, that is odd that it is minimized... I see what you mean now.  Either way, I will make sure this is fixed for the next version, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:24:31 am
Hi Dan,

I notice two minor issues with v4.31, one cosmetic and one practical...

For first, look at the picture and second is when a user manually checks for an update, the message window appears beneath the open Voodoo window so it is hidden until user close or move the main window. I wait and wait for a response of update and when I give up and close main Voodoo window, then I saw that notification is already there!

Edit: and 4.31 won't recognize that there is 4.32 version and says "You are running the latest version..."
Cool, thank you, the cosmetic issue is fixed for 4.33.  That listview control had another cosmetic issue, and someone had reported the one you were reporting, so I was confused, but it will look beautiful in 4.33 ;).

I will check the update prompt and make sure it is on top as well for 4.33.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:25:13 am
I'll try again. If I double click on any other icon in the sys tray then it will open a window on the screen. This does not happen with VS. It does load it but is minimised to the task bar. So for new users it may be confusing since it is not following convention. I do run the taskbar hidden and that might be causing the problem.
Tested on 4.32 and double-clicking icon in system tray results in main Voodooshield window opening as expected. It does not minimise to the task bar on my system.

Edit: and 4.31 won't recognize that there is 4.32 version and says "You are running the latest version..."
I expect it's because 4.32 is a beta build.
Thank you Mark... it is working for me too, but I can make sure it is on top for everyone, just in case ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:26:34 am
another fine release Dan, couple more bugs to fix and if
I were you I would release a 'final' and take a long break..you have
worked your ass off for a long time bro!!
Thank you hayc59, I appreciate that very much!  Yeah, these are all super easy bugs... I figured we would have a few gui glitches like this after making so many changes.  But I will be finished with 4.33 sometime this weekend.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:28:36 am
Just downloaded 4.32 and installed over 4.31. Everything works well so far but I noticed a strange issue. If you double click on the tray icon the small window comes up to have you enter the password. If you are not in an active application (tray icon is red) even though the small window seems active, typing does nothing. You have to put the pointer in the box and click to make it active so what you are typing gets entered. If you are in an active application (web or email and the tray icon is blue) and you double click the tray icon the window is active and as soon as you start typing it shows up in the password window. Reproducible (at least on my machine, Dell laptop, Win 10, 1803, latest updates as of June 12th).
Hmmm, that is odd... do you have a password set in VoodooShield Settings / Utility?  Can you please try to clear the password and see if the issue continues?  Basically, if you have a VS password set, VS will prompt you for the password before it lets you into the settings.  As far as the cursor / typing goes, I should be able to refine that a little more.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:29:14 am
Thanks and Howdy Dan, 432 is running very smooth on my Win10 monster.
Stay frosty brother :)
Hey CG, how are you?  Long time no talk... thank you for letting me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 15, 2018, 03:53:44 am
Hi Dan,

What do you think about this?
https://avlab.pl/en/best-antivirus-software-2018-based-three-security-tests
Yeah, we missed one... AVLab tested VS in AutoPilot mode.  If VS would have been ON during the test, it certainly would have blocked that file.  It is kinda funny... AVLab emailed everyone the test results and they explained to me that they tested VS on AutoPilot mode because our User Guide says "Antivirus testing labs should run VoodooShield in AutoPilot mode when testing VoodooShield with traditional antivirus methodologies, since this mode emulates as closely as possible traditional antivirus."  And that is perfectly cool with me... it just further demonstrates that the computer should be locked when it is at risk ;).

AutoPilot mode is an allow-by-default mode, and if we are going to be tested along side other allow-by-default products, it is only fair that VS is tested in AutoPilot mode, otherwise we are not comparing apples to apples.  Besides, if they were to have tested VS in Smart or Always ON mode, it would have been boring and we would not have learned anything new.  Now, if someone was going to perform a deny-by-default product test, Smart Mode or Always ON would make more sense.

What is interesting is this... when VS is on AutoPilot, it will block any and all blacklist unknowns automatically (without question), and it will also block any file that has 5+ detections from the 65+ engines.  And actually, 5 is not an absolute number because it also depends on VS's false positive detection feature.  If even a single blacklist detection is found in an engine that VS believes to not be a false positive, it will be blocked.  Also, VoodooAi missed the file as well, because when VS is on AutoPilot, if the VoodooAi result is greater than 50, it will be automatically blocked.

There will always be bypasses in non-locking, allow-by-default products, there is no way around it.  Locking the computer full time is not the answer either.  And sandboxing is great for security geeks, but not so great for the other 99%... for a lot of reasons that I have talked about before.

In other words, install your favorite effective AV product and also lock your computer when it is at risk with VoodooShield ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on June 15, 2018, 04:09:11 am
saving and clearing password seems to make the app hang for a minute maybe longer.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on June 15, 2018, 12:58:56 pm
VS 4.32 running great wit EAM, HMPro.Alert, ...thanks Dan for your efforts.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 15, 2018, 01:58:18 pm
Why HMP.Alert with Voodoo?
I think that HMP is not necessary with Voodoo.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Baldrick on June 15, 2018, 06:46:41 pm
They do different things with some overlap.  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on June 15, 2018, 11:53:56 pm
Hi Dan,

What do you think about this?
https://avlab.pl/en/best-antivirus-software-2018-based-three-security-tests
Yeah, we missed one... AVLab tested VS in AutoPilot mode.  If VS would have been ON during the test, it certainly would have blocked that file.  It is kinda funny... AVLab emailed everyone the test results and they explained to me that they tested VS on AutoPilot mode because our User Guide says "Antivirus testing labs should run VoodooShield in AutoPilot mode when testing VoodooShield with traditional antivirus methodologies, since this mode emulates as closely as possible traditional antivirus."  And that is perfectly cool with me... it just further demonstrates that the computer should be locked when it is at risk ;).

AutoPilot mode is an allow-by-default mode, and if we are going to be tested along side other allow-by-default products, it is only fair that VS is tested in AutoPilot mode, otherwise we are not comparing apples to apples.  Besides, if they were to have tested VS in Smart or Always ON mode, it would have been boring and we would not have learned anything new.  Now, if someone was going to perform a deny-by-default product test, Smart Mode or Always ON would make more sense.

What is interesting is this... when VS is on AutoPilot, it will block any and all blacklist unknowns automatically (without question), and it will also block any file that has 5+ detections from the 65+ engines.  And actually, 5 is not an absolute number because it also depends on VS's false positive detection feature.  If even a single blacklist detection is found in an engine that VS believes to not be a false positive, it will be blocked.  Also, VoodooAi missed the file as well, because when VS is on AutoPilot, if the VoodooAi result is greater than 50, it will be automatically blocked.

There will always be bypasses in non-locking, allow-by-default products, there is no way around it.  Locking the computer full time is not the answer either.  And sandboxing is great for security geeks, but not so great for the other 99%... for a lot of reasons that I have talked about before.

In other words, install your favorite effective AV product and also lock your computer when it is at risk with VoodooShield ;).

I prefer to use VS in Always ON.............better safe than sorry ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on June 16, 2018, 02:54:32 am
Why HMP.Alert with Voodoo?
I think that HMP is not necessary with Voodoo.
HMP.A is great for banking....
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 17, 2018, 04:09:34 pm
Hey everyone, sorry I am behind again on the emails, pms, etc, I will catch up soon.

Here is 4.33... pretty much everything should be fixed except an issue with ivpn which I will work on tonight, and a weird script block in a C:\Intel folder (I think the script is changing or something).

There are not really any new features in this version... just mainly bug fixes and gui refinements.

https://www.voodooshield.com/Download/InstallVoodooShield433.exe

SHA256: 84cc9e60a8ab5d764ccb30bd59ac8fbe7d76c6879f45c57bc7dc8a3fd9a4ef24

Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 17, 2018, 04:25:44 pm
Clean install v4.33 and notice one unpractical thing...

When I right click on Voodoo in tray, popup window closes in just 3 sec and that is really too fast if user want's to read options.

I slow scroll from one to another option but popup window close before I select something and that's really annoying.

That popup window should stay open as long as the mouse is moving thru options up and down, don't fix a closing time limit to approx 3sec. but instead extend it as long as the mouse move thru options!
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 17, 2018, 05:31:29 pm
Thanks Dan, update to 433 smooth, all good.

@Andi "When I right click on Voodoo in tray, popup window closes in just 3 sec and that is really too fast if user want's to read options"

Agreed.

However I use the desk top shield and this does not happen, options stay visible while mouse is over.


Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 17, 2018, 06:07:31 pm
Ooops, thank you guys for catching the right click three second thingy... I will fix it... I never noticed it before because I usually click a menu item pretty quick.

I also noticed that the registration error in Settings / Registration did not hide correctly... but that is fixed now too.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 17, 2018, 06:16:09 pm
Ooops, thank you guys for catching the right click three second thingy... I will fix it... I never noticed it before because I usually click a menu item pretty quick.

I also noticed that the registration error in Settings / Registration did not hide correctly... but that is fixed now too.

When in v4.34?
Title: SOLVED! Re: VoodooShield v4 STABLE Thread
Post by: JLJ on June 17, 2018, 07:13:11 pm
Hi all ~ apologies if doing this is a terrible forum faux pas, if so don't yell, I promise not to repeat it ~ but I'm referencing my own other post because desperate  :o

OP at https://calendarofupdates.org/index.php?PHPSESSID=ak8sk0dgonsrla6pupvg4a5s42&topic=1898.0

Bottom line: under Windows [7 x64] VoodooShield v4 does not connect to the internet for file upload/analysis or program updates unless run as an Administrator, and for overall security I use a Standard / Limited user account at all times. None of my other security apps have this limitation.

Is it possible to release a version of VS that does not require Admin superpowers? If so, one vote for such from me.

Solved! Still confused but solved! I found the chokepoint at which VS could not establish a live net connection -- it doesn't make sense to me, but I found it, so maybe it will make sense to somebody here:

Internet Options under IEx86 (I never use it, and I'm running Win7 x64, but of course IE 32-bit is the system default) was set to use a local proxy filter for LAN connections. When enabled, VS failed to recognize my ethernet connection; when disabled, VS succeeded: update checks and the option to scan programs in the cloud functioned correctly.

Still confusing is the fact that the proxy does not filter connections to known Google sites, so the VS ping to Google (never reported as having failed) should have gone through. Even more still confusing is that the LAN setting was in place in the Admin account as well, and VS did not have a problem with it there.

So at this point everything is working correctly in both user accounts, Admin and Standard, and all is well. Anything as to cause is above my pay grade. I thank everybody for their time and help  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 17, 2018, 08:38:33 pm
One more thing Dan...

When will be possible to choose install directory for VS?

I like to install everything in my "D" drive, not in "C".


Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 18, 2018, 01:01:10 am
One more thing Dan...

When will be possible to choose install directory for VS?

I like to install everything in my "D" drive, not in "C".

I second that!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on June 18, 2018, 03:10:47 am
'clear user log" is blacked out when there are clear-able items.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 18, 2018, 10:44:05 am
One more thing Dan...

When will be possible to choose install directory for VS?

I like to install everything in my "D" drive, not in "C".

I queried that with Dan a few years ago and he gave a good reason for it to be in the C drive. I assume that that has not changed.

Dan.
4.33 has fixed the double click icon to bring up Window and not minimised. Thanks

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on June 18, 2018, 03:58:06 pm
One other thing I noticed in 4.33 is when I right click either the tray or desktop icon, then the top mode smart mode | aggressive, the mode changes to another mode. Most of the time it goes to auto-pilot.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 18, 2018, 04:36:36 pm
One other thing I noticed in 4.33 is when I right click either the tray or desktop icon, then the top mode smart mode | aggressive, the mode changes to another mode. Most of the time it goes to auto-pilot.

Mmm interesting.
I don't see that on my installations. ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on June 18, 2018, 04:45:37 pm
I uninstalled VS and reinstalled it again. Now when right clicking on desktop icon, mode doesn't change but right clicking on tray icon, mode does change. Must just be my system.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 18, 2018, 05:13:41 pm
I don't have that problem.

I'm on default Smart/aggressive mode.
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on June 18, 2018, 08:49:26 pm
4.33 works on Windows10 x64 ltsb. I tried to replicate the 3 second menu issue as well as the mode being incorrectly selected. I was unable to reproduce. It works flawlessly. Hopefully this is an isolated issue.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on June 18, 2018, 10:27:39 pm
Fresh 4.33 installed....Win 10 Pro 1803...do have the 3 second thingy, all else ok...
Title: Re: VoodooShield v4 STABLE Thread
Post by: Askmark on June 22, 2018, 11:30:06 pm
No issues here with 4.33 on Win 10 Pro 1803
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 24, 2018, 03:15:09 am
Hey everyone... sorry, I have been wrapped up trying to figure out a very odd bug with the new self protection feature.  In 4.29-4.33, if certain calls were made to the VoodooShieldService from VS, like if the user is trying to reset their whitelist or take an advanced snapshot, then VS would act up.  It turns out, that we over protected VS and VoodooShieldService, and one of the Windows processes need to access it too.  Anyway, now that we know what the issue is, our kernel developer will be able to fix it in a jiffy... but it is going to take a couple of days.  So this version does not have self protection, but it will be fully implemented and fixed in the next version.

BTW, I noticed that sometimes when the user would right click to exit VS, it would spawn again, so I changed how VS starts with the service.  I think it is fully fixed, but I will keep and eye on it, and if you guys notice anything odd, please let me know.

Also, in the silent security posture, VS will now flash if it blocks something silently... it will still not display a prompt though.

In the meantime, here is 4.34 with even more little refinements and enhancements.  I am almost finished refining and enhancing VS, then I am going to...

1.  Implement some really cool ideas on the moderate, relaxed and silent security postures.  They are currently quite basic and not super protective... but there are tons of things I can do to make them even more secure and user-friendly.

2.  Retrain VoodooAi.  I have not retrained VoodooAi for 7-8 months because I have been busy with VS 4.0.  But now that it is ready, it is time to focus on VoodooAi a little.  I forgot the exact numbers, but I believe the current models where trained on training data sets of around 100,000 or so samples.  We will now be able to include most or all of the blocked and scanned samples from the last 7-8 months that are now in the VoodooAi database... and there are tons of them... I am guessing around 1.5 million or so new, unique samples.  These are not the number of VS blocks... these are the number of new, unique files that VS has encountered on the endpoints it is protecting, when a file is blocked or manually scanned.

VoodooAi's has the ability to be amazingly accurate and precise, but the end result is only as good as the training data sets... so I am excited to see the results once we include these samples during training.  Then again, I have always been extremely happy with VoodooAi's results.  If you download the top 100 files from download.com or softpedia and run them against VS / VoodooAi, you will quickly see my point.  I actually downloaded all 100 samples a while back from download.com if anyone wants them ;).  Anyway, the whole point of VoodooAi is to determine whether a file is safe or unsafe... it is not necessarily designed to determine the maliciousness of a file.  So when you combine the blacklist scan with VoodooAi, it makes for a rather great combo.  And besides, it is good to be different... that is what VS is all about ;).

3.  Modernize the gui and possibly the desktop shield gadget / logo with the help of a graphic designer.

4.  Anything else you guys can think of... I have some ideas too that I will run by you soon.


https://www.voodooshield.com/Download/InstallVoodooShield434.exe

SHA256:    c071256eef0ccb4bcb73dd08ca0ae9a8ab6d396538eaf962f2f932b64e2da795

Thank you guys, I will catch up soon!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 24, 2018, 03:22:36 am
BTW, I forgot to mention... hopefully the Check Update and other prompts will show on top of the VoodooShield Settings window... if not, there are a couple of other things I can do.  It is just kind of difficult because the desktop shield gadget is TopMost, and the settings form is TopMost, then the prompts are TopMost... see where that can be tricky? ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on June 24, 2018, 07:53:13 am
Dan I think and this is just me....when all is said and done
you should give it version 5.0 and have a real good blow out parteee....
 Post this sucker everywhere and give folks the best gal darn program this side of the rio grande...what do you think?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 24, 2018, 03:33:52 pm
Dan I think and this is just me....when all is said and done
you should give it version 5.0 and have a real good blow out parteee....
 Post this sucker everywhere and give folks the best gal darn program this side of the rio grande...what do you think?
Thank you, I appreciate that!  Yeah, things are finally starting to come together, after 6-7 years 😉.  When we first started, we thought it would only take around 4-6 months to create VoodooShield… boy were we wrong.  I mean really, how difficult is it to make a user-friendly toggling computer lock? 😉.  I can tell you from experience, it is incredibly challenging… but yet rewarding and a hell of a lot of fun at the same time.

It is one thing to create a simple application whitelisting / deny-by-default utility, but it is an entirely different thing to make it user-friendly enough for the masses.  Anyone who believes that a deny-by-default product cannot be marketed to the masses either has the wrong product or the wrong marketing.  Or both.

Yeah, there have been a lot of refinements in the last few months, so either 4.5 or 5.0 is probably appropriate… but I do want to add a couple more “surprise” features, along with building out the security postures feature some more… there are some crazy cool things we can do with that.  And please do not worry, these new features will not create tons of new bugs… we are completely out of the woods now.  There will always be minor bugs when we make changes, but they will be simple and manageable, and we are in great shape now 😉.

Thanks again for everyone’s support and help throughout these years, I really appreciate it!! 

We are almost there 😉.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 24, 2018, 04:21:17 pm
Thanks Dan VS v4.34 is working very well as always!  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ProTruckDriver on June 24, 2018, 05:20:38 pm
Thank you Dan.  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 24, 2018, 05:56:05 pm
Sounds good Dan.
v.4.34 running smoothly on Smart/Aggressive (Default)
Gotta love it!
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on June 24, 2018, 09:23:23 pm
Dan I think and this is just me....when all is said and done
you should give it version 5.0 and have a real good blow out parteee....
 Post this sucker everywhere and give folks the best gal darn program this side of the rio grande...what do you think?

last time I checked VS works good south of the Rio Grande (aka Rio Bravo) too. 
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on June 24, 2018, 09:44:02 pm
Hi Dan,

No issues to report since upgrading to v4.34.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on June 25, 2018, 03:36:17 am
4.34 is all gravy baby
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on June 25, 2018, 05:32:10 am
4.34 good here too
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 25, 2018, 04:52:51 pm
Very cool, thank you guys!

Here is the same version 4.34, with the driver fixed and the self-protection enabled.

www.voodooshield.com/Download/InstallVoodooShield434d.exe

SHA256: 8e97daab233a51238a1421238a75d9ddcb0dea8e5113faea91d44b82f0488890

If anything at all acts weird with the self-protection enabled, please let me know!  The only thing that the self-protection interfered with in the previous version was when VS was taking a snapshot, so I think we are good to go, but who knows what else the self-protection might interfere with.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 25, 2018, 04:54:40 pm
Very cool, thank you guys!

Here is the same version 4.34, with the driver fixed and the self-protection enabled.

www.voodooshield.com/Download/InstallVoodooShield434d.exe

SHA256: 8e97daab233a51238a1421238a75d9ddcb0dea8e5113faea91d44b82f0488890

If anything at all acts weird with the self-protection enabled, please let me know!  The only thing that the self-protection interfered with in the previous version was when VS was taking a snapshot, so I think we are good to go, but who knows what else the self-protection might interfere with.

Installing now and I will let you know!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 25, 2018, 05:10:06 pm
Very cool, thank you TH!

BTW, I forgot to mention... while fixing the driver, I noticed there was A LOT of old debug code that we no longer need, so I commented it out.  I always wondered why VS slowed down the boot process on some computers... I bet this is why.  Anyway, if someone had an issue with VS slowing down their computer boot times, please try 4.34d and let me know if it solved that issue as well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 25, 2018, 05:15:09 pm
v.4.34d installed.
All seems fine :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on June 25, 2018, 06:14:29 pm
Quick question on VS 4.28: I can't find the control to restore all program setting defaults -- has it been removed? if not, where is it / how is it done? The user guide shows a dedicated full-program restore button in the UTILITY section, but it doesn't show on my system -- there's one labelled RESTORE SETTINGS FROM FILE but I don't readily see a file of defaults, and I didn't back them up before monkeying around. ?? THX
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 25, 2018, 09:43:50 pm
v.4.34d installed.
All seems fine :)

Same here running smooth as silk!  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on June 25, 2018, 09:47:11 pm
It has installed perfectly here and running really well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on June 26, 2018, 02:48:31 am
No issues....thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on June 26, 2018, 09:08:18 pm
4.34d all gravy baby
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on June 26, 2018, 09:19:11 pm
Sophos home premium
NVT OSArmor 1.4
GlassWire elite
My old WinPatrol plus
and VoodooShield 4.34

No problem at all. Working fine together.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on June 27, 2018, 03:14:20 am
Working great Dan, Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on June 27, 2018, 08:12:33 am
Thank you guys, I appreciate that!

I think I am seeing a little bugginess in the driver with the self-protection implemented, and I spoke with the kernel dev and he has a better way to fix the patch from the other day, and the driver will be even more flexible moving forward.  So anyway, the latest version should be fine, but if you guys experience anything odd, please let me know so that we can verify it is fixed when the new driver is ready a week or so from now.  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on June 27, 2018, 10:49:37 am
Thanks Dan

24 hrs in and 4.34d is working ok here

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on June 27, 2018, 01:04:00 pm
Thanks Dan

24 hrs in and 4.34d is working ok here

David

Same for me, no problem at all since two days now! Thank you Dan for your hard work, this is amazing because you never gave up. :) beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on June 27, 2018, 04:09:59 pm
Everything working great here on my Windows 10 64bit with VS v4.34d.

Thank you Dan! :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on June 27, 2018, 09:18:56 pm
Blew away my whitelist and command lines... let VS take advanced snapshot. Minimal training over the past 2 days... Auto/Moderate
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on June 28, 2018, 07:35:25 am
All good here also..kick it out 5.0 partee!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 28, 2018, 07:00:41 pm
I would like to give one suggestion Dan...

Make this default: "Hide the desktop shield gadget when another program is full screen"

I think that this option is "uncheck" but I not 100% sure.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on June 28, 2018, 08:47:02 pm
I would like to give one suggestion Dan...

Make this default: "Hide the desktop shield gadget when another program is full screen"

I think that this option is "uncheck" but I not 100% sure.

I wouldn't want it as Default, I like it as is.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on June 28, 2018, 09:52:30 pm
Well...when I am in the full-screen program and 99% of it is game or movie, I don't want to see Voodoo gadget!
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on June 28, 2018, 10:08:37 pm
I would like to give one suggestion Dan...

Make this default: "Hide the desktop shield gadget when another program is full screen"

I think that this option is "uncheck" but I not 100% sure.

I wouldn't want it as Default, I like it as is.

As is    +1 :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on June 29, 2018, 02:57:29 pm
Upgraded from 4.34 to 4.34d a couple of days ago, and everything has been running smoothly.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on June 29, 2018, 10:29:03 pm
Bumped up to Auto/Aggressive... still quiet  ;D

Though I would like to see manual toggling on Auto shield... for those times I'm installing trusted apps.

Or at the very least, add the "disable/enable" switch to the right=click context menu from the shield so it can be quickly invoked.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on June 29, 2018, 11:28:46 pm
I would like to give one suggestion Dan...

Make this default: "Hide the desktop shield gadget when another program is full screen"

I think that this option is "uncheck" but I not 100% sure.

I wouldn't want it as Default, I like it as is.

As is    +1 :)

+2
Title: Re: VoodooShield v4 STABLE Thread
Post by: Askmark on July 01, 2018, 09:59:39 pm
4.34d working well here without any issues so far. However i do wish the "User Log" was more reliable and consistently recorded an event every time an executable is run from my computer and not just either the first time that executable is run or the first time it's allowed.

For example, I run Simplewall.exe from my downloads folder and VS hasn't white-listed this program yet so I click allow. Simplewall runs and a "User Allowed" entry appears in the log as normal.
I then run Simplewall again and this time as it's now white-listed VS allows it to run automatically and an "Auto allowed" entry is written to the log, again, as expected.

However, if I run Simplewall again nothing is written to the User log. Why is this?
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on July 03, 2018, 02:09:34 am
4.34d working well here without any issues so far. However i do wish the "User Log" was more reliable and consistently recorded an event every time an executable is run from my computer

+1  :)  a feature that I liked on NVT_ERP was that it logged every execution with a timestamp, IIRC (last used many many moons ago)  Is more logging feasible (desirable) for VS, would it slow VS down, ie, slow down the system with that feature, perhaps optional logging...  :-\
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 03, 2018, 02:44:53 pm
Bumped up to Auto/Aggressive... still quiet  ;D

Though I would like to see manual toggling on Auto shield... for those times I'm installing trusted apps.

Or at the very least, add the "disable/enable" switch to the right=click context menu from the shield so it can be quickly invoked.
Thank you, I see what you are saying.  Please keep in mind that Smart OFF and AutoPilot are almost identical modes, so this is why AutoPilot does not toggle to OFF when the user clicks on VS.  I am still trying to figure out the best design for the right click menu.  It is nice to have all of the modes and security postures listed, but then the menu is a little to big.  I can see where moving the Disable / Install mode menu item might be helpful though.  All of this is super easy to change, so if anyone has any ideas, please let me know, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 03, 2018, 02:46:55 pm
4.34d working well here without any issues so far. However i do wish the "User Log" was more reliable and consistently recorded an event every time an executable is run from my computer and not just either the first time that executable is run or the first time it's allowed.

For example, I run Simplewall.exe from my downloads folder and VS hasn't white-listed this program yet so I click allow. Simplewall runs and a "User Allowed" entry appears in the log as normal.
I then run Simplewall again and this time as it's now white-listed VS allows it to run automatically and an "Auto allowed" entry is written to the log, again, as expected.

However, if I run Simplewall again nothing is written to the User log. Why is this?
We could add these to the user log, but it would add a massive amount of items to the user log.  All of the items are logged in the DeveloperLog... so please take a look and see if you think we should add all of these to the user log.  If it is not to many, maybe we should add them.  Please take a look and let me know what you think, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 03, 2018, 02:49:14 pm
I am waiting for our kernel dev to finish up the new driver, then we will release a quick beta version, then release VS 4.5 to the public asap.

Thank you guys for all of your help!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 03, 2018, 04:38:29 pm
@Dan
How about an lazy option to enable in settings?
If activated right click just spawns (a small setting option) and two colums open with mode select on the left and "security posture" on the right.
And the colums don't close if i change anything. They close after i left click anywhere empty on screen (but not! on VS).
Title: Re: VoodooShield v4 STABLE Thread
Post by: Askmark on July 04, 2018, 06:07:19 pm
4.34d working well here without any issues so far. However i do wish the "User Log" was more reliable and consistently recorded an event every time an executable is run from my computer and not just either the first time that executable is run or the first time it's allowed.

For example, I run Simplewall.exe from my downloads folder and VS hasn't white-listed this program yet so I click allow. Simplewall runs and a "User Allowed" entry appears in the log as normal.
I then run Simplewall again and this time as it's now white-listed VS allows it to run automatically and an "Auto allowed" entry is written to the log, again, as expected.

However, if I run Simplewall again nothing is written to the User log. Why is this?
We could add these to the user log, but it would add a massive amount of items to the user log.  All of the items are logged in the DeveloperLog... so please take a look and see if you think we should add all of these to the user log.  If it is not to many, maybe we should add them.  Please take a look and let me know what you think, thank you!
Dan,
I see your point about there being too many entries.

Perhaps, in addition to what you currently log, you could also just add the blocked entries from the Developer log to the User Log as they're of most interest to most people. Especially when VS's Security Posture is set to "SILENT" which doesn't alert you to programs it blocks, other than a few flashes of the shield/tray icon which could easily be missed.

Mark
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on July 05, 2018, 02:17:28 am
@Dan
...
And the colums don't close if i change anything. They close after i left click anywhere empty on screen (but not! on VS).

Aaaahhhh, NO.  The Windows eco-system has always required an explicit confirm/rethink ( [ [OK] ] [ [CANCEL] ] ) on all dialogs.  Using any other protocol--eg: click on empty screen space--will inevitably end in tears.  And look what happened after somebody gave M$ ideas following W8...
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 06, 2018, 05:10:25 am
Hey Everyone,

So here is 4.50!  This version has the new reworked driver and it seems to be doing quite well.

There should only be one remaining bug… the one that is in the Nivot.SignalR dll, and Alex is working on it as we speak.  This bug only affects certain users with certain VPN’s… but we need to fix it either way.  Other than that, I think we are finally pretty much bug free… and it is going to stay that way 😉.

Our digital signature expired today, so I started using another one that we had, so the first 10 or so users will probably see some warnings from smart screen and the like.

www.voodooshield.com/Download/InstallVoodooShield450.exe

SHA256: c27540a522e1e6359449a46f980b54baf48c3ce45fa0c7387895956a8f43ce6f

Thank you guys, I will catch up asap!!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on July 06, 2018, 04:09:10 pm
Our digital signature expired today, so I started using another one that we had, so the first 10 or so users will probably see some warnings from smart screen and the like.
Intercepted by Windows SmartScreen  :o
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 06, 2018, 04:41:05 pm
Hey Everyone,

So here is 4.50!  This version has the new reworked driver and it seems to be doing quite well.

There should only be one remaining bug… the one that is in the Nivot.SignalR dll, and Alex is working on it as we speak.  This bug only affects certain users with certain VPN’s… but we need to fix it either way.  Other than that, I think we are finally pretty much bug free… and it is going to stay that way 😉.

Our digital signature expired today, so I started using another one that we had, so the first 10 or so users will probably see some warnings from smart screen and the like.

www.voodooshield.com/Download/InstallVoodooShield450.exe

SHA256: c27540a522e1e6359449a46f980b54baf48c3ce45fa0c7387895956a8f43ce6f

Thank you guys, I will catch up asap!!!

Got it installed and working well!  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on July 06, 2018, 05:29:43 pm
Hey Everyone,

So here is 4.50!  This version has the new reworked driver and it seems to be doing quite well.

There should only be one remaining bug… the one that is in the Nivot.SignalR dll, and Alex is working on it as we speak.  This bug only affects certain users with certain VPN’s… but we need to fix it either way.  Other than that, I think we are finally pretty much bug free… and it is going to stay that way 😉.

Our digital signature expired today, so I started using another one that we had, so the first 10 or so users will probably see some warnings from smart screen and the like.

www.voodooshield.com/Download/InstallVoodooShield450.exe

SHA256: c27540a522e1e6359449a46f980b54baf48c3ce45fa0c7387895956a8f43ce6f

Thank you guys, I will catch up asap!!!

Got it installed and working well!  8)

No problems here either. Thank you Dan :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 07, 2018, 04:57:02 am
4.50 smooth like buttah

(https://i.imgur.com/SU74v18.png)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on July 07, 2018, 12:08:44 pm
4.50 working with no problems and bugs so far...

We will see if auto update works like it should when next version will be out.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on July 07, 2018, 04:54:52 pm
Installed on systems.
All great!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on July 08, 2018, 02:53:06 am
Working great...no issues.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on July 08, 2018, 05:39:06 am
4.50 working fine here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Baldrick on July 08, 2018, 10:52:33 am
VS is ALWAYS working fine... ;)

Best (well one of a very few  ;)) bitof kit ever.

Baldrick
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on July 08, 2018, 11:10:52 am
No apparent problems here with 4.50. Thanks Dan, great job.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: dotnetnightmare on July 08, 2018, 07:34:21 pm
As Dan noted the VPN issue is for a small few. I use Mullvad with the official openvpn based installer and no issue. I found out about a Wireguard client for Windows called TunSafe and it has issues. I have my cable modem & router on a timer to reboot daily. This daily reboot causes an issue with TunSafe reconnecting and this causes VS to give the familiar crash from the beta testing. Disconnect the VPN, reconnect, start VS, and all good until next cycle. Obviously this is not a pressing issue as I could go back to the OpenVPN client. I have to admit that TunSafe is alot faster than openvpn. It connects in a second flat & is almost 3 times faster. Very impressed!
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on July 09, 2018, 05:52:48 am
As Dan noted the VPN issue is for a small few.  I found out about a Wireguard client for Windows called TunSafe and it has issues.  I have to admit that TunSafe is alot faster than openvpn. It connects in a second flat & is almost 3 times faster. Very impressed!

I've been having connection issue too with another vpn service, but it just started within the last few versions of VS.  IIRC I had no issues with 4.28 or with earlier versions.  The VS vpn related crashes are irregular, no obvious pattern, sometimes VS would crash within a few minutes, other times it could run for hours, but it was crashing every day, every new vpn use.  VS Does not crash with free version!  Dan is aware of this. 
 
I was curious about TunSafe so I googled, it was way down on the page but finally found it, tunsafe_dot_com, but I got a security warning when the page tried to load, best guess they're using an outdated certificate, but I just closed the page (since I'm not currently running VS 4.50 due to the dll vpn bug). 

Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on July 09, 2018, 03:51:06 pm
Oddly my internet connection has also started dropping for no apparent reason.
Started I guess a few weeks ago.
Will investigate further..... Mmm. ???

Edit:
So tracked issue to different software.
Not VPN related.
VS 4.5 doing great!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on July 09, 2018, 06:15:06 pm
Curious here... a few of my programs bring up the "Install" option when I first run them... particularly Paint.NET (portable) and Evernote (installed version).

Why?
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on July 10, 2018, 06:42:47 pm
No issues to report since upgrading to v4.50
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 11, 2018, 10:28:51 am
Thank you guys, I will catch up asap ;).

The bug in the dll turned out to be a lot more work than I thought 😉.  After consulting with Alex, we decided that the best option was to move from .net 3.5. to .net 4.5.  Pretty much everything was super smooth, and actually, VS is even more super freaking quick, but I have had some issues with the installer.  My Pascal is a little rusty… well, it is super rusty, and to do this right I need to figure out some Pascal / Installer code.

Anyway, a few people have mentioned that VS Free gives away too many features for free.  I totally agree, but trust me, there is a method to my madness 😉.
We will soon be releasing VS 5.0, that has minor graphical UI changes, and all previous yearly and lifetime licenses will no longer be valid, and the new price for a license is now $1,000.00 per year.  Sorry about that… if you want this kind of protection, you are going to have to pay for it.

Just kidding 😉.  Actually, if anyone needs a license, just let me know, I will hook you up.

Anyway, as soon as I figure out this pascal installer stuff, I will post a new version with the 4.5 runtime.

Thank you guys!!!

Dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on July 11, 2018, 11:55:40 am
>>>>We will soon be releasing VS 5.0, that has minor graphical UI changes, and all previous yearly and lifetime licenses will no longer be valid, and the new price for a license is now $1000.00 per year.  Sorry about that… if you want this kind of protection, you are going to have to pay for it.

Just kidding 😉.  Actually, if anyone needs a license, just let me know, I will hook you up.<<<<

Dang Dan, you just about had me to change my underwear....thanks for your hard work....
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on July 11, 2018, 11:14:40 pm
Hey Everyone,

So here is 4.50!  This version has the new reworked driver and it seems to be doing quite well.

There should only be one remaining bug… the one that is in the Nivot.SignalR dll, and Alex is working on it as we speak.  This bug only affects certain users with certain VPN’s… but we need to fix it either way.  Other than that, I think we are finally pretty much bug free… and it is going to stay that way 😉.

Our digital signature expired today, so I started using another one that we had, so the first 10 or so users will probably see some warnings from smart screen and the like.

www.voodooshield.com/Download/InstallVoodooShield450.exe

SHA256: c27540a522e1e6359449a46f980b54baf48c3ce45fa0c7387895956a8f43ce6f

Thank you guys, I will catch up asap!!!

Thank you Dan! I just installed VS4.50. I'll holler if I encure any issues. Much appreciate your hard work! ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 12, 2018, 03:07:33 am
pretty sure the countdown timer isn't counting down.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 12, 2018, 08:11:48 am
okay It is but maybe it refreshes the count when I mouse over the box?

I noticed that I get a block pop up alert but there is no entry in the user log or command line log.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 12, 2018, 09:01:24 am
@Mr.Gump Im on VS <4.5 and afaik the timer always stopped/reset when you hoover over the popup. It gave you time to read all and make a decision without haste.

VS 4.50 on win 7 running nicely atm.
Title: Re: VoodooShield's Shield USB indicator
Post by: Telos on July 12, 2018, 04:32:42 pm
This is prolly vague... but sometime yesterday my shield decided to change to USB status. I have no idea why. Maybe I mounted something... but still today it's there and everything is normal. I'm pretty sure a reboot will clear it, but I'm wondering why the USB indicator at all??? How does that inform the user... besides.... hey... you gotta a USB device plugged in. OK... So what?

What's the purpose of the USB indicator? What action should a user take when it's there?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on July 12, 2018, 08:58:48 pm
Thank you Dan, 4:50 running smoothly for me on W10.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 12, 2018, 10:12:48 pm
@Mr.Gump Im on VS <4.5 and afaik the timer always stopped/reset when you hoover over the popup. It gave you time to read all and make a decision without haste.

VS 4.50 on win 7 running nicely atm.

thanks!
Title: Re: VoodooShield v4 STABLE Thread
Post by: WhyNot on July 13, 2018, 12:34:01 pm
Hi all!
VS 4.50 on Win 10 alongside Avast Free set to Agressive mode - which should mean all execution attempts are compared to Avast Cloud Whitelist. Ie when I updated VS Avast chipped in to block so I had to manually allow exception for VS. Now VS set as exception in Avast. (Might be I have left free Avira for good.)

- Maybe overkill to have two whitelist progs?
- VS doesnt start every time anymore. Last Win 10  update could be the problem? Dan will fix?
- I would like to see ie "Voodooshield ver 4.50 in Smart Mode" when I hoover over the icons.
- Can Malware be set to execute say one hour after arrival? If so, will Smart Mode protect me if I have shut down Chrome and Outlook and VS is Off? Is always ON the only way?

Like VS very much so far. Ordinary user with more interest than knowledge when it comes to security.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 13, 2018, 04:02:59 pm
Every now and then VS 4.50 icon shows "off" when selected "always on" mode on win 7 64bit.
The screenshot is after a fresh reboot, i just opened the settings to show mode!
When i change modes to whatever and back to "always on" the icon is ok again.

Just a bit irritating to see off when you ecpect on :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: WhyNot on July 13, 2018, 04:19:43 pm
Clarify about not autostarting: When shut down and started normally VS seems to like that better  and autostarts most of the time, but when I hit restart and let it shut down and start automatically VS 4.50 never autostarts.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 13, 2018, 04:23:23 pm
Here is 4.51beta! 

The only practical way of fixing the VPN bug was to upgrade VS to .net 4.5.  Since .net 4.5 is native to all recent Windows versions except Windows 7, this should work out really well since .net will not need to be installed on any endpoints except for Windows 7.  Besides, I imagine at this point most Windows 7 computers have .net 4.5 installed anyway, so VS will just skip the .net install.

Hopefully the VPN bug is fixed, but if not, please let me know.  Upgrading the SignalR dll will also allow us to do some really cool things with the Web Management Console.

There were only small changes to the actual VS code, so I do not think there will be any bugs with the VS code.  However, there were massive changes to the installer and the dependencies, so I would not at all be surprised if we see a few bugs… although I tested the heck out of it to ensure this version was as bug free as possible, since there were so many changes.

Overall, to me it looks like VS runs even faster and smoother under the 4.5 runtime compared to the 3.5… please let me know if you guys experience this as well.  You might notice that the installer grew significantly in size… this is a result of the increased size of the dependencies that are packaged with the installer.

SHA-256: 3fa2a59e81bf9d43511a5751cb7ea24d4a38bb8e3a41c9dd4ecb5cb5da3183b2

www.voodooshield.com/Download/InstallVoodooShield451beta.exe

Have a great weekend, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 13, 2018, 05:04:23 pm
Thanks Dano installing now!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Baldrick on July 13, 2018, 07:08:21 pm
Hi Dan

Thanks for that...well installed here and seems to be working great.

Have a great weekend.

Regards, Baldrick
Title: Re: VoodooShield v4 STABLE Thread
Post by: WhyNot on July 13, 2018, 07:17:36 pm
Thanks Dan, 4.51 is on and seems to work fine, even autostarted when I pressed Restart. Only tried once, but one is more than never.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on July 14, 2018, 02:16:59 am
Thanks Dan!
So one little problem i've experienced with 4.51beta. I clicked to install Voodooshield and Kaspersky has flagged it as a PDM:Trojan.Win32.Generic.
I'll send file to Virus total so check if other engines flag it as a trojan
Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on July 14, 2018, 02:34:43 am
All good. I disabled KIS and allowed Voodooshield to install and everything is working great
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on July 14, 2018, 06:52:53 am
... but I have had some issues with the installer.  My Pascal is a little rusty… well, it is super rusty ...

Pascal? ??? :o  Last time I saw that was early '70s, and nobody had a good word to say about it.  The most frequent polite comment I heard was along the lines of "What in the name of Algol are you doing with that?"

So, if you need a decent installer, take a dekko at https://www.gammadyne.com/centurion.htm (https://www.gammadyne.com/centurion.htm).

ANYHOO, I have a different problem.  I need absolutely to whitelist C:\Windows\hh.exe.  I have a number of programs that use compiled HTM help files, and having to allow hh.exe each time is... annoying.  Very.  I have tried setting an Allow Rule, but the blacklist seems to be hardcoded.  FWIW, being a halfway good citizen, I have disallowed hh.exe outbound to everywhere, and in addition it has never been pinged even by Avast! when I was using that.  Is there any way I can get hh.exe to run without having to go through the "Allow" procedure?  I'm still using 4.20, but I'm considering an upgrade.
Title: Re: VoodooShield's Shield USB indicator
Post by: gorblimey on July 14, 2018, 07:09:27 am
What's the purpose of the USB indicator? What action should a user take when it's there?

USB devices are recognised infection vectors, particularly the ubiquitous sticks, aka "thumbdrives".  The infection happens when (older) OS's see an autorun.inf file and obey its instructions.  W7++ are supposed to have blocked this avenue, but: thumbdrive controllers can be infected as well, which is much more difficult to detect before the catastrophe.

Remember the Stuxnet virus?  And how it got onto Iranian computers?  So Dan has done exactly the right thing.
Title: Re: VoodooShield's Shield USB indicator
Post by: Telos on July 14, 2018, 03:54:48 pm
What's the purpose of the USB indicator? What action should a user take when it's there?

USB devices are recognised infection vectors, particularly the ubiquitous sticks, aka "thumbdrives".  The infection happens when (older) OS's see an autorun.inf file and obey its instructions.  W7++ are supposed to have blocked this avenue, but: thumbdrive controllers can be infected as well, which is much more difficult to detect before the catastrophe.

Remember the Stuxnet virus?  And how it got onto Iranian computers?  So Dan has done exactly the right thing.
Yea.... I got that... but how is the USB shield notifier helpful? When I have a USB drive attached, VS isn't instructing me how to react to the shield change. If VS protects against Stuxnet, surely it does so whether the source is a USB, email attachment, download, etc. The USB shield notification does not help me, it only brings confusion since there is no user response available.

As I type this the USB shield notification is back as I'm using MKVMake to read a DVD folder. (I have no active USB devices present) And if one doesn't use the shield, well... I presume the VS protection still is present.

I advocate for the complete removal of the USB shield "feature" as it seems broken (I have many false notification) and  doesn't enlighten me to take action in a useful way.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on July 15, 2018, 01:01:49 am
Here is 4.51beta! 

The only practical way of fixing the VPN bug was to upgrade VS to .net 4.5.  Since .net 4.5 is native to all recent Windows versions except Windows 7, this should work out really well since .net will not need to be installed on any endpoints except for Windows 7.  Besides, I imagine at this point most Windows 7 computers have .net 4.5 installed anyway, so VS will just skip the .net install.

Hopefully the VPN bug is fixed, but if not, please let me know.  Upgrading the SignalR dll will also allow us to do some really cool things with the Web Management Console.

There were only small changes to the actual VS code, so I do not think there will be any bugs with the VS code.  However, there were massive changes to the installer and the dependencies, so I would not at all be surprised if we see a few bugs… although I tested the heck out of it to ensure this version was as bug free as possible, since there were so many changes.

Overall, to me it looks like VS runs even faster and smoother under the 4.5 runtime compared to the 3.5… please let me know if you guys experience this as well.  You might notice that the installer grew significantly in size… this is a result of the increased size of the dependencies that are packaged with the installer.

SHA-256: 3fa2a59e81bf9d43511a5751cb7ea24d4a38bb8e3a41c9dd4ecb5cb5da3183b2

www.voodooshield.com/Download/InstallVoodooShield451beta.exe

Have a great weekend, thank you guys!

Thank you Dan! I just installed the VS451beta!  :)
Title: Re: VoodooShield's Shield USB indicator
Post by: gorblimey on July 15, 2018, 01:57:00 am
... I have no active USB devices present ...

I'm assuming you have W10 there, but Windows generally is rather iffy in handling USB ports.  Generally, if the port has a non-stick in it, it treats whatever is in the port as a HDD, so doesn't raise a flag.  For example, if I stick my scanner in the USB, or plug my Bluetooth in for charging, W7 treats those as "not a device".  And my multi-card reader (it also writes!) is seen by W7 as 4 unused HDDs, and I had to give them drive letters; also, VS does not see them as USB devices.

When VS sees a USB flag, it automatically locks the box, hence the blue shield.  BTW, I'm still only using 4.20, so you may have VS features I don't know about.  But I'm pretty sure you're suffering from W10-itis  :(

EDIT:  Having just completed my morning Caffeine treatment, I realise that that the only action you need to take is the routine "If in doubt, just Block it.  If you do recognise it, Let it Run."
END EDIT.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 03:09:24 am
Curious here... a few of my programs bring up the "Install" option when I first run them... particularly Paint.NET (portable) and Evernote (installed version).

Why?
Thank you guys for letting me know that the new framework is doing well... that is great to hear.  I am going to just reply to the posts have have questions to save a little time... thank you guys for all of your help ;).

VS has an installer detector that detects if a new, non-whitelisted item is a standard executable or an installer.  That way, if VS detects the new item as an installer, the Install button is displayed instead of the Allow button, so that VS will toggle to OFF during the installation.

We do need to add a few more definitions to our installer detector, and I should be able to do that soon.  Thank you!
Title: Re: VoodooShield's Shield USB indicator
Post by: VoodooShield on July 15, 2018, 03:13:51 am
This is prolly vague... but sometime yesterday my shield decided to change to USB status. I have no idea why. Maybe I mounted something... but still today it's there and everything is normal. I'm pretty sure a reboot will clear it, but I'm wondering why the USB indicator at all??? How does that inform the user... besides.... hey... you gotta a USB device plugged in. OK... So what?

What's the purpose of the USB indicator? What action should a user take when it's there?
The USB label indicates that VS detected the insertion of a USB drive so that people are not curious why VS does not toggle to OFF when all of their web apps are closed.  Basically, the USB label is indicating that a USB drive was inserted, and VS toggled to ON when the USB drive was inserted.

I hope that makes sense, but if not, please let me know.  BTW, the USB label works pretty well for the most part, but I think we can do a little tweaking on it so it will be a little more refined.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 04:48:48 am
Hi all!
VS 4.50 on Win 10 alongside Avast Free set to Agressive mode - which should mean all execution attempts are compared to Avast Cloud Whitelist. Ie when I updated VS Avast chipped in to block so I had to manually allow exception for VS. Now VS set as exception in Avast. (Might be I have left free Avira for good.)

- Maybe overkill to have two whitelist progs?
- VS doesnt start every time anymore. Last Win 10  update could be the problem? Dan will fix?
- I would like to see ie "Voodooshield ver 4.50 in Smart Mode" when I hoover over the icons.
- Can Malware be set to execute say one hour after arrival? If so, will Smart Mode protect me if I have shut down Chrome and Outlook and VS is Off? Is always ON the only way?

Like VS very much so far. Ordinary user with more interest than knowledge when it comes to security.
Nice to meet you WhyNot! 

VS's whitelisting feature is quite different from all of the other whitelisting products.  We have several proprietary and patented features that allows VS to do things that other products cannot do.  Well, if they do, please let me know ;).  Anyway, VS is not actually an application whitelisting utility... it certainly shares some similarities, but it is much more appropriate to classify VS as a user-friendly toggling computer lock.  There are not any other user-friendly toggling computer lock, so there is probably not a class to put VS in, which is probably why most people just classify it as an application whitelisting utility.

Let me explain how I came up with the idea / concept for VS, and that will help explain what VS is all about, and how it is so incredibly different from all of the other products.  The night I came up with the idea, it was 3am and I was removing malware for 2 different clients on 2 different laptops.  At that time, I had been a computer consultant for 13 years, and the one question people kept asking me over and over again was “I have antivirus software, how did I get a virus?”.  For the longest time, it was difficult for me to explain to my clients why they were infected even though they had antivirus software installed.  I knew innately why it was so… but I just could not put it into words… especially words that they would understand.  I love my clients, but most of them are extreme computer novices, and they would never understand such things 😉. 

Anyway, it was 3am and I started removing the malware, and the first thing I did was to bring up the task manager so I could start investigating the malware.  When I opened the task manager, the malware immediately killed it, and simply would not let me open the task manager or any other software.  Out of pure frustration, I said out loud “man, if I could just do what the malware is doing to the computer / me, but be first, so that I was in control… then we would not have this problem”.  So then I was thinking… man, we just need to take a snapshot of all of the running processes, and not let anything else start unless we allowed it.  Then 20 seconds later I thought to myself… no, that would be a huge pain to have to manually allow everything… a fulltime lock is certainly not the answer.

Then a few minutes later, I was looking down at the clock because I knew it was getting late, and that is when I happened to imagine a desktop shield gadget / computer lock, that the user could manually click on the toggle the computer lock from OFF to ON.  So then I was thinking… you know, there might be something to this.

Then another few minutes later, once I was actually able to start programs without the malware killing them, I opened a web browser, and out of shear coincidence, I happened to imagine the lock / desktop shield gadget toggling from OFF to ON as I opened a web browser.  And I was like… “That’s it!!!  Whenever I am doing something risky on the computer, it needs to be locked.  Then when I am not doing anything risky, the protection will automatically toggle to OFF.”

So then I started to get excited about this concept and called an acquaintance (who was a developer for Hallmark Cards at the time) the next day to tell him the idea.  He loved the idea and we got to work immediately on VS.

Keep in mind application whitelisting was very uncommon back then and there were very, very few application whitelisting products on the market.  The only one that I heard about was Faronics Anti-Executable (there were others but they are no longer around)… and the only reason I heard about it was because our patent attorney found their patent during the patent search.  Luckily the concept of VS did not infringe on their patent at all… and the reason is quite simple… VS is not an application whitelisting product… it is a toggling computer lock 😉.

As far as global / cloud whitelisting is concerned… it is definitely a worthwhile security mechanism, but it certainly is nowhere nearly as effective as locking the computer.  First, look at the link below… there are roughly 3.5 times the number of safe files compared to malware.

https://www.virustotal.com/en/statistics/

This cracks me up… the industry has been saying now for a very long time that “Antivirus cannot keep up with all of the new malware.”  Ummm… if they cannot keep up with the blacklist or signatures, how are they going to keep up with a whitelist that is roughly 3.5 times larger?  Not only that, but how do they absolutely guarantee that a file they are adding to the global cloud whitelist is 100% safe.

Also, keep in mind, I currently have 220 items on my whitelist (I just checked 😉)… compare that to millions or billions of items on a global cloud whitelist.  I mean, if you are a bouncer at a bar, you can handle 220 people… but you cannot handle millions or billions. 

See, AV companies have malware detection machines (sandboxes) running 24x7 to continually analyze all of the new samples.  These machines are quite similar to Cuckoo Sandbox, but I am certain that most of them are much more sophisticated and accurate.  No offense to Cuckoo… it is a phenomenal product, but a lot of AV companies have a massive budget and research / development team that is able to create some really cool stuff.

But anyone who has been working with malware long enough will tell you that even the most sophisticated malware detection machines have limitations… severe limitations.  This is equally true for the machine learning / Ai products.  The cybersecurity companies also have malware researchers who supplement the automatic analysis performed by these machines, but it is a massive workload and they can never keep up.  Not only that, but from my experience, all malware detection mechanisms can be tricked… including VoodooAi.

And since they can be tricked, if security is important enough to the end user, the only reasonable solution is to install a deny-by-default product, as opposed to an allow-by-default product.  I prefer VS because it is not a constant lock as it offers the end user multiple levels of protection.  Think of it this way… do you use an umbrella when it is not raining?  No, that would be a huge pain, right?  For the very same reason, computers should not be locked fulltime. 
VS is the only product that is able to automatically and dynamically adjust the level of protection based on the end user’s activities.  If the end user is engaging in risky behavior, the security product should be more aggressive (well, the computer should be locked).  If the end user is playing Microsoft Solitaire, writing a letter, using Quickbooks, etc., the level of protection should be lowered.

Since its inception, the security industry has only focused on HOW users become infected, and as far as I know, VS is the only product that also focuses on WHEN the user becomes infected.  Having said that… the security industry has come a very, very long way in the last 6-7 years, and there are tons of truly amazing products on the market now.  They all offer one level of protection (unless the user manually changes a setting or disables the product), which is more than sufficient for when the end user is not engaging in a risky activity such as browsing the web or checking email.  But when the user is engaging in risky activity, I think it is wise to automatically lock the computer with VS 😉.  Besides, VS complements all AV’s very, very nicely… and actually, with most AV products, when VS toggles to OFF, it should actually stop all protections and not block anything… and basically let the AV do its thing.  At some point we will implement this, but a lot of users are now running just VS with Windows Defender, because it has improved drastically over the last couple of years… and basically, I am just being a little extra cautious for now.

So back to my originally story.  If a user were to ask me today “I have antivirus software, how did I get a virus”, I would simply say… “because your computer was not locked when you were at risk”.


As far as your other questions / recommendations go… 😉

- VS doesnt start every time anymore. Last Win 10  update could be the problem? Dan will fix?
   This should be fixed in 4.51, but if not, please let me know!
- I would like to see ie "Voodooshield ver 4.50 in Smart Mode" when I hoover over the icons.
   Interesting… do you mean when you hover over the desktop shield gadget?  Thank you for the suggestion… we might be able to do something really cool with that 😉.
- Can Malware be set to execute say one hour after arrival? If so, will Smart Mode protect me if I have shut down Chrome and Outlook and VS is Off? Is always ON the only way?
   No… this should not be a concern.  I guess technically someone could hack a website and create a timer that would fire in an hour or so, but this is highly unlikely.  Besides, even when VS is OFF, it is VERY protective when it comes to web apps, and VS should easily block something like this.  Now, if you are talking about a standard malware executable… remember, the executable has to run first in order to be able to start a timer 😉.

Wow… longest post ever 😉.  Hopefully the other ones will go a little quicker 😉.  Thank you!

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 04:51:52 am
Every now and then VS 4.50 icon shows "off" when selected "always on" mode on win 7 64bit.
The screenshot is after a fresh reboot, i just opened the settings to show mode!
When i change modes to whatever and back to "always on" the icon is ok again.

Just a bit irritating to see off when you ecpect on :D
There is an option on the VS Settings / Basic tab... Second from the bottom... Automatically deactivate after 10 mins of system idle.  Is this what you are talking about? ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 04:54:22 am
Thanks Dan!
So one little problem i've experienced with 4.51beta. I clicked to install Voodooshield and Kaspersky has flagged it as a PDM:Trojan.Win32.Generic.
I'll send file to Virus total so check if other engines flag it as a trojan
Cool.. thank you for letting me know!  Yeah, False Positives happen.  It is getting harder and harder to distinguish good files from bad, so everyone is making their engines and mechanisms a little more aggressive... so I imagine FP's will only increase in the coming years.

You know, sometimes I think it would just be easier to lock the computer when it is at risk ;).  Kinda takes the guess work out of the whole thing, huh? ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 05:03:54 am
... but I have had some issues with the installer.  My Pascal is a little rusty… well, it is super rusty ...

Pascal? ??? :o  Last time I saw that was early '70s, and nobody had a good word to say about it.  The most frequent polite comment I heard was along the lines of "What in the name of Algol are you doing with that?"

So, if you need a decent installer, take a dekko at https://www.gammadyne.com/centurion.htm (https://www.gammadyne.com/centurion.htm).

ANYHOO, I have a different problem.  I need absolutely to whitelist C:\Windows\hh.exe.  I have a number of programs that use compiled HTM help files, and having to allow hh.exe each time is... annoying.  Very.  I have tried setting an Allow Rule, but the blacklist seems to be hardcoded.  FWIW, being a halfway good citizen, I have disallowed hh.exe outbound to everywhere, and in addition it has never been pinged even by Avast! when I was using that.  Is there any way I can get hh.exe to run without having to go through the "Allow" procedure?  I'm still using 4.20, but I'm considering an upgrade.
begin

Thank you... we actually use InnoSetup, which is an amazing installer... it is one of the installers that a lot of devs use.  It has a special code section that is highly flexible and allows you to do some really cool stuff for your installer, but it is all in pascal, which I am not good with at all.

That is funny that you mention hh.exe... please try 4.51, there is a chance that it is fixed.  I accidentally clicked on Help and Support the other day and VS blocked hh.exe, so I fixed it... well, I think it is fixed.  The only thing is, there might be a different parent process that triggers hh.exe, and if so I will need to add it as well.

Which reminds me... a lot of people forget that in addition to name, hash, and path comparison, VS also does parent process path comparison, which really freaking locks down the system with a super robust lock.  It initially cause massive problems and unwanted blocks for 4-5 months while I worked everything out, and I have to say, it was worth it. 

end

(I hope the old pascal people spot my pascal joke ;))
Title: Re: VoodooShield's Shield USB indicator
Post by: VoodooShield on July 15, 2018, 05:04:46 am
What's the purpose of the USB indicator? What action should a user take when it's there?

USB devices are recognised infection vectors, particularly the ubiquitous sticks, aka "thumbdrives".  The infection happens when (older) OS's see an autorun.inf file and obey its instructions.  W7++ are supposed to have blocked this avenue, but: thumbdrive controllers can be infected as well, which is much more difficult to detect before the catastrophe.

Remember the Stuxnet virus?  And how it got onto Iranian computers?  So Dan has done exactly the right thing.
Thank you... that too ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 15, 2018, 05:06:28 am
Thanks again everyone... sorry I only replied to the questions... enjoy the rest of your weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on July 15, 2018, 07:27:11 am
That is funny that you mention hh.exe... please try 4.51, there is a chance that it is fixed.  I accidentally clicked on Help and Support the other day and VS blocked hh.exe, so I fixed it... well, I think it is fixed.  The only thing is, there might be a different parent process that triggers hh.exe, and if so I will need to add it as well.

Er, unfortunately, no, it's not.  Most times I'm invoking Help directly from the program UI, but the problematic ones I'm calling help from the Start Menu.  The attachment shows that I shortcut the .chm, and Windows figures out everything else.  In these cases, there is generally not a Program UI to play with (or I don't want to light up the app) so no Parent Process...  I have assumed that hh.exe will only be called to chaperone .chm files?

ALSO, Advanced Settings does not properly clean the previous view from underneath the Anti-Exploit list. (W7, Classic Desktop, "Classic Start Menu").  I tried to show a screen-shot, but that didn't show the unswept bits :(
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 15, 2018, 09:54:40 am
Every now and then VS 4.50 icon shows "off" when selected "always on" mode on win 7 64bit.
The screenshot is after a fresh reboot, i just opened the settings to show mode!
When i change modes to whatever and back to "always on" the icon is ok again.

Just a bit irritating to see off when you ecpect on :D
There is an option on the VS Settings / Basic tab... Second from the bottom... Automatically deactivate after 10 mins of system idle.  Is this what you are talking about? ;)
I forgot to mention i disabled the "automaticly disable". I want VS to work 24/7 and thats why i was so confused to see"OFF"
I disabled the "automaticlly disable" and VS was on "always on" still VS got to "OFF" as shown on screen.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on July 15, 2018, 11:38:39 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
Title: Re: VoodooShield's Shield USB indicator
Post by: Telos on July 15, 2018, 05:15:05 pm
What's the purpose of the USB indicator? What action should a user take when it's there?
The USB label indicates that VS detected the insertion of a USB drive so that people are not curious why VS does not toggle to OFF when all of their web apps are closed.  Basically, the USB label is indicating that a USB drive was inserted, and VS toggled to ON when the USB drive was inserted.

I hope that makes sense, but if not, please let me know.  BTW, the USB label works pretty well for the most part, but I think we can do a little tweaking on it so it will be a little more refined.
Great answer. Thank you.

I get USB "FP's" when I open MakeMKV to rip a DVD. After ripping and closing MakeMKV, the USB notification remains present until I quit VS (reboot or otherwise).

Maybe you can duplicate that.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on July 16, 2018, 12:05:46 am
I did clean install of 4.51_beta on win7x64.  I've been running about 12 hours with vpn and no crashes! No issues to report.
Thanks Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 16, 2018, 07:28:35 am
That is funny that you mention hh.exe... please try 4.51, there is a chance that it is fixed.  I accidentally clicked on Help and Support the other day and VS blocked hh.exe, so I fixed it... well, I think it is fixed.  The only thing is, there might be a different parent process that triggers hh.exe, and if so I will need to add it as well.

Er, unfortunately, no, it's not.  Most times I'm invoking Help directly from the program UI, but the problematic ones I'm calling help from the Start Menu.  The attachment shows that I shortcut the .chm, and Windows figures out everything else.  In these cases, there is generally not a Program UI to play with (or I don't want to light up the app) so no Parent Process...  I have assumed that hh.exe will only be called to chaperone .chm files?

ALSO, Advanced Settings does not properly clean the previous view from underneath the Anti-Exploit list. (W7, Classic Desktop, "Classic Start Menu").  I tried to show a screen-shot, but that didn't show the unswept bits :(
Ooops, I was confused on hh.exe... the change I made was for helppane.exe.  But I will fix hh.exe for the next version.

Yeah, I know what you mean about the Anti-Exploit list... it works perfectly for me unless I run VS in a VM.  I am not sure why it does this, but I will make sure it is fixed for the next version.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 16, 2018, 07:31:16 am
Every now and then VS 4.50 icon shows "off" when selected "always on" mode on win 7 64bit.
The screenshot is after a fresh reboot, i just opened the settings to show mode!
When i change modes to whatever and back to "always on" the icon is ok again.

Just a bit irritating to see off when you ecpect on :D
There is an option on the VS Settings / Basic tab... Second from the bottom... Automatically deactivate after 10 mins of system idle.  Is this what you are talking about? ;)
I forgot to mention i disabled the "automaticly disable". I want VS to work 24/7 and thats why i was so confused to see"OFF"
I disabled the "automaticlly disable" and VS was on "always on" still VS got to "OFF" as shown on screen.
Hmmmm, there are a couple of other things that toggle VS to OFF... for example if you click the Install button on the user prompt.  If you give me some more details on when this happens, I am pretty sure we can figure out what is causing the issue.  So just let me know like when it happens, and what possibility triggers this, and we will fix it.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 16, 2018, 07:33:14 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!
Title: Re: VoodooShield's Shield USB indicator
Post by: VoodooShield on July 16, 2018, 07:35:31 am
What's the purpose of the USB indicator? What action should a user take when it's there?
The USB label indicates that VS detected the insertion of a USB drive so that people are not curious why VS does not toggle to OFF when all of their web apps are closed.  Basically, the USB label is indicating that a USB drive was inserted, and VS toggled to ON when the USB drive was inserted.

I hope that makes sense, but if not, please let me know.  BTW, the USB label works pretty well for the most part, but I think we can do a little tweaking on it so it will be a little more refined.
Great answer. Thank you.

I get USB "FP's" when I open MakeMKV to rip a DVD. After ripping and closing MakeMKV, the USB notification remains present until I quit VS (reboot or otherwise).

Maybe you can duplicate that.
Yeah, there are several things that can trigger USB detection in Windows... and for some it would be better for the USB label to not show on VS.  There are a couple of different methods we can use for USB detection, although the last time I looked, they were quite similar to what we are already using, but I can look at it again, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 16, 2018, 07:36:19 am
I did clean install of 4.51_beta on win7x64.  I've been running about 12 hours with vpn and no crashes! No issues to report.
Thanks Dan.
Very cool, thank you for letting me know!  Yeah, I really think the bug was in that dll.  But please let me know how it does in a few days, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 16, 2018, 07:39:53 am
I think we might want to open a "VoodooShield Corrections" thread, because whenever misinformation is posted about VS, I am inundated with emails from concerned users.  In the meantime...

https://www.wilderssecurity.com/threads/cylance-smart-antivirus-for-home-users.406008/#post-2768544

https://www.wilderssecurity.com/threads/cylance-smart-antivirus-for-home-users.406008/#post-2768566

VS never used or installed .net 2.0.  The very first beta version of VS started with .net 3.5.  The reason companies use .net 3.5 is because that is the .net runtime that is native to Windows 7… so it is actually a smart move on their part.  We would have actually stayed with .net 3.5 if we were not forced to move to 4.5 because of a bug in a dll, where the patched version required 4.5.

The use of icacls.exe was ONLY to change the permissions on the C:\ProgramData\VoodooShield folder.  It did not “change multiple system permission settings”.

When you uninstall VS, the driver uninstalls perfectly.




Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on July 16, 2018, 11:02:46 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!

Same as last time Dan. Double click on sys tray VS icon and VS loads minimised. As the task bar is on auto hide then it is not noticed. You changed this last time for it to always bring up a window.

Hope that makes sense.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on July 16, 2018, 01:45:14 pm
... please try 4.51, there is a chance that it is fixed.

Er, unfortunately, no, it's not.

Equally unfortunately, 4.51 covered my box in molasses again :(  There's a lot of cloud activity I tried to eliminate, but...

One of the reasons I don't like doing things "in the cloud" is the time taken for slow/overloaded servers/backbones/copper wire/etc to receive data beyond my 50Mb NBN fiber connection and deliver results back to me.  FWIW, this is also the reason I do not believe we are in any danger from the "Rise of the Robots", which ATM rely absolutely on The Cloud for their thought processes.

Anyway, I've regressed back to 4.20.  4.51 (the word Fahrenheit springs to mind here  ;D) also seems to not like "Use the same settings for all users", consistently suiciding the UI when I switched to another User, and in the end failing to start the UI under any circumstances: I was having to manually start it every time.  But this may also have been due to over-enthusiastic un-checking scan and cloud options.

Actually Dan, you remember in the recent past the concept of a "lite" version was canvassed?  Well, it occurred to me that we could actually do it.  Just build a parallel sub-version without any on-line scanning, including VoodooAI.  It would seem the basic logic is robust enough to enforce your mantra: "Deny by Default, and Lock the computer when it is At Risk".  Keep all of the Rulesets and stuff so we can fine-tune the beast, but keep all the gubbins off-line.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on July 17, 2018, 01:26:39 am
Dan, Everything is running great with the VS v4.51.


Thank you so much for all the hard work involved and for the thorough and informative posts. It is nice to know how this VS all came together. Very interesting indeed! beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 20, 2018, 08:12:19 am
4.51 smooth

(https://i.imgur.com/I6pHClI.gif)

like buttah...

Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on July 20, 2018, 01:49:04 pm
4.51 running just fine on my machine as well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: lkjk on July 22, 2018, 08:08:54 am
The "Register VoodooShield Free" button causes the program to freeze (circle wheel forever). Any tips?

Edit: Left it for about an hour, shutdown overnight, cold booted a few hours later, and it was magically registered and working.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 22, 2018, 09:21:55 am
@Dan i got it now that VS 4.5 got from "always on" (automatically disable was disabled) to "off" red icon with "usb" shown when my only task was installing a pdf reader.
It was nitro pdf from a legit german site no crack keygen stuff.
I marked the download "manuelle installation" since the big button on the left gives bloatware

Question 2: I disabled "allow specific critical microsoft services".
Why is dll.exe with 0/68 on Virus Total "Not a valid executable file" and why do the VS ai got an error?
Internet was working fine.

Sadly im on Win 10 64bit now (i want win 7 back)



Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on July 23, 2018, 07:06:27 pm
Whitelist sorting by AI is buggy... for example, from high to low...

94
92
92
90
90
9
88
84
81
8
79
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on July 24, 2018, 01:34:40 am
Whitelist sorting by AI is buggy... for example, from high to low...

That's an alpha sort...  One fix would be implementing prefix zeros to force the significant digit to the units position.  The best fix would be recording the scores as numeric data  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 27, 2018, 06:36:29 am
Sorry I have been away… the next version is almost ready.  I am still trying to figure out a bug that MikeV is experiencing, but other than that, we are good to go.

BTW, the other day I googled “how to clean a K&N air filter” because it was time to clean mine.  After a few clicks, I stumbled upon an automotive forum that was quite similar to the various malware forums.  This forum was filled with absolute BS, speculation without testing, agendas and whatever else, and because of this, I left the forum without an answer to my question, and obviously I will never return to that forum again.

I went to the forum so I could find a solution to my problem, but the mods were stupid enough to allow members to post BS and opinionated pure speculation and did not hold the members accountable for inaccuracies in their posts.

The problem is, since I do not fix cars on a daily basis, I really did not know what to believe, so I left the site, never to return.

A while back I warned other security forums that this will happen, and it turns out that my guess was absolutely correct… just look at the Alexa graphs (I would be happy to post them if necessary).

I mean this is simple common-sense stuff.  If you are going to build a forum, you want it to be a valuable resource that non-experts can visit to help solve their problems.  Not some freaking biased, opinionated, sell to the highest bidder platform.

If you guys want to save the malware forum communities, you should absolutely demand that only truth based in empirical evidence is allowed, and not opinion with an agenda or bullying BS when they can hide behind a computer.

You can lead a horse to water, but you cannot make him think.
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on July 27, 2018, 04:39:58 pm
here here..Dan ;)
So very soon eh? Are you going to call it 5.0 version?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 28, 2018, 03:30:58 am
are blocked events still highlighted in red?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 28, 2018, 03:38:24 am
are blocked events still highlighted in red?

Looks like User Blocks are still Red.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 28, 2018, 03:46:58 am
are blocked events still highlighted in red?

Looks like User Blocks are still Red.

what if they arent user blocked?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 28, 2018, 03:49:38 am
are blocked events still highlighted in red?

Looks like User Blocks are still Red.

what if they arent user blocked?

As far as I can see it's just User Blocks and not Auto Blocks.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Mr.GumP on July 28, 2018, 03:50:48 am
ahh okay yes. i don't know why but i thought auto blocked items were red as well. i prefer they be actually
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 28, 2018, 03:58:38 am
ahh okay yes. i don't know why but i thought auto blocked items were red as well. i prefer they be actually

Yes same here! Anything that is blocked.  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:46:40 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!

Same as last time Dan. Double click on sys tray VS icon and VS loads minimised. As the task bar is on auto hide then it is not noticed. You changed this last time for it to always bring up a window.

Hope that makes sense.

David
Sorry I have been away (again ;)).

Do you mean the VoodooShield Settings Window loads minimized when you double click on VS's sys tray icon?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:49:46 am
... please try 4.51, there is a chance that it is fixed.

Er, unfortunately, no, it's not.

Equally unfortunately, 4.51 covered my box in molasses again :(  There's a lot of cloud activity I tried to eliminate, but...

One of the reasons I don't like doing things "in the cloud" is the time taken for slow/overloaded servers/backbones/copper wire/etc to receive data beyond my 50Mb NBN fiber connection and deliver results back to me.  FWIW, this is also the reason I do not believe we are in any danger from the "Rise of the Robots", which ATM rely absolutely on The Cloud for their thought processes.

Anyway, I've regressed back to 4.20.  4.51 (the word Fahrenheit springs to mind here  ;D) also seems to not like "Use the same settings for all users", consistently suiciding the UI when I switched to another User, and in the end failing to start the UI under any circumstances: I was having to manually start it every time.  But this may also have been due to over-enthusiastic un-checking scan and cloud options.

Actually Dan, you remember in the recent past the concept of a "lite" version was canvassed?  Well, it occurred to me that we could actually do it.  Just build a parallel sub-version without any on-line scanning, including VoodooAI.  It would seem the basic logic is robust enough to enforce your mantra: "Deny by Default, and Lock the computer when it is At Risk".  Keep all of the Rulesets and stuff so we can fine-tune the beast, but keep all the gubbins off-line.
Hmmm... really the only thing that should slow any version of VS down is either the blacklist or VoodooAi scan.  Any new item that is on the whitelist is not scanned, it is just automatically allowed if there is a match.

I will have to check out the "Same settings for all users" issue... thank you for letting me know.

Yeah, we can still do a lite version... we have tons of options, we just have to figure out what is best.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:50:18 am
Dan, Everything is running great with the VS v4.51.


Thank you so much for all the hard work involved and for the thorough and informative posts. It is nice to know how this VS all came together. Very interesting indeed! beta
Very cool, thank you guys as well, I appreciate it very much!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:50:43 am
4.51 smooth

(https://i.imgur.com/I6pHClI.gif)

like buttah...
Very cool, thank you for letting me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:51:25 am
4.51 running just fine on my machine as well.
Thank you, I appreciate that!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:52:28 am
The "Register VoodooShield Free" button causes the program to freeze (circle wheel forever). Any tips?

Edit: Left it for about an hour, shutdown overnight, cold booted a few hours later, and it was magically registered and working.
Hmmm... I think there used to be an issue like this, but it should have been fixed.  If anyone has this problem with 4.51 or above, please let me know, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:55:51 am
@Dan i got it now that VS 4.5 got from "always on" (automatically disable was disabled) to "off" red icon with "usb" shown when my only task was installing a pdf reader.
It was nitro pdf from a legit german site no crack keygen stuff.
I marked the download "manuelle installation" since the big button on the left gives bloatware

Question 2: I disabled "allow specific critical microsoft services".
Why is dll.exe with 0/68 on Virus Total "Not a valid executable file" and why do the VS ai got an error?
Internet was working fine.

Sadly im on Win 10 64bit now (i want win 7 back)
Very cool, thank you for letting me know.

My guess is that VoodooAi did not have access to be able to read the dllhost.  There are ways we can fix this... let me see what I can do, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:57:21 am
Whitelist sorting by AI is buggy... for example, from high to low...

94
92
92
90
90
9
88
84
81
8
79
Cool, thank you... I checked this out and it is because the values are converted to a string... I should be able to convert them to an integer and it should sort properly.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 01:58:24 am
Whitelist sorting by AI is buggy... for example, from high to low...

That's an alpha sort...  One fix would be implementing prefix zeros to force the significant digit to the units position.  The best fix would be recording the scores as numeric data  8)
Yep... exactly, they are strings / alpha ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 02:00:01 am
here here..Dan ;)
So very soon eh? Are you going to call it 5.0 version?
Hey hayc59!  It will probably be 4.5x for now.  5.0 will include new features, like maybe even a local and retrained version of VoodooAi, along with several other cool new features.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on July 30, 2018, 02:01:59 am
are blocked events still highlighted in red?
Hey Mr.GumP and TH!  Yeah, they are in read.  In settings, if you look just above the Threats Blocked, it will tell you what is red on that tab, because it changes for the various tabs.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on July 30, 2018, 02:42:31 am
are blocked events still highlighted in red?
Hey Mr.GumP and TH!  Yeah, they are in read.  In settings, if you look just above the Threats Blocked, it will tell you what is red on that tab, because it changes for the various tabs.  Thank you!

Dan if you look in the User Log only User Blocks are Red and Auto Blocks are still Black so we were asking if you could make all Blocks in the user log Red?

Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on July 30, 2018, 10:21:45 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!

Same as last time Dan. Double click on sys tray VS icon and VS loads minimised. As the task bar is on auto hide then it is not noticed. You changed this last time for it to always bring up a window.

Hope that makes sense.

David
Sorry I have been away (again ;)).

Do you mean the VoodooShield Settings Window loads minimized when you double click on VS's sys tray icon?  Thank you!

Yes Dan - correct.

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on July 31, 2018, 06:21:47 pm
Win 10 64bit here VS 4.50. Clicked "check for protection updates" on windows defender.
Voodoo Ai Error and not valid executable file thingy (the file is valid, verified and signed and an .exe)

Internet was working since i was surfing while wd checked for updates

Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 01, 2018, 09:53:35 am
Just installed the latest beta, but I get the Smartscreen popup, still!

Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 01, 2018, 09:25:34 pm
Just installed the latest beta, but I get the Smartscreen popup, still!

I always disable Smart Screen it's to much like UAC a PITA!  :o VS will do more than both of those anyways!  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 02, 2018, 04:35:03 am
Hey guys, here is 4.52… it is pretty much ready for public release.  The only thing that I did not fix was the VoodooAi column sorting, but I will do that soon.

Here is what was fixed…

-   The driver was causing some slowdown and weird issues on some systems and this was fixed
-   hh.exe and helppane.exe are fixed
-   The anti-exploit list in Advanced settings weird graphics issue is fixed
-   The “"Same settings for all users" issue should be fixed, but if not, please let me know
-   Auto Block is in red now
-   Several other small bug fixes

https://www.voodooshield.com/Download/InstallVoodooShield452beta.exe

SHA256: 660ebc1718ee2f1095b640b71cc75f2eeefa668fd37b83334fea271165a70978

Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 02, 2018, 04:35:36 am
are blocked events still highlighted in red?
Hey Mr.GumP and TH!  Yeah, they are in read.  In settings, if you look just above the Threats Blocked, it will tell you what is red on that tab, because it changes for the various tabs.  Thank you!

Dan if you look in the User Log only User Blocks are Red and Auto Blocks are still Black so we were asking if you could make all Blocks in the user log Red?
Very cool, thank you guys!  This is fixed in 4.52.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 02, 2018, 04:39:25 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!

Same as last time Dan. Double click on sys tray VS icon and VS loads minimised. As the task bar is on auto hide then it is not noticed. You changed this last time for it to always bring up a window.

Hope that makes sense.

David
Sorry I have been away (again ;)).

Do you mean the VoodooShield Settings Window loads minimized when you double click on VS's sys tray icon?  Thank you!

Yes Dan - correct.

David
Hmmm, that is really odd, thank you for letting me know!  Is anyone else having this issue?  What version of Windows are you running?

You might have to exit out of VS then delete the Settings.db in the C:\ProgramData\VoodooShield directory.  That will reset everything, but it might fix the issue.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 02, 2018, 04:41:17 am
Win 10 64bit here VS 4.50. Clicked "check for protection updates" on windows defender.
Voodoo Ai Error and not valid executable file thingy (the file is valid, verified and signed and an .exe)

Internet was working since i was surfing while wd checked for updates
Yeah, I bet VS is having an issue extracting that file's features properly.  I might be able to have VS make a temporary copy of that file with the necessary rights.  Thank you for letting me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 02, 2018, 04:43:55 am
Just installed the latest beta, but I get the Smartscreen popup, still!
Yeah, sorry about that, it should not be too much longer ;).  It looks like my estimate of 10 or so downloads was a little off.  I wish we could have kept our old signature, but we could not renew it because it was purchased from Symantec, then DigiCert acquired Symantec's signature business, so we just went with a new certificate.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 02, 2018, 05:19:52 am
That's OK  ;)  I got the 4.52 beta ahead of the others.   ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 02, 2018, 09:26:37 am
Hey guys, here is 4.52…
-   The “"Same settings for all users" issue should be fixed, but if not, please let me know

Unfortunately, not.  I'll email the dropbox link with the logs & etc.

For reproduction: in Admin, install over the top of 4.20.  in Utility, set "Use the same settings for all users".  Restart VS.  Set all other settings and save.  Quit Admin, log in as any other user.  VS Service will be running, GUI is not.  Restart Windows.  Log in as Admin.  VS now wants Registration Password, even though I have voodooshield-token.json in every %Roaming\VoodooShield%.  Restart Windows.  Login as any user, not Admin.  GUI shows.  Switch to any other user, including Admin.  No GUI.

I did not test all the other fixes.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on August 02, 2018, 11:56:15 am
Just installed 4.51 and double clicking the icon is not working. Win 8.1 Pro.

Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide.
 
David
I am not sure what you mean, sorry ;).  What do you mean by "double clicking the icon is not working" and "Noticed that it has gone back to just putting it in the task bar. I run with the T/B on auto hide."?  Thank you!

Same as last time Dan. Double click on sys tray VS icon and VS loads minimised. As the task bar is on auto hide then it is not noticed. You changed this last time for it to always bring up a window.

Hope that makes sense.

David
Sorry I have been away (again ;)).

Do you mean the VoodooShield Settings Window loads minimized when you double click on VS's sys tray icon?  Thank you!

Yes Dan - correct.

David
Hmmm, that is really odd, thank you for letting me know!  Is anyone else having this issue?  What version of Windows are you running?

You might have to exit out of VS then delete the Settings.db in the C:\ProgramData\VoodooShield directory.  That will reset everything, but it might fix the issue.
Hi Dan

I am using Win Pro 8.1

Just installed 4.52 and rebooted and it is working correctly for now. Will let you know if it misbehaves again.

Thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on August 02, 2018, 10:19:36 pm
4.52 installed here and it is working perfectly, no probs at all.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on August 03, 2018, 01:35:49 am
If we're using RED to accentuate blocking... should we use GREEN on the Windows related entries in the Whitelist?

PS... Noticed how bold text makes the colors standout better... hint, hint..

O wow... I have 842 whitelist entries !!!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on August 03, 2018, 09:58:37 am
If we're using RED to accentuate blocking... should we use GREEN on the Windows related entries in the Whitelist?
For me a whole wall of text in green and red would hurt my eyes. Black and red is nice to spot the "danger". Green and red would be to much colour for my taste.
Maybe a toggle button for different "colour options"?
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 03, 2018, 01:40:46 pm
...
For me a whole wall of text in green and red would hurt my eyes.
...

+1.  While the full story is more complicated, the simple story is that for our trichromat vision, Green and Red are NOT complementary, and (in close proximity) could conceivably set off a seizure in susceptible people.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 03, 2018, 04:10:53 pm
...
For me a whole wall of text in green and red would hurt my eyes.
...

+1.  While the full story is more complicated, the simple story is that for our trichromat vision, Green and Red are NOT complementary, and (in close proximity) could conceivably set off a seizure in susceptible people.
+2
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on August 03, 2018, 07:55:18 pm
If we're using RED to accentuate blocking... should we use GREEN on the Windows related entries in the Whitelist?
For me a whole wall of text in green and red would hurt my eyes. Black and red is nice to spot the "danger". Green and red would be to much colour for my taste.
Maybe a toggle button for different "colour options"?
I mentioned green because presently whitelisted Windows entries are red... the same color as blocked entries. Maybe Windows' files should just be bold or italic. IDK.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Deadhead on August 03, 2018, 08:53:40 pm
The last couple of VS versions have not started at boot-up every time. I have to click the icon to start it. I have Windows 10 1803.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 03, 2018, 08:57:43 pm
The last couple of VS versions have not started at boot-up every time. I have to click the icon to start it. I have Windows 10 1803.
No issues here on updating, so maybe do a clean reinstall of VS with a reboot in between will help?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Deadhead on August 03, 2018, 09:22:53 pm
The last couple of VS versions have not started at boot-up every time. I have to click the icon to start it. I have Windows 10 1803.
No issues here on updating, so maybe do a clean reinstall of VS with a reboot in between will help?
I did a clean install and the same issue happens. The service was already set at auto-start but I added a registry entry to run the VS service and so far it seems to be OK.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 04, 2018, 05:09:23 am
Maybe Windows' files should just be bold or italic. IDK.

Black italic would be my choice.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 04, 2018, 04:25:59 pm
The last couple of VS versions have not started at boot-up every time. I have to click the icon to start it. I have Windows 10 1803.
No issues here on updating, so maybe do a clean reinstall of VS with a reboot in between will help?

+1
Running latest Win 10 and VS having "no issues"
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on August 04, 2018, 09:48:34 pm
Hey guys, here is 4.52…

Running smoothly here too!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 05, 2018, 04:30:40 am
Dan,

4.52 here. It seems, if "automatically scan with blacklist scan" is disabled then everything is allowed offline (net disconnected) without the alert "connect to internet for cloud scan".
Title: Re: VoodooShield v4 STABLE Thread
Post by: Homer712 on August 05, 2018, 12:56:29 pm
Been getting these as of late. Any suggestions or is it safe to just click allow?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 05, 2018, 06:38:08 pm
Hey guys... I am running late, but I will catch up on the posts soon.

Here is 4.53.  It is essentially the same as 4.52, but a few users were having an issue with the internet connection detection bug, so I am hoping this will fix it.  Thank you!

https://www.voodooshield.com/Download/InstallVoodooShield453beta.exe

SHA256: 044870e151a161c1d9f3f98e2171617f2806235d45357757a625f70637ce8eb6
Title: Re: VoodooShield v4 STABLE Thread
Post by: hayc59 on August 05, 2018, 07:16:06 pm
All is awesome here, thank you D :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 06, 2018, 12:37:39 am
Been getting these as of late. Any suggestions or is it safe to just click allow?

I don't like that double-slosh in the path, so keep it blocked.  I'm not worried by the lack of a signature, anyone can sign their malware, sigs are not a useful indicator.  But I would really hit the box with both MBAM and ZAM Free on-demand--exit VS first, and use them one at a time, then completely exit from each so as to kill the respective services, you'll need to look in the Notifications area.  With VS you don't need the real-time protection, you've already got it.  I use mine once a month.  Remember to "Check for Updates" with both of them.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Homer712 on August 06, 2018, 11:06:15 am
Thanks gorblimey. Ran Malwarebytes (Premium) with everything including rootkits checked and nothing. Then ran Windows Defender, full scan, also nothing.

Now I'm starting to think it may have something to do with a program I have called PrivaZer. Similar to CCleaner, after closing a web browser (I use Firefox) it does cleaning. Haven't put the two events together yet, but that will be my next experiment.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 07, 2018, 09:02:56 pm
Hey guys... I am running late, but I will catch up on the posts soon.

Here is 4.53.  It is essentially the same as 4.52, but a few users were having an issue with the internet connection detection bug, so I am hoping this will fix it.  Thank you!

https://www.voodooshield.com/Download/InstallVoodooShield453beta.exe

SHA256: 044870e151a161c1d9f3f98e2171617f2806235d45357757a625f70637ce8eb6

Thank's Dan but I have an issue with Update.
The auto-update notified me that there is a new version (4.53) and I click YES to update but nothing happens, then I try to manually update from settings but that also not working, nothing happens!?!
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on August 07, 2018, 10:05:23 pm
For some reason when I shut my computer down at night and start it back up in the morning VS is not starting up. Using latest version.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on August 08, 2018, 12:20:25 pm
Hey guys... I am running late, but I will catch up on the posts soon.

Here is 4.53.  It is essentially the same as 4.52, but a few users were having an issue with the internet connection detection bug, so I am hoping this will fix it.  Thank you!

https://www.voodooshield.com/Download/InstallVoodooShield453beta.exe

SHA256: 044870e151a161c1d9f3f98e2171617f2806235d45357757a625f70637ce8eb6

Thank's Dan but I have an issue with Update.
The auto-update notified me that there is a new version (4.53) and I click YES to update but nothing happens, then I try to manually update from settings but that also not working, nothing happens!?!

I am having the same issue as well with auto-update and I am getting "
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." when clicking on the update itself.
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 08, 2018, 01:20:00 pm
...
I am having the same issue as well with auto-update and I am getting "
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." when clicking on the update itself.

I just downloaded direct from the website, I got "InstallVoodooShield.exe", 30,768KB.  Looking at it with PeaZip it seems to be actually 4.53.

EDIT: And the hash matches. END EDIT
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on August 08, 2018, 03:01:13 pm
Same thing here. VS tells me there is VS 4.53 available i press download. Nothing happens.
No screen or notification of any type that VS does any downloading or such.
Since i'm on beta and haven't got lots on full updates.the next sentence is from memory.
If i remember correct the screens to see that VS is downloading stuff and the %number (progress bar) was not good to see.
If i can't see a progress bar or %number move i always fear something went wrong up :D (atleast its that for me)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 08, 2018, 03:06:30 pm
IMO 4.53 shouldn't be offered as it's still in Beta so I assume Dan will need to look into it. I'm not seeing anything as I have 4.53 Beta installed. https://calendarofupdates.org/index.php?topic=770.msg8003#msg8003
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 08, 2018, 05:07:08 pm
Whaaattt now!!!
I can't uninstall Voodoo!?!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 08, 2018, 05:20:37 pm
Ok, I figure it out how to uninstall (easy)...
I forget to disable, exit and kill every Voodoo process  ::)

PS: Dan, it would be nice that in v5.0 people could uninstall Voodoo without problems.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 08, 2018, 07:05:04 pm
Ok, I figure it out how to uninstall (easy)...
I forget to disable, exit and kill every Voodoo process  ::)

PS: Dan, it would be nice that in v5.0 people could uninstall Voodoo without problems.

Yes you need to Exit VS when Uninstalling and even before upgrading. You may find some leftover files in C:\ProgramData\VoodooShield

Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on August 08, 2018, 07:26:56 pm
I was installing the Betas until now as well but still getting the 404 message right now.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 08, 2018, 07:40:57 pm
IMO 4.53 shouldn't be offered as it's still in Beta so I assume Dan will need to look into it. I'm not seeing anything as I have 4.53 Beta installed. https://calendarofupdates.org/index.php?topic=770.msg8003#msg8003
Stable 4.53 released on VS website.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 08, 2018, 08:30:00 pm
IMO 4.53 shouldn't be offered as it's still in Beta so I assume Dan will need to look into it. I'm not seeing anything as I have 4.53 Beta installed. https://calendarofupdates.org/index.php?topic=770.msg8003#msg8003
Stable 4.53 released on VS website.
Yes I see that, but wondering why?
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 09, 2018, 03:05:09 am
Interestingly, I keep get the window telling me update 4.53 is available  Yes or No options.
When I choose Yes, nothing happens, doesn't update.
This is a first.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 09, 2018, 03:24:10 am
Oops, sorry about that, I knew I was forgetting something... things have been crazy lately.

Yeah, I released 4.53 to the public.  It is the same version as I posted on COU the other day.

VS 4.28 was not aware of our new digital signature, so it might cause issues with the update.  If so, simply exit out of VS and install it from our website, or the following link.  Thank you guys, I will catch up asap!

https://voodooshield.com/Download/InstallVoodooShield.exe
Title: Re: VoodooShield v4 STABLE Thread
Post by: Darek on August 09, 2018, 04:44:17 am
Thanks!

This works, and 4.53 is on board.

 8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 09, 2018, 06:48:39 am
Hey everyone, I have some bad news.  I appreciate all of your help throughout the years, but it looks like VS's days are numbered.

Apparently, in order to successfully reproduce a complete clone of VS, all you have to do is add a couple of signatures to any traditional security application, and voila, you have successfully reproduced VS.  Even more shocking, this entire process will only take 1.5 minutes or so.

Please watch the video and you will see what I mean...

https://www.youtube.com/watch?v=JQL-o0d4mL4

When we started this project 7 years ago... we did not think it would be that difficult either.  I mean, how difficult is it to build a user-friendly toggling computer lock?

I guess we will keep going until all of the traditional security applications find out about this, and spend the 1.5 minutes it takes to meticulously reproduce VS.

Since this is all pure speculation on Leo's part, perhaps when they try to reproduce VS they will find that it takes more than a couple of signatures to do so, and maybe VS will live to see another day after all ;).

Sorry guys, I had to do it, please forgive me ;).  I will catch up soon, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 09, 2018, 07:00:55 am
BTW, yeah, the above post was pure sarcasm.  VS's future is bright.  Again, sorry, but I HAD to do it ;). 
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 09, 2018, 09:57:36 am
BTW, yeah, the above post was pure sarcasm.  VS's future is bright.  Again, sorry, but I HAD to do it ;).

Wow! You had me worried for a second!  :P
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on August 09, 2018, 12:18:11 pm
Since this is all pure speculation on Leo's part ...

Do you always believe what you read in the newspaper see on YouTube?  Mind you, I can remember the very widespread suspicion that AV companies were writing all the malwares in order to justify their existence  ??? :o  Not to mention the universal phenomenon in human males of instinctive indepth knowledge about dogs, motor vehicles and computers regardless of any lack of education.

Talking about education, did anybody notice what Leo did not do with SecureA Plus and VS?  Hmmmm?  Purely on the evidence of this video, I cannot now trust him to crack malware onto a child's computer!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on August 09, 2018, 01:32:14 pm
Thanks Dan, 4.53 working good on my end
This looks scary http://midmarket.eweek.com/security/ibm-demonstrates-deeplocker-ai-malware-at-black-hat
Would Voodooshield protect our computers from this sort of threat.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ColonelMal on August 09, 2018, 01:40:23 pm
Installed v.4.53. No problems encountered. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on August 09, 2018, 01:50:34 pm
Same here!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 09, 2018, 02:33:05 pm
@Darek, @ ColonelMal, @HempOil… very cool, thank you for letting me know!

@Tarnak… hehehe, sorry about that.

@gorblimey… You know, I used to somewhat believe what I see on the internet, but not anymore.  Anyone who has been using VS for a week or more will quickly realize while watching the video that Leo obviously did not spend hardly any time with VS to understand how it works or what it is all about.  It truly is sad because a lot of people dis Neil Rubenking for his reviews… but guess what… Neil goes to GREAT lengths to truly understand the product, and he spends several days on each product and communicates with each vendor so that he completely understands the product.  The other thing is sad is that the vast majority of people immediately side with whatever fits their agenda and they ignore the truth.  Everyone has an agenda, and mine is to lock everyone’s computer when they are surfing the web and checking email.  BTW, does anyone know if Leo is still employed by one of the AV vendors?  If you know for sure, please let me know!

I also wanted to mention that Leo has not been afforded the opportunity to install VS on 400 or so local computers (mostly extreme novices), and work directly with the end users over 7 years to find out what needed to be done in order to refine the computer lock so that everyone can use it.  I have been afforded that opportunity, so I understand that most end user NEVER have an issue with VS causing issues or interrupting their work.  I also review their user logs to see what was blocked, and the frequency of unnecessary blocks are shockingly low.  Now, this did not happen overnight… it took several years to get VS to the point where it was usable to even the most novice of users, and we are by no means finished implementing usability tweaks, but we are certainly in pretty good shape.

Sooooo many of Leo’s points and opinions in this video are laughable and ridiculous to the point that I could seriously write a novel on it.  But one of the biggest things that cracks me up is that Leo is actually trying to convince people that false positives are worse than false negatives.  As a malware analyst, he cannot possibly believe this himself.  So what if you have to click the balloon notification and the allow button a few times in the first couple of weeks after installing VS.  Trust me, I have seen the look on user’s faces after they have been infected, and they are absolutely traumatized and they would almost always ask me “I have antivirus software, how did I get a virus?”  Word for word… I have heard that probably 500 times throughout the years.  If users can handle User Account Control, then they can easily handle VS.  He makes it sound like VS is going to block something vital and cause damage to the OS.  If he were to use VS for more than an hour, he would quickly figure out this is simply not true. 

@Unauthorized Pilot… yeah, that should not be an issue at all for VS.  This is actually how VS was created.  Basically, I was removing malware from two different computers late one night, and somehow realized that the only particle way of putting an end to the cat and mouse game was to lock the computer.  I immediately figured out that a fulltime lock would never work, because the computer would not be usable.  So then I was thinking… what if we simply lock the computer when the user is engaged in risky activity.  So ultimately, it is this simple… new, non-whitelisted executable code should never be allowed to run when the user engaged in risky behavior.  If new, non-whitelisted executable code is EVER allowed to run while the user is engaged in risky behavior, then there will certainly be bypasses.  It really is that simple.

In all fairness to Leo, he has come a very long way since his first video linked below.  Let’s just hope that he starts to spend a little more time becoming familiar with the products he is testing so that he can provide his subscribers a more accurate insight into these programs.  Quality over quantity Leo!!!

https://www.youtube.com/watch?v=kYRicO8f2bY

I will catch up on the other posts asap, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 10, 2018, 12:43:56 pm

Please watch the video and you will see what I mean...

https://www.youtube.com/watch?v=JQL-o0d4mL4

I have commented on the video-
"This is (not a test) completely misleading. It clearly shows that you don't know the products well. And it seems you don't understand Application Whitelisting/Default-Deny security.
VoodooShield is more than a default-deny security. You can set it to alert for all new/non-whitelisted items, alert for only critical items or alert for only unsafe items. And you can do all this with a simple click.
I use only VoodooShield on my personal laptop. On my family system, I have set it to alert for only unsafe items and paired with Windows Defender. Running light with no issues here."
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on August 10, 2018, 02:21:52 pm
I prefer cruelsister1's videos  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 11, 2018, 02:10:01 pm
@HempOil

She reviewed VoodooShield more than two years ago and it's been a poor review!
I wish that she test it again but now seriously!

btw: In that poorly executed test, Voodoo has scored "almost" 100% protection, I wrote "almost" because something was left in the memory, I don't know what and I don't know if the test was properly done.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on August 11, 2018, 08:57:58 pm
I am having an issue I never had before. When I shut down my pc for the night, next morning VS service won't start up. Have to click on the shortcut to get it running. Not a big deal but I might uninstall it an reinstall it to se if that does the trick.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Homer712 on August 11, 2018, 09:05:05 pm
I have version 4.53 installed and the icon in the task bar has stopped changing from blue to red. In the past it would change to red when I was no longer in a web or email application. Now it just stays blue no matter what I'm doing. I also have installed OSArmor. May that have something to do with this, or is it something that was changed in this latest version?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 11, 2018, 09:52:45 pm
@boredog
I don't have this issue with v4.53
Try to uninstall Voodoo, delete leftovers, restart and then install the latest version



@Homer712
Your issue is not Voodoo bug, this is because you have running processes in the background who are connected to the internet and this process is from some web app that should be closed but they are not...so Voodoo is still ON and monitoring!
Look at Task Manager, you will see that I'm right ;)
Maybe OSarmor has something with that, check it out.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on August 11, 2018, 10:22:32 pm
Dan you once said Cylance was a good addition to VS. MalwareManaged does not sell it any longer. they sell SentinelOne for the same price 60 bucks. Now Cylance is offering a home version for 29 bucks a year. I see some really impressive results on VT for SentinelOne and wondering what you think of it. Cylance doesn't do well with scripts but SentinelOne claims they do scripts, fileless ect.

Do you think this would be a good addition to VS? https://www.malwaremanaged.com/pages/about-sentinelone-epp
Title: Re: VoodooShield v4 STABLE Thread
Post by: Homer712 on August 11, 2018, 10:52:31 pm
Andi, thanks for the push in the right direction. Here's what my VoodooShield window looks like. I've been using VoodooShield for a while now but never added the "auto detect additional running web apps." Just did that a day or so ago, and probably just noticed the blue/red thing until today. Issue solved.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 12, 2018, 08:09:33 am
Hey guys, sorry, it has been a long week and weekend... I hope to catch up tomorrow.

I see a couple of people are having issues with the VoodooShieldService starting... can you please send me your DeveloperLog.log and DeveloperServiceLog.log?

Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on August 12, 2018, 11:27:47 am
VS 4.53 on win 10 64bit so far running so fine.
Still got the VS toggle to off sometimes. Even when on "always on" mode and disabling the "autodisable " after 10 mins.
I started a  online game and VS goes to "off" even after i ended the game and the music player aimp was still running "sandboxed" to play music from
an online! stream.
So even with a running webapp (see yellow) VS still goes to "off". Why?

Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 15, 2018, 05:53:29 pm
Decided on Clean install of 4.53 due to couple of glitches.
All running smooth
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on August 15, 2018, 08:40:51 pm
4.53 is working great for me right now, thank you for all the hard work.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 16, 2018, 03:22:23 pm
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 16, 2018, 05:21:17 pm
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\

Certainly wouldn't hurt, especially if updated/overwritten many times. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 16, 2018, 05:28:19 pm
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\

Certainly wouldn't hurt, especially if updated/overwritten many times. :)

Thanks schmidthouse for your quick response. I'll do just that! But if my memory serves me right. I think I did uninstall and had to install this v4.53 from the website that Dan (VS) sent us to. Because v4.52 would not update when asking VS to update to latest version and VS would not. But neverless a clean install should help. ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 16, 2018, 07:14:00 pm
6667  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 16, 2018, 07:30:16 pm
6667  ;)

Hello Tarnak,

I'm scratching my head trying to figure out what 6667 means?
 beta
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 16, 2018, 07:37:38 pm
Hi guys,

This kind of updates have history of messing things on some systems so you should consider that as well if you have some issues.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 16, 2018, 07:41:48 pm
Hi guys,

This kind of updates have history of messing things on some systems so you should consider that as well if you have some issues.

Thanks Andi...never thought of that! Mucho grande' :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 17, 2018, 12:29:05 am
6667  ;)

Hello Tarnak,

I'm scratching my head trying to figure out what 6667 means?
 beta


I saw all those sixes, and 666 is the devil's # , so I decided to up the post count.  ;D

Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 17, 2018, 12:34:14 am
6667  ;)

Hello Tarnak,

I'm scratching my head trying to figure out what 6667 means?
 beta


I saw all those sixes, and 666 is the devil's # , so I decided to up the post count.  ;D

You are too funny! I learn something new everyday in my sheltered life! ;D :P
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 17, 2018, 12:40:54 am
Back atcha... :P  ;D

https://en.wikipedia.org/wiki/666_(number)
Title: VoodooShield v4 STABLE Thread
Post by: JLJ on August 17, 2018, 05:12:47 pm
Windows 7 Home Premium x64 ~ VS 4.28 was working perfectly but after upgrade to 4.53 I'm getting errors on startup -- see screencaps. Despite these errors VS remains visible in the systray; both the app and service appear running in Task Manager; and it responds correctly to a manual test by flagging an unrecognized app. These kinds of errors are above my pay grade, any ideas appreciated, more details provided as needed. THX

After in-place update: https://imgur.com/a/POaI1Ce

After clean install: https://imgur.com/a/mqPLyCW
Title: VoodooShield v4 STABLE Thread
Post by: Telos on August 17, 2018, 07:59:48 pm
Windows 7 Home Premium x64 ~ VS 4.28 was working perfectly but after upgrade to 4.53 I'm getting errors on startup -- see screencaps. Despite these errors VS remains visible in the systray; both the app and service appear running in Task Manager; and it responds correctly to a manual test by flagging an unrecognized app. These kinds of errors are above my pay grade, any ideas appreciated, more details provided as needed. THX

After in-place update: https://imgur.com/a/POaI1Ce

After clean install: https://imgur.com/a/mqPLyCW
When you say clean install, did you...

1. Uninstall VS via Control Panel
2. Manually delete all remnants from C:\ProgramData\VoodooShield and C:\Program Files\VoodooShield (including those folders).
3. Reboot
4. Install VS v4.53

If you did NOT do those things I would recommend them to you.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 17, 2018, 11:09:13 pm
Hey guys,

Sorry I have been away… still 😉.  I was working on VoodooAi 3.0, retraining the models and I set up a system where it will be a lot easier to train every couple of months.  I had not retrained the models for over a year, so they were kind of out of date.

Anyway, after adding all of the safe and unsafe samples that we have collected the last year to the training data sets, the new models seem to be dramatically better, with far less false positives and even more true negatives.

Please keep in mind, it is still Ai… so it is not perfect, and no one will ever design models / algos that will be perfect… it is mathematically impossible.  Think of it this way… there is not a chance that Siri is going to understand what you are saying 100% of the time either.  Then again, this is good news for VS, because if ML/Ai malware detection was able to be made perfect, there would be no reason to lock your computer when it is at risk.

Having said that, I think you guys are going to be highly impressed with the new models... and they are going to only get better every 2-3 months or so now.  Please keep in mind that for the first month or so, VoodooAi will be a couple of seconds slower, since it will be performing the complete analysis on every single sample.  After a month or two, a lot of the results will be pulled directly from the database (having already been analyzed by VoodooAi), so the VoodooAi analysis will return to its normal speedy self for files that have already been analyzed.

Also, for VS 4.55, I am probably going to optimize the blacklist scan / false positives so that component is not quite as aggressive as it was before as well… I hope to be able to do that this weekend.

https://www.voodooshield.com/Download/InstallVoodooShield454beta.exe

SHA256: 6e02ad15863251ca41d88c360f97f4f175f9dabad3baf8b3e692dc2a6f5b1cf2

I really do hope to catch up on the few posts and emails that I have not had a chance to respond to.  I will be caught up next week, so I should be much more responsive very soon… sorry about that.

BTW, if anyone has any issues at all with 4.53 or 4.54, please exit out of VS then uninstall VS.  Then reboot the computer and install 4.54.

Thank you guys… have a great weekend!

Dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: JLJ on August 18, 2018, 02:09:08 am
Windows 7 Home Premium x64 ~ VS 4.28 was working perfectly but after upgrade to 4.53 I'm getting errors on startup -- see screencaps. Despite these errors VS remains visible in the systray; both the app and service appear running in Task Manager; and it responds correctly to a manual test by flagging an unrecognized app. These kinds of errors are above my pay grade, any ideas appreciated, more details provided as needed. THX

After in-place update: https://imgur.com/a/POaI1Ce

After clean install: https://imgur.com/a/mqPLyCW
When you say clean install, did you...

1. Uninstall VS via Control Panel
2. Manually delete all remnants from C:\ProgramData\VoodooShield and C:\Program Files\VoodooShield (including those folders).
3. Reboot
4. Install VS v4.53

If you did NOT do those things I would recommend them to you.

Yes to all, and more (deleted settings and logs during uninstall; reg scan with CCleaner & RegSeeker; file/folder orphan scan with Agent Ransack). Will try again. JLJ
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 18, 2018, 04:14:18 pm
 beta Thank you Dan! So far so good with v4.54. I installed over v4.53. Running on Windows 10 Pro 64bit.

Have a great weekend as well! :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on August 18, 2018, 08:04:41 pm
Why so many whitelist entries... I'm over 1200. With many executables (firefox, chrome, conhost) listed 10-30 times.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Tarnak on August 19, 2018, 04:23:24 am
Why so many whitelist entries... I'm over 1200. With many executables (firefox, chrome, conhost) listed 10-30 times.

That's nothing! ;)  I have over 2300, and always growing. One peculiarity, that I find is that when I open the Whitelist, it always shows the "Time Stamp" column is all over the place. I have to click twice on that column tab, before it shows the latest entries at the top of that column. Anybody else see the same thing?

Title: Re: VoodooShield v4 STABLE Thread
Post by: ColonelMal on August 19, 2018, 07:46:59 am
That's nothing! ;)  I have over 2300, and always growing. One peculiarity, that I find is that when I open the Whitelist, it always shows the "Time Stamp" column is all over the place. I have to click twice on that column tab, before it shows the latest entries at the top of that column. Anybody else see the same thing?
I only have just over 900 entries. Should I feel inadequate?  :D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 19, 2018, 12:57:44 pm
Erase...

Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 19, 2018, 01:00:15 pm

[/quote]
I only have just over 900 entries. Should I feel inadequate?  :D
[/quote]

 ;D ;D ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on August 19, 2018, 02:09:39 pm
That's nothing! ;)  I have over 2300, and always growing

At one time I recall that VS would purge outdated entries. I'm wondering if that is working, or whether I understand the context of "purge".

One peculiarity, that I find is that when I open the Whitelist, it always shows the "Time Stamp" column is all over the place. I have to click twice on that column tab, before it shows the latest entries at the top of that column. Anybody else see the same thing?

It's been that way since day 1. The reason is that VS' whitelist defaults to sorting by Process (see that triangle thingy next to Process in your screenshot?).
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 19, 2018, 04:40:15 pm
Installed over 4.53 and all is good.\
I don't spend time in the GUI looking at Whitelist entries and such so I don't care.
I simply let the proggie do it's work. ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 19, 2018, 06:09:44 pm
If anyone have this "issue" after installing the latest version of Voodoo?
Every time when try to log out I get this...
EDIT: I uninstall Voodoo and logoff/restart is back to normal so it is definitively Voodoo "issue"


Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 19, 2018, 07:24:18 pm
If anyone have this "issue" after installing the latest version of Voodoo?
Every time when try to log out I get this...
EDIT: I uninstall Voodoo and logoff/restart is back to normal so it is definitively Voodoo "issue"

No such issue on my OS's with 4.54 through either 'log off', Restart or Shutdown.
Nothing different after installing over vs 4.53 :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:35:37 am
The last couple of VS versions have not started at boot-up every time. I have to click the icon to start it. I have Windows 10 1803.
No issues here on updating, so maybe do a clean reinstall of VS with a reboot in between will help?
I did a clean install and the same issue happens. The service was already set at auto-start but I added a registry entry to run the VS service and so far it seems to be OK.
Sorry for the late reply and thank you for letting me know!  Do you happen to know what version this bug started?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:37:20 am
Interesting... thank you for letting me know.  I will take a look, I am sure it is an easy fix.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:38:32 am
Been getting these as of late. Any suggestions or is it safe to just click allow?
It's hard to say... I should probably add an option so we can see what the parent is for that block.  Please let me know if you keep getting these, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:39:57 am
Hey guys... I am running late, but I will catch up on the posts soon.

Here is 4.53.  It is essentially the same as 4.52, but a few users were having an issue with the internet connection detection bug, so I am hoping this will fix it.  Thank you!

https://www.voodooshield.com/Download/InstallVoodooShield453beta.exe

SHA256: 044870e151a161c1d9f3f98e2171617f2806235d45357757a625f70637ce8eb6

Thank's Dan but I have an issue with Update.
The auto-update notified me that there is a new version (4.53) and I click YES to update but nothing happens, then I try to manually update from settings but that also not working, nothing happens!?!
Sorry about that... it should be fixed moving forward, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:41:09 am
For some reason when I shut my computer down at night and start it back up in the morning VS is not starting up. Using latest version.
If you guys can tell me what version worked correctly, it should be a very simple fix.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 12:59:08 am

Please watch the video and you will see what I mean...

https://www.youtube.com/watch?v=JQL-o0d4mL4

I have commented on the video-
"This is (not a test) completely misleading. It clearly shows that you don't know the products well. And it seems you don't understand Application Whitelisting/Default-Deny security.
VoodooShield is more than a default-deny security. You can set it to alert for all new/non-whitelisted items, alert for only critical items or alert for only unsafe items. And you can do all this with a simple click.
I use only VoodooShield on my personal laptop. On my family system, I have set it to alert for only unsafe items and paired with Windows Defender. Running light with no issues here."
Thank you, yeah, he simply does not understand VS.  A lot of people do not understand VS and they will go to great lengths to keep the status quo.

That reminds me... it is not often that I am afforded the opportunity to publicly agree with Umbra... so I would like to take this opportunity.

https://malwaretips.com/threads/a-cylance-smart-antivirus-quickie.86109/post-758295

"3 threads, one locked, 20+ pages, half-dozen malware tests, one video... All that to demonstrate what some of us knew from the start:"

I do not agree with the Cylance bashing part, as it is an amazing product when comboed with VS.

But my point is, any discussion of any filter (non-locking) based product is ultimately futile... as is any discussion of a full time lock.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:06:35 am
I prefer cruelsister1's videos  8)
I will say that CS did put a lot more thought into the video than Leo did... this is glaringly obvious.

Think about Leo's false positive VS test... it consisted of one file "Process Hacker" that behaves exactly like malware, regardless of the intent of the file.  It would also help Leo to work with 400 or so local clients on a daily basis and see how well VS does for them... they literally have zero trouble with VS.  Instead, he incorrectly assumes that users will have issues with it... and he bases his opinions on jack squat.

It is laughable.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:15:24 am
@HempOil

She reviewed VoodooShield more than two years ago and it's been a poor review!
I wish that she test it again but now seriously!

btw: In that poorly executed test, Voodoo has scored "almost" 100% protection, I wrote "almost" because something was left in the memory, I don't know what and I don't know if the test was properly done.
The CS test was performed with VS on AutoPilot... and it blocked all of the files, and I think it was a highly favorable review.  CS said in the comments "Voodooshield is a really good product- I initially thought I would be able to criticize it for many False positives, but was surprised that this was not the case- the few I discovered were totally justifiable."  CS also said in the comments "Wilfredo- the thing I really liked about VoodooShield was the lack of choices to be made when in Autopilot mode, which is why I kept it in that mode and didn't deviate from it. The reason for this is although an experienced user may not have issues with answering a popup correctly, the novice user may make an incorrect choice which will end in tears. The lack of such choices by VS impressed me and heightened my regard for the developer. Also, I absolutely LOVED the way it handled stuff when the network was down. I wish I was much more complimentary in the video about this and actually feel guilty that I wasn't. To sum up- VoodooShield is elegantly coded- and this is the highest compliment I could give to anything (other than my malware, of course)."

From what I remember, there was only one suspended process remaining that was harmless. 

Also, please keep in mind that our driver and code has come a very long way in 2 years.  Either way, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:22:30 am
Dan you once said Cylance was a good addition to VS. MalwareManaged does not sell it any longer. they sell SentinelOne for the same price 60 bucks. Now Cylance is offering a home version for 29 bucks a year. I see some really impressive results on VT for SentinelOne and wondering what you think of it. Cylance doesn't do well with scripts but SentinelOne claims they do scripts, fileless ect.

Do you think this would be a good addition to VS? https://www.malwaremanaged.com/pages/about-sentinelone-epp
I am not sure because I have not personally tested S1.  But I promise... most of the ML/Ai products are going to have about the same result.  This is not a guess either ;).  Has anyone noticed that the ML/Ai engines on VT are the very first ones to detect new malware?  Then a day or two later the other engines catch up?  This is not a coincidence... and I see it all of the time.

I would actually probably just buy the Cylance Smart AV and combo it with VS... it is an amazing combo.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:23:45 am
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\

Certainly wouldn't hurt, especially if updated/overwritten many times. :)

Thanks schmidthouse for your quick response. I'll do just that! But if my memory serves me right. I think I did uninstall and had to install this v4.53 from the website that Dan (VS) sent us to. Because v4.52 would not update when asking VS to update to latest version and VS would not. But neverless a clean install should help. ;D
Thank you for letting me know ;)... is VS running well now? 
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:25:35 am
Windows 7 Home Premium x64 ~ VS 4.28 was working perfectly but after upgrade to 4.53 I'm getting errors on startup -- see screencaps. Despite these errors VS remains visible in the systray; both the app and service appear running in Task Manager; and it responds correctly to a manual test by flagging an unrecognized app. These kinds of errors are above my pay grade, any ideas appreciated, more details provided as needed. THX

After in-place update: https://imgur.com/a/POaI1Ce

After clean install: https://imgur.com/a/mqPLyCW
Thank you for letting me know... yeah, there is a bug in the installer where it will start the service (which starts the gui) before the driver is installed.  I will see what I can do, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:31:00 am
Why so many whitelist entries... I'm over 1200. With many executables (firefox, chrome, conhost) listed 10-30 times.
Please do not let that bother you!  Yeah, 1200 is quite a bit, but considering that some whitelisting apps can have tens of thousands, it is actually a relatively small number.  The reason there are that many is because VS now also performs parent process path comparison.  So often times you will have the same executable that is spawned by several different parents... and they are all added to the whitelist.

But VS will automatically cleanup any whitelisted item that no longer exists when VS is started.  So there really is no cleanup that needs to be performed... it is all automatic.  And if a malicious item were to be accidentally whitelisted, it will be automatically removed from the whitelist as soon as the malware cleanup utility removes it from the computer.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 01:32:54 am
If anyone have this "issue" after installing the latest version of Voodoo?
Every time when try to log out I get this...
EDIT: I uninstall Voodoo and logoff/restart is back to normal so it is definitively Voodoo "issue"
Hmmm, very odd... you might try the previous version just to double check.  If you are convinced that it is a VS issue, please send me your logs.  Thank you!

I think I am all caught up on emails and posts... but if I missed anyone, please let me know!  Thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 07:40:56 am
Please read the following entire thread and focus on page 3, mainly starting in the middle on page 3.

https://malwaretips.com/threads/cylance-old-and-new-vs-signature-based-av-in-an-offline-test-with-fresh-malware-and-ransomware.85907/page-3

Ready to spill the beans...

https://www.youtube.com/watch?v=SBjQ9tuuTJQ







Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on August 20, 2018, 07:46:19 am
BTW, it is easy for someone who has never actually built something to criticize because they do not understand the hard work that is involved to build something on their own.

I genuinely feel sorry for these people.

It's cool if you do not want to build something... just do not criticize others when you have no idea what all is involved to build something great.

The people who understand VS understand this as well.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 20, 2018, 09:05:03 am
Think about Leo's false positive VS test... it consisted of one file "Process Hacker" that behaves exactly like malware, regardless of the intent of the file.  It would also help Leo to work with 400 or so local clients on a daily basis and see how well VS does for them... they literally have zero trouble with VS.  Instead, he incorrectly assumes that users will have issues with it... and he bases his opinions on jack squat.
There are no false positive with Application Whitelisting in my opinion. It's simple, whitelisted items are allowed and non-whitelisted items are blocked.

Some users say VoodooAi gives false positive cause they don't understand VoodooAi is not a blacklist or malware scan. VoodooAi provides information on programs and VoodooAi verdict/score simplifies the information for average and expert users too.

VoodooAi differentiates VoodooShied from other Application Whitelisting and makes VoodooShield a lot easy to use compared to other Application Whitelisting software.

VoodooAi verdict/score is very helpful to take an action on the alerts. Users should understand VoodooAi verdict is to help them take a decision on the alerts and not a detection of any type.

VoodooAi verdict "Suspicious" is not a false positive but an information to be careful with the program.

I have tested VoodooShield or VoodooAi a lot and have noticed that it works good on majority or average users system. They will hardly see "Unsafe" VoodooAi verdict for their programs. My only concern was "Command Line" alerts for average users but Dan has improved and reduced the command line alerts successfully. I rarely see a command line alert on my system. On my family system, there are few entries in "Command Lines" section and all were automatically allowed.

I have tested VoodooAi a lot. I find "Unsafe" verdict effective. I use "Rules" wizard, uncheck digital signatures and set VoodooAi @90 on my family and few friends systems so that VoodooShield will alert for only "Unsafe" programs. And pair VoodooShield with mostly Windows Defender on Win 10 systems. No issues or malware yet. Light and effective protection.
Dan has added "Security Posture" in VoodooShield. It made my job easy. "Relaxed" protection in "Security Posture" is the same as above mentioned protection with "Rules" wizard.

I am not suggesting or recommending a protection. Each user is different. VoodooShield provides innovative security and protection levels or modes. Set it on your family or friends systems and find the balanced or comfortable protection for them.
Title: Re: VoodooShield v4 STABLE Thread
Post by: djg05 on August 20, 2018, 11:17:49 am
4.54 running fine here.
Still have the issue of VS going to the task bar instead of a window but since I know about it, it is a non event.

Regards

David
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 20, 2018, 07:54:28 pm
Install 4.53 to see if the logoff/restart "issue" remains and is not.
Install again 4.54 and cannot reproduce "issue" anymore!

For now, everything is fine.
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on August 21, 2018, 06:21:11 am


That reminds me... it is not often that I am afforded the opportunity to publicly agree with Umbra... so I would like to take this opportunity.

https://malwaretips.com/threads/a-cylance-smart-antivirus-quickie.86109/post-758295
"3 threads, one locked, 20+ pages, half-dozen malware tests, one video... All that to demonstrate what some of us knew from the start:"

I do not agree with the Cylance bashing part, as it is an amazing product when comboed with VS.

But my point is, any discussion of any filter (non-locking) based product is ultimately futile... as is any discussion of a full time lock.

curious to me (& perhaps others at MT re that cylance thread & related threads) the cylance (& VS) bashers complain about too much emotion from user fanboys, and I read all 21 pages of that cylance thread, the bashers seemed much more emotional and irrational that the folks who use cylance and like it in spite of its admitted areas of "unprotection."  Umbra for one was at times a too emotional & persistent basher IMO.  I run cylanceProtect with VS and so light it worth investigating for that alone.  I have put cylance smart on another pc along with another layer of protection, but I haven't had a chance to play with it yet or compare it to cyProtect.  slyguy, a cylance user, gives the best advise, do not run cylance smart by itself, it needs some help to better protect your pc.
Meanwhile, VS 4.54beta is installed over 4.53 here and running without any seen issues.  ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on August 21, 2018, 06:29:45 am
Dan you once said Cylance was a good addition to VS. MalwareManaged does not sell it any longer. they sell SentinelOne for the same price 60 bucks. Now Cylance is offering a home version for 29 bucks a year. I see some really impressive results on VT for SentinelOne and wondering what you think of it. Cylance doesn't do well with scripts but SentinelOne claims they do scripts, fileless ect.

Do you think this would be a good addition to VS? https://www.malwaremanaged.com/pages/about-sentinelone-epp
I am not sure because I have not personally tested S1.  But I promise... most of the ML/Ai products are going to have about the same result.  This is not a guess either ;).  Has anyone noticed that the ML/Ai engines on VT are the very first ones to detect new malware?  Then a day or two later the other engines catch up?  This is not a coincidence... and I see it all of the time.

I would actually probably just buy the Cylance Smart AV and combo it with VS... it is an amazing combo.

FWIW I've been using cylanceProtect from
https://www.cyberforcesecurity.com/

I recently installed cylance smart on another pc in remote location so haven't played with it yet to "compare" it to cylanceProtect.  I have had good service with cyberforce.
Title: Re: VoodooShield v4 STABLE Thread
Post by: HempOil on August 21, 2018, 01:40:45 pm
4.54 installed over 4.53 and no issues to report. Looking forward to 4.55  beta
Title: VS 4.53 and multiple Windows profiles problem
Post by: JLJ on August 21, 2018, 08:15:59 pm
After much hand-wringing and suspense I've isolated the WHAT, if not the WHY, of a problem encountered since updating VS from 4.28 to 4.53, wondering if anyone else has experienced it / can recreate it and offer ideas about resolution (I'm in touch by email with Support):

I have two user profiles, one Standard, one Admin. VS 4.53 (service and GUI) works normally but only in whichever profile is directly booted into at startup -- switching user profiles within a running Windows session causes the VS GUI to fail to load in either from that point on. To make sure that's clear:

(A) boot at startup into Admin profile: VS service and GUI work normally in that profile
(B) boot at startup into Standard profile: VS service and GUI run normally in that profile
(C) boot at startup into either profile, switch to the other without rebooting: VS service runs but GUI does not load in current profile

This holds true regardless of profile loading order or switch method (load both simultaneously / unload one before loading the other). It also means that the VS GUI fails to load on wake from sleep (not hibernate), presumably because that is a condition equivalent to not booting directly into a user profile.

Am attaching an edit of the most recent DeveloperServiceLog.log -- the isolated section indicates errors and debug info that might explain or help isolate the cause of these problems for anyone who can really read it.

Meantime reverting to 4.28 which works flawlessly. Any ideas appreciated (except maybe "reinstall Windows") ~ THX JLJ
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 21, 2018, 10:54:24 pm
I use Windows Defender and VoodooShield on Win 10 64 bit for a long time now. I didn't experience a few issues mentioned by users here. If VoodooShield is the issue or to isolate the issue, try uninstalling all other real-time protection cause sometimes disabling is not enough. Some users use automatic or real-time system cleaning software, try keeping it on manual for a few days.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 22, 2018, 02:43:42 am
Dan,

I have the stable version 4.53 on my production system Win 10 64 bit. It is a clean install of VoodooShield. I have only 1 issue, it is a recurring issue, and want it to be fixed in the next stable version. I do not use blacklist scan and keep it disabled. When blacklist scan is disabled, VS does not work as it should offline i.e net disconnected. When blacklist scan is disabled and net is disconnected, VS allows the unknown programs and does not alert i.e connect to the internet for cloud scan.

I use Rules wizard. The following are the Rules-
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If signed by any developer
   if signature is valid and verified
If VoodooAi is less than or equal to 0.

I have no other real-time security software. Windows Defender is disabled too. I use native i.e Windows Firewall.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on August 22, 2018, 03:21:49 am
About half the time I am seeing no icon in system tray??? It is always showing on Desktop. V. 4.54.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on August 22, 2018, 11:24:00 pm
T%his is for those users that are having the problem of VS not starting after boot up.
From what I found is in the VS service. At present, it is set to automatic. On my system, if I set it to automatic (delayed start) VS does start every time. Try this Triple Helix.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on August 23, 2018, 01:14:13 am
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\

Certainly wouldn't hurt, especially if updated/overwritten many times. :)

Thanks schmidthouse for your quick response. I'll do just that! But if my memory serves me right. I think I did uninstall and had to install this v4.53 from the website that Dan (VS) sent us to. Because v4.52 would not update when asking VS to update to latest version and VS would not. But neverless a clean install should help. ;D
Thank you for letting me know ;)... is VS running well now?

Hi Dan! Yesterday VS disappeared a couple of times again but it comes back on after a few seconds. But other then that it has been running well for me.  :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on August 23, 2018, 04:40:51 pm
T%his is for those users that are having the problem of VS not starting after boot up.
From what I found is in the VS service. At present, it is set to automatic. On my system, if I set it to automatic (delayed start) VS does start every time. Try this Triple Helix.

I'm not having any issues with VS that others have been reporting on Win 10 Pro x64 1803.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on August 23, 2018, 09:52:25 pm
Things are boring on Win 8.1 x64. A few expected popups (unsigned executables), but otherwise quiet. I'm slowly purging the snapshot entries from my whitelist (I declined the extended snapshot) so I can make that determination alongside VS.

v4.54
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 24, 2018, 03:05:49 am
T%his is for those users that are having the problem of VS not starting after boot up.
From what I found is in the VS service. At present, it is set to automatic. On my system, if I set it to automatic (delayed start) VS does start every time. Try this Triple Helix.

I'm not having any issues with VS that others have been reporting on Win 10 Pro x64 1803.

+1
All's good.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 24, 2018, 05:28:50 pm
 :( :( :(


Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on August 25, 2018, 01:38:08 am
:( :( :(

My subscription has expired alright.
No problems to report, Thanks Dan
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on August 25, 2018, 03:16:19 am
Thanks Dan for the license renewal, you're the man  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on August 25, 2018, 06:06:57 am
dan mentioned an update to Voodoo Ai.  for me need clarification requested, is the Ai update incorporated (or will be incorporated) into VS 4.54 (4.nn) or dan means standalone Voodoo Ai, or both??  thanks.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 26, 2018, 05:12:15 pm
dan mentioned an update to Voodoo Ai.  for me need clarification requested, is the Ai update incorporated (or will be incorporated) into VS 4.54 (4.nn) or dan means standalone Voodoo Ai, or both??  thanks.

+1 :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 26, 2018, 07:40:09 pm
Dan,

After system boot, I got an exception error, but VS seems fine. I checked with a few unsafe programs and VS alerted correctly.

Does this means, if there is an error, but VS seems fine, it is working correctly?
Title: Re: VoodooShield v4 STABLE Thread
Post by: BryanB on August 28, 2018, 05:17:18 pm
Is the user guide still available, the link at VS isn't working?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on August 29, 2018, 05:28:59 pm
Dan,
After system boot, I got an exception error, but VS seems fine. I checked with a few unsafe programs and VS alerted correctly.
Also got 2 out of 10 times or so an exception error from the latest beta.
Using 4.53 now again.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 29, 2018, 06:43:05 pm
Is the user guide still available, the link at VS isn't working?
The user guide link on VS website is working for me.
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on August 29, 2018, 06:51:20 pm
4.53 on three computers (win 10 - 1803 each)

2 of them (laptop) alongside with Webroot secure anywhere, Glasswire and WinPatrol (all together very light) and the desktop with Sophos Home premium, Glasswire and WinPatrol.

No problem at all, all works fine, great job !
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on August 29, 2018, 06:54:49 pm
Dan,
After system boot, I got an exception error, but VS seems fine. I checked with a few unsafe programs and VS alerted correctly.
Also got 2 out of 10 times or so an exception error from the latest beta.
Using 4.53 now again.
4.53 here. It was the first time here.

I use Rollback Rx Pro. I had used it to try a few software and back to clean state. I don't remember the error was after I used Rollback to go back or after a normal boot. Rollback could be the reason here.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ColonelMal on August 30, 2018, 07:01:22 pm
No problems with v.4.54 after several days' use.  ;D

On Windows 10 Pro v.1803 Build 17134.228.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on August 30, 2018, 10:39:11 pm
dan mentioned an update to Voodoo Ai.  for me need clarification requested, is the Ai update incorporated (or will be incorporated) into VS 4.54 (4.nn) or dan means standalone Voodoo Ai, or both??  thanks.

+1 :)

I'm still interested in this query??
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on September 01, 2018, 10:57:06 pm
Running v4.54 on 2 systems with Windows 10 Pro and so far everything is running great Dan! ;D
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:23:34 am
Think about Leo's false positive VS test... it consisted of one file "Process Hacker" that behaves exactly like malware, regardless of the intent of the file.  It would also help Leo to work with 400 or so local clients on a daily basis and see how well VS does for them... they literally have zero trouble with VS.  Instead, he incorrectly assumes that users will have issues with it... and he bases his opinions on jack squat.
There are no false positive with Application Whitelisting in my opinion. It's simple, whitelisted items are allowed and non-whitelisted items are blocked.

Some users say VoodooAi gives false positive cause they don't understand VoodooAi is not a blacklist or malware scan. VoodooAi provides information on programs and VoodooAi verdict/score simplifies the information for average and expert users too.

VoodooAi differentiates VoodooShied from other Application Whitelisting and makes VoodooShield a lot easy to use compared to other Application Whitelisting software.

VoodooAi verdict/score is very helpful to take an action on the alerts. Users should understand VoodooAi verdict is to help them take a decision on the alerts and not a detection of any type.

VoodooAi verdict "Suspicious" is not a false positive but an information to be careful with the program.

I have tested VoodooShield or VoodooAi a lot and have noticed that it works good on majority or average users system. They will hardly see "Unsafe" VoodooAi verdict for their programs. My only concern was "Command Line" alerts for average users but Dan has improved and reduced the command line alerts successfully. I rarely see a command line alert on my system. On my family system, there are few entries in "Command Lines" section and all were automatically allowed.

I have tested VoodooAi a lot. I find "Unsafe" verdict effective. I use "Rules" wizard, uncheck digital signatures and set VoodooAi @90 on my family and few friends systems so that VoodooShield will alert for only "Unsafe" programs. And pair VoodooShield with mostly Windows Defender on Win 10 systems. No issues or malware yet. Light and effective protection.
Dan has added "Security Posture" in VoodooShield. It made my job easy. "Relaxed" protection in "Security Posture" is the same as above mentioned protection with "Rules" wizard.

I am not suggesting or recommending a protection. Each user is different. VoodooShield provides innovative security and protection levels or modes. Set it on your family or friends systems and find the balanced or comfortable protection for them.
Thank you, I appreciate that!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:24:39 am
4.54 running fine here.
Still have the issue of VS going to the task bar instead of a window but since I know about it, it is a non event.

Regards

David
Thank you for letting me know.  This is very odd... is anyone else having this issue?
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:26:17 am


That reminds me... it is not often that I am afforded the opportunity to publicly agree with Umbra... so I would like to take this opportunity.

https://malwaretips.com/threads/a-cylance-smart-antivirus-quickie.86109/post-758295
"3 threads, one locked, 20+ pages, half-dozen malware tests, one video... All that to demonstrate what some of us knew from the start:"

I do not agree with the Cylance bashing part, as it is an amazing product when comboed with VS.

But my point is, any discussion of any filter (non-locking) based product is ultimately futile... as is any discussion of a full time lock.

curious to me (& perhaps others at MT re that cylance thread & related threads) the cylance (& VS) bashers complain about too much emotion from user fanboys, and I read all 21 pages of that cylance thread, the bashers seemed much more emotional and irrational that the folks who use cylance and like it in spite of its admitted areas of "unprotection."  Umbra for one was at times a too emotional & persistent basher IMO.  I run cylanceProtect with VS and so light it worth investigating for that alone.  I have put cylance smart on another pc along with another layer of protection, but I haven't had a chance to play with it yet or compare it to cyProtect.  slyguy, a cylance user, gives the best advise, do not run cylance smart by itself, it needs some help to better protect your pc.
Meanwhile, VS 4.54beta is installed over 4.53 here and running without any seen issues.  ;D
I know, it is hilarious ;).
Title: Re: VS 4.53 and multiple Windows profiles problem
Post by: VoodooShield on September 03, 2018, 06:28:00 am
After much hand-wringing and suspense I've isolated the WHAT, if not the WHY, of a problem encountered since updating VS from 4.28 to 4.53, wondering if anyone else has experienced it / can recreate it and offer ideas about resolution (I'm in touch by email with Support):

I have two user profiles, one Standard, one Admin. VS 4.53 (service and GUI) works normally but only in whichever profile is directly booted into at startup -- switching user profiles within a running Windows session causes the VS GUI to fail to load in either from that point on. To make sure that's clear:

(A) boot at startup into Admin profile: VS service and GUI work normally in that profile
(B) boot at startup into Standard profile: VS service and GUI run normally in that profile
(C) boot at startup into either profile, switch to the other without rebooting: VS service runs but GUI does not load in current profile

This holds true regardless of profile loading order or switch method (load both simultaneously / unload one before loading the other). It also means that the VS GUI fails to load on wake from sleep (not hibernate), presumably because that is a condition equivalent to not booting directly into a user profile.

Am attaching an edit of the most recent DeveloperServiceLog.log -- the isolated section indicates errors and debug info that might explain or help isolate the cause of these problems for anyone who can really read it.

Meantime reverting to 4.28 which works flawlessly. Any ideas appreciated (except maybe "reinstall Windows") ~ THX JLJ
It turns out that this issue is in the new driver for Windows 7 only.  So it might be a little while before I can fix it.  If worse comes to worse, we can always install the latest version of VS and then install an older driver.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:30:26 am
Dan,

I have the stable version 4.53 on my production system Win 10 64 bit. It is a clean install of VoodooShield. I have only 1 issue, it is a recurring issue, and want it to be fixed in the next stable version. I do not use blacklist scan and keep it disabled. When blacklist scan is disabled, VS does not work as it should offline i.e net disconnected. When blacklist scan is disabled and net is disconnected, VS allows the unknown programs and does not alert i.e connect to the internet for cloud scan.

I use Rules wizard. The following are the Rules-
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If signed by any developer
   if signature is valid and verified
If VoodooAi is less than or equal to 0.

I have no other real-time security software. Windows Defender is disabled too. I use native i.e Windows Firewall.
Thank you for letting me know.  I tried to disable the blacklist scan option and then tried to disable the network / internet in several different ways, but I was not able to reproduce this issue.  How are you disabling the network?  If you let me know, I should be able to reproduce the bug and it will be a simple fix.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:31:38 am
About half the time I am seeing no icon in system tray??? It is always showing on Desktop. V. 4.54.
Hmmm, that is odd, thank you for letting me know.  What version of VS did this issue start?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:32:25 am
T%his is for those users that are having the problem of VS not starting after boot up.
From what I found is in the VS service. At present, it is set to automatic. On my system, if I set it to automatic (delayed start) VS does start every time. Try this Triple Helix.
Thank you for the suggestion... I might change the startup code back to the way it was in 4.28 if this is an issue.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:32:59 am
Hello everyone!

My VoodooShields v4.53 icon disappeared a couple of times yesterday. Not sure what the problem was but I had to to go into programs to start it up again. It would blink on and off and then disappear. Maybe I should do a clean reinstall perhaps? :-\

Certainly wouldn't hurt, especially if updated/overwritten many times. :)

Thanks schmidthouse for your quick response. I'll do just that! But if my memory serves me right. I think I did uninstall and had to install this v4.53 from the website that Dan (VS) sent us to. Because v4.52 would not update when asking VS to update to latest version and VS would not. But neverless a clean install should help. ;D
Thank you for letting me know ;)... is VS running well now?

Hi Dan! Yesterday VS disappeared a couple of times again but it comes back on after a few seconds. But other then that it has been running well for me.  :)
Thank you for letting me know!  If it continues to act up please let me know!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:33:58 am
:( :( :(

My subscription has expired alright.
No problems to report, Thanks Dan
Please email me at support at voodooshield.com if you need a license, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:36:13 am
dan mentioned an update to Voodoo Ai.  for me need clarification requested, is the Ai update incorporated (or will be incorporated) into VS 4.54 (4.nn) or dan means standalone Voodoo Ai, or both??  thanks.
4.53 uses the old Ai models and 4.54 uses the new Ai models, and so will all new versions.  The standalone VoodooAi has not been updated in a long time and I probably will not update it anytime soon.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:37:25 am
Dan,

After system boot, I got an exception error, but VS seems fine. I checked with a few unsafe programs and VS alerted correctly.

Does this means, if there is an error, but VS seems fine, it is working correctly?
It is hard to say without knowing what the error was.  But yeah, if VS seems to be fine, it probably is ;).
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:39:06 am
Is the user guide still available, the link at VS isn't working?
Yeah, it is odd... for some reason a few people cannot access the User Guide.  I think it might have to do with the browser that is being used or something.  What browser are you using?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:39:56 am
Dan,
After system boot, I got an exception error, but VS seems fine. I checked with a few unsafe programs and VS alerted correctly.
Also got 2 out of 10 times or so an exception error from the latest beta.
Using 4.53 now again.
Hmmm, that is odd... the next time you guys see this exception, can you please post it or email it to me?  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 03, 2018, 06:41:22 am
BTW, sorry I have been away... things have been crazy again.  I hope to keep up a little better moving forward.  Thank you guys!
Title: Re: VS 4.53 and multiple Windows profiles problem
Post by: gorblimey on September 03, 2018, 12:16:45 pm
...
I have two user profiles, one Standard, one Admin. VS 4.53 (service and GUI) works normally but only in whichever profile is directly booted into at startup -- switching user profiles within a running Windows session causes the VS GUI to fail to load in either from that point on. To make sure that's clear:
...
It turns out that this issue is in the new driver for Windows 7 only.  So it might be a little while before I can fix it.  If worse comes to worse, we can always install the latest version of VS and then install an older driver.  Thank you!

Aaaahhhh, no hurries here, take your time and do it properly: 4.20 is still working like a dream come true, it has the essentials to lock this computer in conjunction with Windows Firewall and WFC.  I just did my monthly sweep with ZAM and MBAM (not forgetting to shut down VS first!) and all is still clean and polished like a royal palace.

Really the only reason I'm hanging out for 4.5++ is to suss the bling.  But I think I'll stay with the basics in the long run.  You've already nailed it, the rest is just window dressing.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on September 04, 2018, 02:10:36 pm
Dan,

I have the stable version 4.53 on my production system Win 10 64 bit. It is a clean install of VoodooShield. I have only 1 issue, it is a recurring issue, and want it to be fixed in the next stable version. I do not use blacklist scan and keep it disabled. When blacklist scan is disabled, VS does not work as it should offline i.e net disconnected. When blacklist scan is disabled and net is disconnected, VS allows the unknown programs and does not alert i.e connect to the internet for cloud scan.

I use Rules wizard. The following are the Rules-
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If signed by any developer
   if signature is valid and verified
If VoodooAi is less than or equal to 0.

I have no other real-time security software. Windows Defender is disabled too. I use native i.e Windows Firewall.
Thank you for letting me know.  I tried to disable the blacklist scan option and then tried to disable the network / internet in several different ways, but I was not able to reproduce this issue.  How are you disabling the network?  If you let me know, I should be able to reproduce the bug and it will be a simple fix.  Thank you!
In Advanced Settings, I Uncheck the option "Automatically scan blocked files with the multi engine blacklist scanner."
In Rules section, I create a new Ruleset and name it Custom Ruleset. Under Custom Ruleset, with the help of Wizard, the following are the Rules-

Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If signed by any developer
   if signature is valid and verified
If VoodooAi is less than or equal to 0.

My system is Win 10 64 bit. In tasktray, I click Network Icon and then click Disconnect button on my connection.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on September 09, 2018, 09:09:41 pm
Hi Dan,

I would like to know why VS detect the FortiClient installer as malicious?   ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on September 10, 2018, 12:12:58 am
Hi Dan,

I would like to know why VS detect the FortiClient installer as malicious?   ???

curious, VS 4.54 scans forticlient 6.0 installer as safe here with a Ai score of 2 and threat not detected in 65 scan engines.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on September 10, 2018, 01:38:33 am
In the Cuckoo sandbox the rating is 7.4 malicious  :-\

http://voodooshield.ddns.net:8080/analysis/15095/
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on September 10, 2018, 09:46:16 pm
"In the Cuckoo sandbox the rating is 7.4 malicious 

http://voodooshield.ddns.net:8080/analysis/15095/"
Malwarbytes doesn't like this link.


Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on September 10, 2018, 09:47:21 pm
In the Cuckoo sandbox the rating is 7.4 malicious  :-\

http://voodooshield.ddns.net:8080/analysis/15095/

Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on September 10, 2018, 10:40:54 pm
"In the Cuckoo sandbox the rating is 7.4 malicious 

http://voodooshield.ddns.net:8080/analysis/15095/"
Malwarbytes doesn't like this link.


 Yes, uBlock Origin also blocks it
Title: Re: VoodooShield v4 STABLE Thread
Post by: Mx on September 10, 2018, 10:45:26 pm
https://www.virustotal.com/#/url/67bfafa561d03b603a8ead6fa7252c5a90788448bd2b1fdedea1ab482b8191fb/detection
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on September 11, 2018, 01:53:19 am
"In the Cuckoo sandbox the rating is 7.4 malicious 

http://voodooshield.ddns.net:8080/analysis/15095/"
Malwarbytes doesn't like this link.

fwiw, forticlient web filter would always block http://voodooshield.ddns.net:8080/ as an "unrated" webpage (my settings), I changed the filter for "unrated" and now it connects.
Title: Re: VoodooShield v4 STABLE Thread
Post by: ssherjj on September 11, 2018, 02:00:37 am
4.54 running fine here.
Still have the issue of VS going to the task bar instead of a window but since I know about it, it is a non event.

Regards

David
Thank you for letting me know.  This is very odd... is anyone else having this issue?

Yes I have noticed the same thing with VS going to the taskbar upon bootup. I just drag back up above the taskbar. I wasn't thinking that this was a VS issue. Is it?  ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: Petrovic on September 11, 2018, 11:18:16 am
How to clean this?
(https://s33.postimg.cc/6nwbeub3v/Screen_Shot_20180911131311.png) (https://postimg.cc/image/6nwbeub3v/)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on September 11, 2018, 06:29:52 pm
How to clean this?
(https://s33.postimg.cc/6nwbeub3v/Screen_Shot_20180911131311.png) (https://postimg.cc/image/6nwbeub3v/)
It's time you looked through all those settings on the left. You'll find it.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Petrovic on September 12, 2018, 11:16:04 am
4.54b
win 10 1703 x64
context scan
(https://s22.postimg.cc/902oauy8t/Screen_Shot_20180912130751.png) (https://postimg.cc/image/902oauy8t/)

Code: [Select]
System.Net.WebException:
   в System.Net.WebClient.OpenRead(Uri address)
   в VoodooShield.Utilities.CheckForInternetConnection()
   в VoodooShield.Main.LoadFile(String theFile)
   в ﷑.﷐(Object ﷐, StartupNextInstanceEventArgs ﷑)
   в Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnStartupNextInstance(StartupNextInstanceEventArgs eventArgs)

DeveloperServiceLog.log
Code: [Select]
09-12-2018 12:20:09] [ERROR] - Wait For response error 0x00000000
[09-12-2018 12:20:09] [DEBUG] - DriverCommunicationService::Disconnected
[09-12-2018 12:20:09] [DEBUG] - DriverCommunicationService::Client disconnected
[09-12-2018 12:22:10] [DEBUG] - DriverCommunicationService::Connect 10 threads
[09-12-2018 12:22:10] [DEBUG] - DriverCommunicationService::Enter main loop
[09-12-2018 13:11:43] [DEBUG] - DriverCommunicationService::Disconnect
[09-12-2018 13:11:43] [DEBUG] - DriverCommunicationService::Exit main loop
[09-12-2018 13:11:43] [DEBUG] - DriverCommunicationService::Disconnected
[09-12-2018 13:11:43] [DEBUG] - DriverCommunicationService::Client disconnected
[09-12-2018 13:12:54] [DEBUG] - DriverCommunicationService::Connect 10 threads
[09-12-2018 13:12:54] [DEBUG] - DriverCommunicationService::Enter main loop


Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on September 20, 2018, 04:48:16 pm
I assume that with no interaction we are at the end of development. ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on September 21, 2018, 06:04:45 am
I assume that with no interaction we are at the end of development. ???
Not at all ;).  Although since VS is in pretty good shape now with only a few minor bugs to fix, there will certainly be less to discuss unless we start adding new features to VS.  I am working on several different things.  One thing I have played around with was having an option for SRP instead of our whitelist snapshot... but I have yet to find an advantage in doing so... but if there is one, please let me know!  I think our current approach is much more granular and user-friendly than having an option like that.  One thing is for sure, we do not want to add features that will only bloat VS and not offer anything useful or significant, but there are certainly new features we can consider adding.

Having said that, please keep in mind... the years we spent developing VS and posting on security forums, it was truly an exciting time for everyone.  But now that VS is built out and almost bug free, there is not as much to discuss.  Security discussions in general have died down significantly since April 2018... who knows, maybe the "golden age" of online security discussions are behind us?

But I am working on several different things.  We now have the only user-friendly patented toggling computer lock, and my focus now is to figure out how to put it on every web connected device ;).  Most security products have come a very long way the last 5 or so years, and honestly, the only thing left to do is to lock the computer when it is at risk ;).  So I will be around... I am just really tied up with several things at the moment.  I hope to catch up soon, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: gorblimey on September 21, 2018, 07:17:28 am
Although since VS is in pretty good shape now with only a few minor bugs to fix ...

Hi Dan - how are we going with multi-user on current versions?  I remember you writing that we may have to use a separate (older) driver for Win7.

And I would very much like to have a version that doesn't ping helppane and hh :)  4.20 does work reliably, but the help-file blacklist is annoying.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on September 21, 2018, 08:01:21 am
Hi Guys
I was checking out what is new with VS.
Looks great.
Shortly after installing the latest stable version on Win 10 1803, and setting it to smart mode, I got a prompt for a Windows Defender process. It came with a recommendation that it is safe, but is that normal, to be prompted for Windows Defender?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on September 21, 2018, 11:56:20 am
@Shmu26 From memory i also got a prompt every now and then for Windows Defender. But coudn't tell you for sure at which settings it occured. I change between "always on" or "smart" mode and/or "moderate" or "aggressive" quite a lot the past days.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on September 21, 2018, 12:16:45 pm
thanks
Title: Re: VoodooShield v4 STABLE Thread
Post by: frowner on September 21, 2018, 04:37:26 pm
Hi might be a stupid question but can rehips be used with voodooshield. Just those 2 with no av's? Thks
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on September 21, 2018, 05:29:15 pm
I assume that with no interaction we are at the end of development. ???
Not at all ;).  Although since VS is in pretty good shape now with only a few minor bugs to fix, there will certainly be less to discuss unless we start adding new features to VS.  I am working on several different things.  One thing I have played around with was having an option for SRP instead of our whitelist snapshot... but I have yet to find an advantage in doing so... but if there is one, please let me know!  I think our current approach is much more granular and user-friendly than having an option like that.  One thing is for sure, we do not want to add features that will only bloat VS and not offer anything useful or significant, but there are certainly new features we can consider adding.

Having said that, please keep in mind... the years we spent developing VS and posting on security forums, it was truly an exciting time for everyone.  But now that VS is built out and almost bug free, there is not as much to discuss.  Security discussions in general have died down significantly since April 2018... who knows, maybe the "golden age" of online security discussions are behind us?

But I am working on several different things.  We now have the only user-friendly patented toggling computer lock, and my focus now is to figure out how to put it on every web connected device ;).  Most security products have come a very long way the last 5 or so years, and honestly, the only thing left to do is to lock the computer when it is at risk ;).  So I will be around... I am just really tied up with several things at the moment.  I hope to catch up soon, thank you guys!

Thanks for clarifying Dan, was curious is all. ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Schank873-2 on September 22, 2018, 03:08:22 am
From Wilders.....>>>>Honestly, the lock idea is a brilliant thing IMO. Personally I think he should trim it down and offer a basic lock product with few features and almost no false positives. Then have the VS we all know as a corporate product. I'd have a lineup like this;

VLock - A good all around, easy to use, low false positive simple to use computer lock that can run with any security suite as a bonus.
VShield - Corporate focused product. Possibly with a centrally managed portal. (probably required for corporate ecosystem penetration)

I'd ditch the free offering entirely. Offer a 30 day trial on VLock, along with sales/discounts but an entirely paid-only offering. Once everything is solidified and perfected launch a campaign to promote and demonstrate it, attract real investors and make bank.<<<

Dan...something to think about :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on September 22, 2018, 06:09:30 pm
From Wilders.....>>>>Honestly, the lock idea is a brilliant thing IMO. Personally I think he should trim it down and offer a basic lock product with few features and almost no false positives. Then have the VS we all know as a corporate product. I'd have a lineup like this;

VLock - A good all around, easy to use, low false positive simple to use computer lock that can run with any security suite as a bonus.
VShield - Corporate focused product. Possibly with a centrally managed portal. (probably required for corporate ecosystem penetration)

I'd ditch the free offering entirely. Offer a 30 day trial on VLock, along with sales/discounts but an entirely paid-only offering. Once everything is solidified and perfected launch a campaign to promote and demonstrate it, attract real investors and make bank.<<<

Dan...something to think about :)

Well that all looks good on paper, however the amount of 'full time' commitment what you lay out is more then "significant" especially if going corporate. This would require a complex marketing and advertising infrastructure not to mention the increase customer support infrastructure that would be needed to supply and service corporate requirements/expectations. And lets no forget R&D time.
 A vast amount of time and work imho.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Shmu26 on September 22, 2018, 06:25:12 pm
Hi might be a stupid question but can rehips be used with voodooshield. Just those 2 with no av's? Thks
Yes, you can use them together. I am a ReHIPS alpha/beta tester, and I haven't seen any conflicts reported, or seen any myself. Of course, every system is different. But since you will not be running an AV, you already took the biggest troublemaker out of the picture.

Please note that you will have a significant amount of overlap, because ReHIPS has a lot of mitigations that are similar to VS. 

If you find any bugs or issues that involve ReHIPS in any way, just log into their forum and tell them about it. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on September 24, 2018, 05:08:01 am
Dan,

How does Security Posture works?

There are 2 options VoodooShield Mode and Security Posture. VoodooShield works as per the set VoodooShield Mode and set Security Posture has no effect.

For ex-
1. VoodooShield Mode - ON and Security Posture - Moderate - VoodooShield works as per ON Mode.
2. VoodooShield Mode - AUTO and Security Posture - Relaxed - VoodooShield works as per AUTO Mode.

How to use Security Posture?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on September 24, 2018, 02:52:01 pm
@yashkhan Other then clicking on the blue ! Thingy in Settings/Basic Settings to get the screen below i can offer no other info :D
Hope it helps.
Title: Re: VoodooShield v4 STABLE Thread
Post by: frowner on September 24, 2018, 04:41:43 pm
Hi might be a stupid question but can rehips be used with voodooshield. Just those 2 with no av's? Thks
Yes, you can use them together. I am a ReHIPS alpha/beta tester, and I haven't seen any conflicts reported, or seen any myself. Of course, every system is different. But since you will not be running an AV, you already took the biggest troublemaker out of the picture.

Please note that you will have a significant amount of overlap, because ReHIPS has a lot of mitigations that are similar to VS. 

If you find any bugs or issues that involve ReHIPS in any way, just log into their forum and tell them about it. :)


Thks for the info trying it out this week.
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on September 24, 2018, 09:23:32 pm
@yashkhan Other then clicking on the blue ! Thingy in Settings/Basic Settings to get the screen below i can offer no other info :D
Hope it helps.
I meant VS works as per Mode set so how would Security Posture come into play?
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on September 26, 2018, 05:09:26 pm
@Dan VS 4.53 smart mode/aggressive
No "indicator thingy" again between green and orange scale
Title: Re: VoodooShield v4 STABLE Thread
Post by: vonvon on October 03, 2018, 02:36:02 pm
Hi

Update win 10 1809 - WoodooShield 4.54 run fine alonside Sophos Home premium and Win Patrol Plus.

Evrything perfect for me.

Best regards
Title: Re: VoodooShield v4 STABLE Thread
Post by: Azure Phoenix on October 05, 2018, 03:18:07 pm
Dan

Don't know if you are aware. But someone posted being hacked while VoodooShield was on Always ON mode.

https://www.wilderssecurity.com/threads/voodooshield.313706/page-722#post-2784876

"can't recommend it since I got hacked when using VD shield with bitdefender,/windows firewall (the planted malicious exe was running without VD moaning about anything, happened twice, first time Bitdefender stopped it & second time no (40-60 VT detection but not seen by Bitdefender and VD at that time, had to wipe everything) but everything is hackable so my feedback objectively sucks and the program is probably improving. I personally don't feel safe using it for now though."
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antarctica on October 05, 2018, 04:34:01 pm
Dan

Don't know if you are aware. But someone posted being hacked while VoodooShield was on Always ON mode.

https://www.wilderssecurity.com/threads/voodooshield.313706/page-722#post-2784876

"can't recommend it since I got hacked when using VD shield with bitdefender,/windows firewall (the planted malicious exe was running without VD moaning about anything, happened twice, first time Bitdefender stopped it & second time no (40-60 VT detection but not seen by Bitdefender and VD at that time, had to wipe everything) but everything is hackable so my feedback objectively sucks and the program is probably improving. I personally don't feel safe using it for now though."

I am using VS since 5-6 years now and feel quite safe! But hey, nothing is 100% bullet proof. :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on October 05, 2018, 04:38:16 pm
Dan

Don't know if you are aware. But someone posted being hacked while VoodooShield was on Always ON mode.

https://www.wilderssecurity.com/threads/voodooshield.313706/page-722#post-2784876

"can't recommend it since I got hacked when using VD shield with bitdefender,/windows firewall (the planted malicious exe was running without VD moaning about anything, happened twice, first time Bitdefender stopped it & second time no (40-60 VT detection but not seen by Bitdefender and VD at that time, had to wipe everything) but everything is hackable so my feedback objectively sucks and the program is probably improving. I personally don't feel safe using it for now though."

I'm sorry but I don't believe that person and who knows what he was doing for sure??? He's only been a member at Wilders since:

Member Since:
    Aug 12, 2018
Posts:
    10
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 05, 2018, 05:05:06 pm
Thank you guys!  It sounds to me like BD blocked the file the first time (which is why VS did not see it), and VS blocked the file the second time (otherwise he would not have been able to see the blacklist scan results), and he allowed the file based on these results.  It would be interesting to see what the VoodooAi score was though… it is quite funny that there is no mention of that 😉.  Honestly, this “reported bypass” seems a little fishy to me, but if he is interested in looking into this, he can email me at support at voodooshield.com, and I would be happy to look into it when I get a chance.  I am super busy at the moment with business and personal things, but I hope to have a new version of VS within a week or two, and hope to have these last few bugs fixed.  Once I get caught up everything should go back to normal and we can talk about what changes and new features we should make for VS 5.0.

Have a great weekend, thank you guys!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 05, 2018, 05:06:08 pm
@Dan VS 4.53 smart mode/aggressive
No "indicator thingy" again between green and orange scale
BTW, this should be fixed now... along with several of the other bugs that have been reported, I just have not had a chance to let you guys know.  I hope to catch up as soon as possible, thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: oldschool on October 05, 2018, 06:02:51 pm
I agree! This "bypass" seems fishy to me as well. I use VS Pro and look forward to the next version.  8) As a new member who has lurked here for awhile, I have to say I'm glad you found a home here at COU. Based on my experience at other forums, this appears to be a favorable environment for its members.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on October 05, 2018, 06:07:36 pm
I agree! This "bypass" seems fishy to me as well. I use VS Pro and look forward to the next version.  8) As a new member who has lurked here for awhile, I have to say I'm glad you found a home here at COU. Based on my experience at other forums, this appears to be a favourable environment for its members.

Welcome to COU oldschool! So very true this is the best environment for any members that want to be part of our Community!

Cheers,

Daniel  ;)
Title: Re: VoodooShield v4 STABLE Thread
Post by: simmerskool on October 08, 2018, 05:44:37 am
I agree! This "bypass" seems fishy to me as well. I use VS Pro and look forward to the next version.

+1  ???
Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on October 10, 2018, 04:56:46 pm
VS latest version is not working with Brave browser dev latest.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on October 10, 2018, 05:02:46 pm
VS latest version is not working with Brave browser dev latest.

Add it to VS.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Rainwalker on October 10, 2018, 05:54:04 pm
Thanks TH...Never paid much attention to Web Apps. Default took care of everything. Brave now working with VS.
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on October 15, 2018, 01:47:17 am
So after Windows 10 update to 1809, there have been issues with protection software, in particular, NVT OSarmour not working as intended.
I'm not sure of the techy details other than the mitigations I guess in OSarmour are affected by the 1809 update......or something :-\

Dan has VS been affected (protection process/code in any way that would cause VS to not be protecting in the manner it
is meant too?
 
Title: Re: VoodooShield v4 STABLE Thread
Post by: Andi on October 15, 2018, 09:52:23 pm
Windows 10 October 2018 Update biggest problems and complaints

https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints (https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on October 15, 2018, 11:25:36 pm
Windows 10 October 2018 Update biggest problems and complaints

https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints (https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints)

Yes, am aware. Luckily I didn't experience the issues many did: audio messed up, files missing and more.
My updates on machines went without a hitch and no resulting issues.
I'm curious because of Win 10 changes if VS would be affected negatively in any way/
Hopefully, Dan can enlighten
Title: Re: VoodooShield v4 STABLE Thread
Post by: Triple Helix on October 16, 2018, 02:27:59 am
Windows 10 October 2018 Update biggest problems and complaints

https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints (https://www.windowscentral.com/windows-10-october-2018-update-problems-complaints)

Yes, am aware. Luckily I didn't experience the issues many did: audio messed up, files missing and more.
My updates on machines went without a hitch and no resulting issues.
I'm curious because of Win 10 changes if VS would be affected negatively in any way/
Hopefully, Dan can enlighten

I installed 1809 on my Alienware 17R2 Laptop and as always I had to reinstall my Sound Blaster Audio Drivers on every major Windows 10 update but I didn't lose any files like some have in this 1809 release build. Also being a Windows Insider MVP I test all builds on my VM's and I don't have any of these files in any folders and didn't see the issue but some have reported months ago via the Feedback Hub that some Insider builds were deleting files and I guess MS didn't take that into account.

Also I don't see any issues with VS and is running very well on 1809 Pro x64.
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 16, 2018, 05:32:18 pm
Thank you guys for your patients, I really appreciate it!  I have some major business and personal stuff going on, but it looks like everything should settle down in a week or so.

Yeah, VS works beautifully with 1809 (thank you TH for confirming this as well).  The only issue I have seen is that Edge seems to take a while to suspend itself, so toggling back to OFF in Smart Mode can be slow with Edge, but hopefully MS will fix this.

I will be back asap, hopefully with a new version of VS 😉.
Title: Re: VoodooShield v4 STABLE Thread
Post by: boredog on October 19, 2018, 03:17:32 pm
The only issue I have seen is that Edge seems to take a while to suspend itself, so toggling back to OFF in Smart Mode can be slow with Edge, but hopefully MS will fix this.

This has been going on for along time. At least on my insider builds. I have even seen VS shield go red while Edge was still running in task manager. Most of the time, I just end Edge in task manager.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on October 24, 2018, 02:25:17 pm
win 10 64bit, Vers1803, Os Build 17134.345
No valid exe when signed.....
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on October 24, 2018, 10:40:02 pm
Thank you guys for your patients, I really appreciate it!  I have some major business and personal stuff going on, but it looks like everything should settle down in a week or so.
Yea... I get that. But please tell us there is a definite plan for VS for individual use.

Obviously, life has pulled you in many directions since coming to COU, and this thread has numerous posts from you reassuring us that "everything should settle down in a week or so"... But I'm antsy and wondering if we aren't headed to abandonware. That would be a real shame, but maybe your life needs to go in a new direction... to which I can only say "bon voyage" if that is happening... and "thanks for all the fish"  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: Alexhousek on October 26, 2018, 04:23:48 am
Folks give the man a break!  You act as if he can't have a life outside of his VS project?!  We have no idea what he is dealing with either personally or professionally.  And, he's given a lot of time here on this forum and given many folks free licenses to his software. 

He's worked hard to get all of most of the bugs out of the software and I read very few, if any, bug reports or people having issues with VS. It's ok to take a break if VS is functioning mostly well for most people.  Yes, he has things he's talked about adding or changing, but that will come in due time. 

I'm just grateful for VS, Dan's work, and for his dedication and his assistance; and for a free license to an awesome piece of software.  Let's give him a break....
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on October 26, 2018, 04:29:30 am
Dan,

Rules enabled - VAi is set to "33" i.e VS will show alerts when VAi score is above 33.

Rules disabled - VS will show alerts when VAi score is above __?
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on October 26, 2018, 06:03:34 am
Folks give the man a break!  You act as if he can't have a life outside of his VS project?!  We have no idea what he is dealing with either personally or professionally.  And, he's given a lot of time here on this forum and given many folks free licenses to his software. 

He's worked hard to get all of most of the bugs out of the software and I read very few, if any, bug reports or people having issues with VS. It's ok to take a break if VS is functioning mostly well for most people.  Yes, he has things he's talked about adding or changing, but that will come in due time. 

I'm just grateful for VS, Dan's work, and for his dedication and his assistance; and for a free license to an awesome piece of software.  Let's give him a break....

+1
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 26, 2018, 07:55:07 am
A new version of VS is on the way in 3-5 days.  Sorry for the delay, but this turned into a bigger upgrade than I anticipated (as usual).

The main enhancements are in the user prompts and VoodooAI.  VS has always been about usability, but I have never been happy with the user prompts.  They should indicate instantly to the end user what action to take, but the user prompts and recommendations have not been quite right.  The graph indicator that used to be just for VoodooAi is now integrated with the blacklist scan as a composite verdict… so the user knows immediately whether to allow a block or not.

Also, since VS is growing and VoodooAi has a much larger training data set to work from, you guys will be shocked how much the “false positives” have been reduced.

On a side note… anyone who incessantly complains on security forums about Microsoft Windows updates might want to look into what third party security software might be effing things up.  Just a thought.

Thank you guys, talk to you soon!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 26, 2018, 08:05:41 am
I agree with Telos. It's now turned to abandonware. 2 months since the last update and that was a beta update.
2 months... Seriously?  It's not like I abandoned everyone for 2 years without a word, or not updated my software except for changing the version number and charged users again.

Double effing standards.

I have been with the VS supporters day and day out for 7 years.  Do not forget that.

Title: Re: VoodooShield v4 STABLE Thread
Post by: Unauthorized on October 26, 2018, 08:46:40 am
I agree with Telos. It's now turned to abandonware. 2 months since the last update and that was a beta update.
2 months... Seriously?  It's not like I abandoned everyone for 2 years without a word, or not updated my software except for changing the version number and charged users again.

Double effing standards.

I have been with the VS supporters day and day out for 7 years.  Do not forget that.


Then stop saying it'll be a week or 2 giving people false hope. I agreed to what someone else said. Don't pin it on me that i started whinging first DAN
Title: Re: VoodooShield v4 STABLE Thread
Post by: oldschool on October 26, 2018, 05:11:42 pm
Folks give the man a break!  You act as if he can't have a life outside of his VS project?!  We have no idea what he is dealing with either personally or professionally.  And, he's given a lot of time here on this forum and given many folks free licenses to his software. 

He's worked hard to get all of most of the bugs out of the software and I read very few, if any, bug reports or people having issues with VS. It's ok to take a break if VS is functioning mostly well for most people.  Yes, he has things he's talked about adding or changing, but that will come in due time. 

I'm just grateful for VS, Dan's work, and for his dedication and his assistance; and for a free license to an awesome piece of software.  Let's give him a break....


I completely agree!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 26, 2018, 06:30:54 pm
Folks give the man a break!  You act as if he can't have a life outside of his VS project?!  We have no idea what he is dealing with either personally or professionally.  And, he's given a lot of time here on this forum and given many folks free licenses to his software. 

He's worked hard to get all of most of the bugs out of the software and I read very few, if any, bug reports or people having issues with VS. It's ok to take a break if VS is functioning mostly well for most people.  Yes, he has things he's talked about adding or changing, but that will come in due time. 

I'm just grateful for VS, Dan's work, and for his dedication and his assistance; and for a free license to an awesome piece of software.  Let's give him a break....


I completely agree!
Hey oldschool, how are you?  Nice to see you here!  Have a great weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 26, 2018, 06:32:09 pm
@ Unauthorized sorry, it was not my intention to pin anything on you. 

I completely understand that people are highly disappointed when it takes a little longer to release a new version of VS… that simply means that people are passionate about VS.  But please understand that I am equally disappointed and extremely frustrated when things do not go according to plan.  But I think it is a little unfair for anyone to refer to VS as abandonware after I have spent so much time and effort on it… especially when the delay is only a few weeks.

Here is the latest version.  It is perfectly stable, but since there were major changes, there are probably going to be several small bugs.  I wanted to test and debug a little more over the weekend, but it is in good enough shape for you guys to try it.

The graphic design of the new user prompt is not finalized… but the whole goal of this version was to make the user prompt much more user friendly and informative.  If anyone has any suggestions on how we can further refine the prompt, please let me know.

You will also notice that VoodooAi is a lot quicker and more accurate.

The graph is now a unified composite of the blacklist scan and VoodooAi… which makes a lot more sense and will be less confusing to end users.  I also removed the option to disable the blacklist and VoodooAi because having these options made unifying the blacklist and VoodooAi (and recommendations) next to impossible (the logic was crazy complicated).

Please try some old files that used to be VS false positives… I bet you it is fixed 😉.

https://www.voodooshield.com/Download/InstallVoodooShield460beta.exe

There might be a couple of old bugs that are still not fixed… if so, please let me know.

Thank you guys, have a great weekend!
Title: Re: VoodooShield v4 STABLE Thread
Post by: Jasper The Rasper on October 26, 2018, 06:58:29 pm
I have just installed the new version, and it appears to be running OK so far with no problems.
Thank you Dan.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on October 26, 2018, 07:43:05 pm
I agree with Telos. It's now turned to abandonware. 2 months since the last update and that was a beta update.
You misread my post. I never said VS is abandonware.
Title: Re: VoodooShield v4 STABLE Thread
Post by: oldschool on October 26, 2018, 08:06:44 pm
Folks give the man a break!  You act as if he can't have a life outside of his VS project?!  We have no idea what he is dealing with either personally or professionally.  And, he's given a lot of time here on this forum and given many folks free licenses to his software. 

He's worked hard to get all of most of the bugs out of the software and I read very few, if any, bug reports or people having issues with VS. It's ok to take a break if VS is functioning mostly well for most people.  Yes, he has things he's talked about adding or changing, but that will come in due time. 

I'm just grateful for VS, Dan's work, and for his dedication and his assistance; and for a free license to an awesome piece of software.  Let's give him a break....


I completely agree!
Hey oldschool, how are you?  Nice to see you here!  Have a great weekend!


Hi Dan. I'm doing well. Have just installed new version and appears to be running fine in Aggressive/Autopilot on W10 - 1803. I just ran ConfigureDefender with VS in both Autopilot and Always On and no FP.  Also, I was getting occasional alerts prior to this version for Windows Defender signature updates, but they seemed to be random. I'll let you know if I get any more with the new version. Thanks again Dan!  8)
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on October 26, 2018, 09:24:50 pm
Hey Dan thanks for your commitment.
Installed 4.60 on both Win 10 1809 64 Bit
Looking good so far.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Antus67 on October 26, 2018, 10:40:49 pm
I have remove posts by Telos and Unauthorized as this borders bashing. This type of conversation is negative and non productive to the forum and members/guest. Please refrain from this type of conversation in the future.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Telos on October 27, 2018, 02:49:29 am
@Dan... I've again purged my whitelist and am seeing VS handle its rebuilding with aplomb. I've not yet pushed new program installations on this version, and I'm hopeful for how that will be handled.

Edited by Admin
Title: Re: VoodooShield v4 STABLE Thread
Post by: khanyash on October 27, 2018, 05:26:06 am
I also removed the option to disable the blacklist and VoodooAi because having these options made unifying the blacklist and VoodooAi (and recommendations) next to impossible (the logic was crazy complicated).
VS is primarily an anti-exe. VAi works well. You keep improving VAi. You recommend to use VS with an AV.
Why not keep VS completely a solid (in-house) product i.e remove the blacklist scanner?

VS was/is a solid product. VAi improved the usability and made VS suitable for the majority i.e average/novice users too. VS doesn't need any third party stuff. A completely in-house product is a 'plus' for the product too. - My opinion.
Title: Re: VoodooShield v4 STABLE Thread
Post by: Geri123 on October 27, 2018, 11:32:45 am
@Dan So far the new beta is running good.
If a file is totally safe the indicator in the extreme left corner is at least for me sometimes easy to overlook.
And since you show the "VoodooAi safe" with like 0/100 some users could be confused. How can 0/100 be safe? (Shouldn't it be 100/100 to be safe).
Maybe rename it do "Threat score" 0/100 ?
The other thing is seeing sandboxie shown as a possible exploit just makes my heart bleed :D
At least that are me first thought after a short test ride.
Have a nice weekend all :)




 
Title: Re: VoodooShield v4 STABLE Thread
Post by: schmidthouse on October 27, 2018, 05:16:59 pm
Interesting, no blocking of, or issue with Sandboxie and VS here on Win 10 :)
Title: Re: VoodooShield v4 STABLE Thread
Post by: oldschool on October 27, 2018, 06:57:05 pm
Dan, or anyone else: I just saw someone on MT saying VS was blocking YouTube. This sounds unlikely to me. I have never encountered this myself. Could it be  a browser process being blocked? In any case, they uninstalled VS. I don't get why if someone encounters an issue they don't fully investigate the potential cause(s). This type of behavior is what I believe leads some folks to criticize VS without a legitimate basis.  ??? ::) But what are you gonna do? People will be people!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 28, 2018, 05:54:14 pm
@Dan So far the new beta is running good.
If a file is totally safe the indicator in the extreme left corner is at least for me sometimes easy to overlook.
And since you show the "VoodooAi safe" with like 0/100 some users could be confused. How can 0/100 be safe? (Shouldn't it be 100/100 to be safe).
Maybe rename it do "Threat score" 0/100 ?
The other thing is seeing sandboxie shown as a possible exploit just makes my heart bleed :D
At least that are me first thought after a short test ride.
Have a nice weekend all :)
Thank you for catching that, it is fixed in 4.61, along with several other small bugs that I found the last day or two.  We can talk about the design and figure out what to do.

https://www.voodooshield.com/Download/InstallVoodooShield461beta.exe

Thank you guys, I hope to catch up on the posts I missed soon!

Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 28, 2018, 06:00:19 pm
I also removed the option to disable the blacklist and VoodooAi because having these options made unifying the blacklist and VoodooAi (and recommendations) next to impossible (the logic was crazy complicated).
VS is primarily an anti-exe. VAi works well. You keep improving VAi. You recommend to use VS with an AV.
Why not keep VS completely a solid (in-house) product i.e remove the blacklist scanner?

VS was/is a solid product. VAi improved the usability and made VS suitable for the majority i.e average/novice users too. VS doesn't need any third party stuff. A completely in-house product is a 'plus' for the product too. - My opinion.
Hehehe, I see what you are saying, and it is a great point.  The thing is, I just spent a heck of a lot of time integrating the blacklist scan and VoodooAi into one unified composite score so it is easy for the user to decide whether to allow a file or not. 

Traditional engines excel with malware that is a few days old and ML/Ai excels with 0 day malware... so we really need to have both to be able to make the best recommendation.  Maybe we will eventually just use a handful of engines and VoodooAi.  Besides, VoodooAi still has to mature a little more and needs much larger training data sets that we currently do not have access to.  Thank you!
Title: Re: VoodooShield v4 STABLE Thread
Post by: VoodooShield on October 28, 2018, 06:09:02 pm