Author Topic: VoodooShield v4 STABLE Thread  (Read 157246 times)

Offline Baldrick

  • Visiting Experts
  • Youngling
  • *
  • Posts: 18
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1365 on: February 17, 2019, 10:18:41 am »
Hi Dan

Hope that you are well?

Have done both a refresh install & an over the top one and can see no apparent differences as a result...all seems at present to be good re. v4.99.  ;D

So kudos...and now take some rest. :o

Regards, Baldrick  :)

Offline Telos

  • Jr. Member
  • **
  • Posts: 87
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1366 on: February 17, 2019, 03:25:24 pm »
Got this pop up

during installation. I'm pretty sure this is due to Protected Folders, as I later disabled folder protection and reran the installer and all was quiet. Then again, I reactivated protected folders, reran the installer and the popup returned. It appears when shortcuts are written.

Offline boredog

  • Jr. Member
  • **
  • Posts: 79
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1367 on: February 17, 2019, 08:45:20 pm »
Hello Dan,

I did a clean uninstall except removing the settings and everything seems to be running fine so far on Win 8.1 home.
One thing please, could you check your PM here and reply to what I found to happen on 2/13/2019.
Love the max gui which you can use the arrow buttons to move in any direction..  :)

Thank you and I'm looking forward to reporting anything unusual and the 5.0 version coming in the future!

Regards,
Hardhead

I cleaned install 4.99 and when I select white list my scroll up-down and sideways don't work unless I left click on an entry first. Then if I say switch to user log, the same thing happens.

Offline HempOil

  • Youngling
  • *
  • Posts: 22
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1368 on: February 17, 2019, 09:29:20 pm »
Hi Dan,

I uninstalled 4.72 (but kept my settings and logs), rebooted, and then installed 4.99 beta. Everything seems to be running smoothly. However, I cannot test Windows 10 Controlled Folder Access because I run Comodo Internet Security. Other than that, I look forward to testing your 5.0 release.
Windows 10 Home 64-bit, version 1903, build 18362.207
Comodo Internet Security Premium 12.0.0.6818
VoodooShield 5.01
HMP.A 3.8.0 Build 839 CTP 1 & HMP 3.8.14 b304 (64-bit)
Google Chrome 75.0.3770.100 (Official Build) (64-bit) run in Comodo sandbox

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 863
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1369 on: February 18, 2019, 12:11:14 am »
Hello Dan,

I did a clean uninstall except removing the settings and everything seems to be running fine so far on Win 8.1 home.
One thing please, could you check your PM here and reply to what I found to happen on 2/13/2019.
Love the max gui which you can use the arrow buttons to move in any direction..  :)

Thank you and I'm looking forward to reporting anything unusual and the 5.0 version coming in the future!

Regards,
Hardhead

I cleaned install 4.99 and when I select white list my scroll up-down and sideways don't work unless I left click on an entry first. Then if I say switch to user log, the same thing happens.
I’m running Win 8.1 and if you highlight or right click on any entry you should be able to move any direction with the arrow buttons in max or minimize. Just highlight the entry and try that. See if that works for you. It works for me on Win 8.1.

Offline Box

  • Youngling
  • *
  • Posts: 7
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1370 on: February 18, 2019, 12:42:57 pm »
Hey everyone!  I was going to wait until the new VoodooAi implementation was complete before releasing a 5.0 beta, but I figured it would be good to release a beta now, that way we can start isolating any bugs that might have been created.  Basically, all of the changes have been made except for the new VoodooAi implementation, which I am working on now… and the changes made so far in the 4.99 beta will probably have a few minor bugs, and it will be nice to fix them in the next few weeks while I finish up the new VoodooAi implementation.

The gui can now be maximized and it has features that are similar to the “Windows Snap” feature.  But since the VS gui is borderless, I had to create my own.  Also, I removed the VoodooShield Colors feature so that we can update the gui soon with one of MikeV’s designs… which we should be able to do sooner than later.  We really did not need the VS Color feature anyway… it was kind of an early 2000’s relic feature anyway 😉.

I removed a couple of entries from the installer that I do not believe we need anymore.  So while you guys can install over the top if you want, it would be helpful if you uninstall VS first, then reboot, then install the 4.99 beta.  You can keep your settings and logs when you uninstall.  But the important thing is to see if everything functions normally after a clean install, since I removed the entries from the installer that I do not believe we need anymore.

I still need to fix the blacklist and VoodooAi sorting in settings… will do this soon.

The Per User Settings should be working correctly too now… but if anyone has a problem with this feature, please let me know.

The only other thing that I have not done is to debug with Windows 10 Controlled Folder Access.  Can you guys please let me know if VS 4.99 is working properly with Controlled Folder Access?

Other than that, hopefully I am not forgetting anything, but if there is something that needs to be fixed or changed, please let me know!  Thank you guys!

https://voodooshield.com/Download/InstallVoodooShield499beta.exe
SHA256: 56a5f820b6c49760d096459abed2d41a8e4ac7d292a4400f4621bdf05d4e82cd
Dear Dan,
You forget to make VS have the ability to connect network through proxy.

Offline Mr.GumP

  • Youngling
  • *
  • Posts: 28
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1371 on: February 19, 2019, 06:29:16 am »
4.99 smooth as buttah. win 10 64bt
--BitDefender AV
--VoodooShield
--OSArmor


Offline Telos

  • Jr. Member
  • **
  • Posts: 87
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1372 on: February 25, 2019, 02:06:08 pm »
New video at MT suggests "Always On" required to avoid "bypass"...
https://malwaretips.com/threads/voodooshield-not-doing-so-well-with-mbr-malware-bypass.90799/

Offline boredog

  • Jr. Member
  • **
  • Posts: 79
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1373 on: February 25, 2019, 02:26:38 pm »
New video at MT suggests "Always On" required to avoid "bypass"...
https://malwaretips.com/threads/voodooshield-not-doing-so-well-with-mbr-malware-bypass.90799/

the test was done in always on mode and the VT and ai showed zero. and so the user clicked allow on the vs prompt and when the uac prompt came up, the user clicked yes on that as well, infecting the mbr.

Offline Telos

  • Jr. Member
  • **
  • Posts: 87
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1374 on: February 25, 2019, 02:53:49 pm »
the test was done in always on mode and the VT and ai showed zero. and so the user clicked allow on the vs prompt and when the uac prompt came up, the user clicked yes on that as well, infecting the mbr.
That is true, and it distracted me initially. However, had Autopilot or Smart been engaged, there would be no VS prompt and the executable would be permitted.... yes?
« Last Edit: February 25, 2019, 07:09:23 pm by Telos »

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 495
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1375 on: February 25, 2019, 03:09:47 pm »
Hey guys… I will post a new version that fixes the issues you guys have discovered so far in a day or two.

Thank you guys for letting me know about the "bypass" that was uploaded less than 4 hours ago…

https://malwaretips.com/threads/voodooshield-not-doing-so-well-with-mbr-malware-bypass.90799/

@SHvFl
You cannot share the file, but I certainly can.  I looked up the hash in the VoodooAi database by file name and by date and time according to your video.  Just in a few minutes, I have discovered a few very interesting things.  Please note the original file name, or “signature” shall I say.

https://www.virustotal.com/#/file/a44205596c3d712b5d0425da74a9de354828eaf9cf29e685b5a1bf23c010682a/detection

SHA256: a44205596c3d712b5d0425da74a9de354828eaf9cf29e685b5a1bf23c010682a

While watching the video, I knew immediately who created the malware.  The more I looked into the evidence, the more this was confirmed.  BTW, when VS blocks the file and prompts the user with “Click this balloon if you intended to run (file)”, the user must first want to run the file (and click on the Mini Prompt), AND click allow on the User Prompt.  Anyone who claims this to be a bypass simply does not know what an actual bypass is.  Besides, this test only serves to validate my claim that detection will never be perfect and the computer should be locked when it is at risk.

I should be able to find this executable, but just in case, if someone has access to VT Intelligence, can you please download the file and send it to me?  Everyone thinks that I have amazing access to VT, which I actually do not at all… pretty much everyone besides VS has much better access than we do.

The people responsible for creating this malware need to come forward and come clean (without my guidance), or there will be hell to pay.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 495
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1376 on: February 25, 2019, 03:13:13 pm »
the test was done in always on mode and the VT and ai showed zero. and so the user clicked allow on the vs prompt and when the uac prompt came up, the user clicked yes on that as well, infecting the mbr.
That is true, and it distracted me initially. However, has Autopilot or Smart been engaged, there would be no VS prompt and the executable would be permitted.... yes?
Absolutely!  Signatures, Ai, BB, etc. will never be perfect... the computer should be locked when it is at risk ;).

Offline oldschool

  • Jr. Member
  • **
  • Posts: 86
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1377 on: February 25, 2019, 06:09:06 pm »
the test was done in always on mode and the VT and ai showed zero. and so the user clicked allow on the vs prompt and when the uac prompt came up, the user clicked yes on that as well, infecting the mbr.
That is true, and it distracted me initially. However, has Autopilot or Smart been engaged, there would be no VS prompt and the executable would be permitted.... yes?
Absolutely!  Signatures, Ai, BB, etc. will never be perfect... the computer should be locked when it is at risk ;).

I am no geek, and even I can see the flaw in his first test. I asked the OP whether he had contacted Dan, and why he wouldn't share the file in question. I got the usual response. It is ironic but understandable that some of the same members who post this stuff at one forum, never post it at the other forum - which is ostensibly their "home" forum.  The second and more important flaw is with the OP himself, since he cannot answer reasonable questions about sharing the malware. It is childish trolling which disrupts one forum, and whose effects overflow to this forum.

BTW: that thread was locked very quickly, once the OP was challenged!
I say, "Let's please not even respond to these posters because their true aim is to disrupt, and not educate!"  beta
"... still trying to find the answers to life's persistent questions..." - Guy Noir, Private Eye

W10 1903 AVG Free Beta + VoodooShield Pro

Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 416
  • Truth is more of a stranger than fiction.
    • View Profile
    • Webroot Community Supporter
Re: VoodooShield v4 STABLE Thread
« Reply #1378 on: February 25, 2019, 06:20:48 pm »
the test was done in always on mode and the VT and ai showed zero. and so the user clicked allow on the vs prompt and when the uac prompt came up, the user clicked yes on that as well, infecting the mbr.
That is true, and it distracted me initially. However, has Autopilot or Smart been engaged, there would be no VS prompt and the executable would be permitted.... yes?
Absolutely!  Signatures, Ai, BB, etc. will never be perfect... the computer should be locked when it is at risk ;).

I am no geek, and even I can see the flaw in his first test. I asked the OP whether he had contacted Dan, and why he wouldn't share the file in question. I got the usual response. It is ironic but understandable that some of the same members who post this stuff at one forum, never post it at the other forum - which is ostensibly their "home" forum.  The second and more important flaw is with the OP himself, since he cannot answer reasonable questions about sharing the malware. It is childish trolling which disrupts one forum, and whose effects overflow to this forum.

BTW: that thread was locked very quickly, once the OP was challenged!
I say, "Let's please not even respond to these posters because their true aim is to disrupt, and not educate!"  beta

I couldn't agree more! There's nothing wrong with working together to help to improve things instead of just starting trouble that's why I want to leave MT issues at MT and not here.
Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline Shmu26

  • Jr. Member
  • **
  • Posts: 67
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1379 on: February 25, 2019, 06:26:48 pm »
The tester stated that his point is that Voodoo Ai should be further trained to recognize MBR-attacking malware. Whether or not he has a hidden agenda, I think his stated point is valid.
BB can never be perfect, but it can always be better. :)