Author Topic: VoodooShield v4 STABLE Thread  (Read 141459 times)

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1050 on: November 04, 2018, 07:08:30 pm »
BTW, the false positive was fixed for a couple of hours, but it seems to be back.  I resubmitted the file and we will see what happens ;).

Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 412
  • Truth is more of a stranger than fiction.
    • View Profile
    • Webroot Community Supporter
Re: VoodooShield v4 STABLE Thread
« Reply #1051 on: November 04, 2018, 08:04:31 pm »
BTW, the false positive was fixed for a couple of hours, but it seems to be back.  I resubmitted the file and we will see what happens ;).

Fine here: https://www.virustotal.com/en/file/a69aab6049db496fcd480f8eb54c7dddfb1a998324b4e512e5e551993f9a72d4/analysis/

Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1052 on: November 04, 2018, 10:14:44 pm »
Thank you TH!  Yeah, I am not sure which engine is listed on VT for Microsoft... but when you submit a FP to MS, you have to choose from following list of MS security products.  At this point the only product we know that has a FP is "Windows Defender Antivirus (Windows 10)" so that is what I chose.  Besides, you always hear how the VT results might be different from the endpoint product results, so your guess is as good as mine ;).

    System Center Endpoint Protection
    Windows Defender Antivirus (Windows 10)
    Windows Intune
    Microsoft DaRT
    Microsoft Forefront Client Security
    Microsoft Forefront Endpoint Protection 2010
    Microsoft Forefront Protection for SharePoint
    Microsoft Forefront Server Security
    Microsoft Security Essentials
    Office 365 and Exchange Online Protection
    System Center 2012 Endpoint Protection
    Windows Defender (Windows 8)
    Windows Defender (Windows 7, Windows Vista, or Windows XP)
    Windows Server Antimalware
    Other

There were massive changes between 4.53 and 4.64.  We did not seem to have any issues at all until I updated our download link to 4.64 (in other words... versions prior to 4.64 were never linked on our site).  I wonder if that has anything to do with it... especially since if you download VS in Chrome and then scan with WD 10 (fully updated), it does not have a FP.  So I am guessing that it is some feature in Edge that has a bug or something... it is hard to say.  Either way I am sure they will have it fixed soon.  Thank you guys!


Offline gorblimey

  • Jr. Member
  • **
  • Posts: 90
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1053 on: November 05, 2018, 08:10:45 am »
I do not think it will be too much longer until all anyone ever needs is WD and VS.

Not WD, Windows Firewall.  And (Malwarebytes)WFC.  With Zemana and MBAM to scan once a month.

If VS does miss anything, that item can never phone home, and will (we hope) be picked up on the next patrol.  The biggest problem with WD is it's too simple: you can't lift the hood for things like exclusions or un-quarantining.  All-or-nothing is not a good way to go.  Microsoft should stick to things they understand :) like firewalls.
____________________
Win7 HPx64 SP1, VoodooShield, WFC

Offline djg05

  • Youngling
  • *
  • Posts: 40
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1054 on: November 05, 2018, 10:18:10 am »
Installed 4.63 and before a reboot, my Lic info changed. Is this because of the corruption?
Ooops, I just realized what you mean.  Can you please email me the email address you use for your account and I will check it out?

Is anyone else having this issue if you click the confirm registration button in the Register tab?

Thanks Dan - email sent.

David

It says "Your registration has expired"

David
Yeah, this is very odd... there are a few accounts that this is happening to.

If your account is not working, please email me at support at voodooshield.com and I will fix it right away.  Thank you!
Email sent... your account expired a few weeks ago, so I added a couple years.  If anyone else has this issue, please let me know... that is an easy fix ;).

Thanks Dan - 4.63 running smoothly now

David

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1055 on: November 05, 2018, 03:25:15 pm »
@gorblimey... I agree all-or-nothing is not optimal.  Case in point, the recent WD false positive for VS.  The same applies for fileless malware sponsors.  Permanently disabling powershell and other interpreters is a super bad idea, if you want your system to function correctly.  Personally, I believe the way VS handles these items seems to be working quite well. 

It is quite simple really...

1.  The majority of the valid / non-malicious scripts are auto allowed by VS because most of the valid / non-malicious scripts are spawned from whitelisted items that are not Windows or other vulnerable processes.  So the end user never encounters a block for these items, which account for probably 75-95% of the script that would ever be blocked.

2.  Known and unknown scripts that do not meet the above criteria are automatically blocked by VS and the recommendation by VS is largely based on whether the script is known / unknown or safe / unsafe.

@djg05... sure, thank you!

After a total of 4 submissions, it looks like the false positive for WD 10 / Edge is finally fixed, but if anyone has issues with this again please let me know.  Thank you!


Offline oldschool

  • Jr. Member
  • **
  • Posts: 69
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1056 on: November 05, 2018, 03:59:28 pm »
@VoodooShield - 4.64 still flagged here on 1803.

Edit: I disabled WD sandbox, cleared sigs, and still same result. Whaddya gonna do? Carry on as normal since 4.63 running fine. Thinking I may switch to Cylance.
« Last Edit: November 05, 2018, 04:47:03 pm by oldschool »
"... still trying to find the answers to life's persistent questions..." - Guy Noir, Private Eye

W10 1809 Windows Defender + VoodooShield Pro

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1057 on: November 05, 2018, 05:17:51 pm »
Yep, sure enough, the false positive is back.  I am going to call Microsoft right now.  I believe their number is 1-800-MICROSOFT.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1058 on: November 06, 2018, 09:58:17 am »
Quick update… I am working with Microsoft to resolve the false positive issue once and for all, and as usual they have been very responsive and helpful.  Real devs who actually build software understand that problems like these arise and you just have to deal with them.  I am not exactly sure what the issue is… I think it has something to do with WD 10 / Edge integration, but either way, they now have enough info to isolate the issue and fix it once and for all.

BTW, if you ever hear someone complain that a certain software “suxx”, then you should ask them why they do not build something better to change the world.

Quit complaining and do something.

It is not as easy as you think.

Offline Shmu26

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1059 on: November 06, 2018, 11:28:59 am »
I downloaded 4.64 from the website (redirected by bleepingcomputer), and then scanned and installed, and not a peep from Windows Defender.

Offline Shmu26

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1060 on: November 06, 2018, 11:54:01 am »
I activated training mode but it did not survive a reboot. Is this expected behavior?

Offline oldschool

  • Jr. Member
  • **
  • Posts: 69
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1061 on: November 06, 2018, 04:16:39 pm »
Still no go here! I'm meditating instead on the good qualities of patience!  :)
"... still trying to find the answers to life's persistent questions..." - Guy Noir, Private Eye

W10 1809 Windows Defender + VoodooShield Pro

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1062 on: November 06, 2018, 07:10:53 pm »
I activated training mode but it did not survive a reboot. Is this expected behavior?
Thank you for letting me know that it worked for you... it is not fixed on my end yet.  It must be a super difficult issue to fix... as you guys know, computers and code seem to have a mind of their own sometimes.

As far as VS not remembering the mode... that is odd.  Can you please send me your DeveloperLog.log?  What happens if you right click and exit out of VS, then start VS again?  Does it remember the mode then?  Thank you!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1063 on: November 06, 2018, 07:11:33 pm »
Still no go here! I'm meditating instead on the good qualities of patience!  :)
Thank you for letting me know!  I appreciate everyone's patients in this issue... thank you for understanding!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1064 on: November 06, 2018, 07:59:23 pm »
I activated training mode but it did not survive a reboot. Is this expected behavior?
Sorry, I was not thinking clear there... yeah, this is expected behavior... basically VS will always at least start in one of the protected modes.  We can change this so that VS will go into training mode instead if that makes more sense.  Please let me know what you guys think.