Author Topic: VoodooShield v4 STABLE Thread  (Read 141466 times)

Offline Shmu26

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1065 on: November 06, 2018, 08:06:52 pm »
To me, it makes sense to "train" a security software all the way through the boot sequence.

Offline hayc59

  • Esquire
  • Administrator
  • Hero Member
  • *****
  • Posts: 591
  • Your A Daisy
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1066 on: November 06, 2018, 08:07:31 pm »
Hey Hey...I think that if you are in training mode and do a reboot or shut down for the night or what ever
and then start your PC for the morning it should stay in that mode to catch and train other software, like Outpost firewall
used to do! Once you have what you need trained then you can switch it to what ever mode you wish.


9.11.01
A Friend Is Someone Who Reaches For Your Hand,
But Touches Your Heart




Offline oldschool

  • Jr. Member
  • **
  • Posts: 69
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1067 on: November 06, 2018, 09:15:46 pm »
I activated training mode but it did not survive a reboot. Is this expected behavior?
Thank you for letting me know that it worked for you... it is not fixed on my end yet.  It must be a super difficult issue to fix... as you guys know, computers and code seem to have a mind of their own sometimes...


Dan - I installed Cylance and got Version 4.64! Might MS be flagging it since in downloads folder it shows as: Version 4.50 when you hover the mouse over the file? Might it be as simple as different version numbers causing the FP?  ??? Such a simple thing?


Working fine BTW.
« Last Edit: November 06, 2018, 09:32:09 pm by oldschool »
"... still trying to find the answers to life's persistent questions..." - Guy Noir, Private Eye

W10 1809 Windows Defender + VoodooShield Pro

Offline schmidthouse

  • Jr. Member
  • **
  • Posts: 66
  • Do not confuse Kindness for Weakness
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1068 on: November 06, 2018, 10:10:59 pm »
Hey Hey...I think that if you are in training mode and do a reboot or shut down for the night or what ever
and then start your PC for the morning it should stay in that mode to catch and train other software, like Outpost firewall
used to do! Once you have what you need trained then you can switch it to what ever mode you wish.


+1
Yes, I agree and also used Outpost Pro back in the day. Makes sense.
***HP ENVY 15K LT  W10 Pro 64Bit/750GB HD/ 16GB Ram/Avast Prem.bc/VS 5/Secureline VPN/SANDBOXIE/Prey Project
**HP Compaq Buisness LT W10 Pro 64Bit/1TB HD/ 8GB Ram/Avast Prem. 19.4.2374/VS 5/Avast Secureline/SANDBOXIE/Prey Project     
*Dell Inspiron  xpSP4 PRO 32 Bit/Avast (since 2002)/Comodo FW 3.14/OSA/Comodo Ice Dragon/Avast Secureline
LAYERED SECURITY SOFTWARE PROTECTION on all OS's
When you think you know, Think Again

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1069 on: November 06, 2018, 11:49:52 pm »
Thank you Shmu26, hayc59 and schmidthouse... that totally make sense, I will change that for the next version.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1070 on: November 06, 2018, 11:54:07 pm »
I activated training mode but it did not survive a reboot. Is this expected behavior?
Thank you for letting me know that it worked for you... it is not fixed on my end yet.  It must be a super difficult issue to fix... as you guys know, computers and code seem to have a mind of their own sometimes...


Dan - I installed Cylance and got Version 4.64! Might MS be flagging it since in downloads folder it shows as: Version 4.50 when you hover the mouse over the file? Might it be as simple as different version numbers causing the FP?  ??? Such a simple thing?


Working fine BTW.
That's great to hear!  Well, all of the versions up to 4.63 showed Version 4.50, and they did not have the false positive that 4.64 has.  MS had me follow a procedure to create a .cab file that should have all of the info they need to isolate the issue.  It is a very odd issue, but I am sure they will figure it out.  Thank you for the thought though!

Offline minhgi

  • Youngling
  • *
  • Posts: 3
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1071 on: November 07, 2018, 04:44:37 pm »
Does the VoodooShield protection stop if I disable the ruleset? Or does it disable only part of it.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1072 on: November 07, 2018, 04:59:26 pm »
Does the VoodooShield protection stop if I disable the ruleset? Or does it disable only part of it.
Hi minhgi, nice to meet you!  The rules are independent of VS's main protection, so it does not matter either way.  Most users will never need to use the Rules feature... its intended use is in SMB and the enterprise customers.

BTW, here is a quick update on the false positive from Microsoft... "Thanks you for providing the requested details. The submitted files are clean and we are able to download the Installer from Edge without any error. Still we are analyzing the issue to trace out the exact reason of detection and will require some time."  So it is certainly some odd error in Edge... hopefully it will be fixed soon, but tracing down odd errors like this is not always easy.

Offline minhgi

  • Youngling
  • *
  • Posts: 3
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1073 on: November 08, 2018, 06:37:06 am »
Ok.  That nice to know.  It was little confusing trying to create an ideal rule for home use.

Offline gorblimey

  • Jr. Member
  • **
  • Posts: 90
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1074 on: November 08, 2018, 10:18:12 am »
It was little confusing trying to create an ideal rule for home use.

Actually the rules are very useful on workstations.  This is my rule-set.  Do this rule for each account on the box.



The same rule-set also locks down %Program Data%, as nothing should ever execute from that folder.  You will need to disable the rule-set for many installs.  Unfortunately, too many software sellers want to use your LUA %.\Low\Temp% for installs, and this also happens if you (cleverly) use Admin.  But at least you can stop cold any malware that wants to install itself on your box--it just won't happen and you won't even feel the bump in the road!  Software should install from wherever you put it, usually the desktop or your software archive.  I'm thinking of shutting down the Desktop as well, but I have too many legit maintenance apps there, I'll have to let VS interrogate those.
____________________
Win7 HPx64 SP1, VoodooShield, WFC

Offline Shmu26

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1075 on: November 08, 2018, 10:34:10 am »
It was little confusing trying to create an ideal rule for home use.

Actually the rules are very useful on workstations.  This is my rule-set.  Do this rule for each account on the box.



The same rule-set also locks down %Program Data%, as nothing should ever execute from that folder. 
You are lucky that nothing on your system wants to execute from ProgramData.
On my system, I have these running from program data:
1 Windows Defender
2 Logitech wireless mouse processes

Offline gorblimey

  • Jr. Member
  • **
  • Posts: 90
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1076 on: November 08, 2018, 10:53:11 am »
...
1 Windows Defender
2 Logitech wireless mouse processes

Funny how Microsoft doesn't bother obeying its own rules  :-[  A bit like Main Roads in Oz--rules are for the idiots, we run the joint!  But Logitech should know better.
____________________
Win7 HPx64 SP1, VoodooShield, WFC

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1077 on: November 08, 2018, 02:29:46 pm »
It was little confusing trying to create an ideal rule for home use.

Actually the rules are very useful on workstations.  This is my rule-set.  Do this rule for each account on the box.



The same rule-set also locks down %Program Data%, as nothing should ever execute from that folder.  You will need to disable the rule-set for many installs.  Unfortunately, too many software sellers want to use your LUA %.\Low\Temp% for installs, and this also happens if you (cleverly) use Admin.  But at least you can stop cold any malware that wants to install itself on your box--it just won't happen and you won't even feel the bump in the road!  Software should install from wherever you put it, usually the desktop or your software archive.  I'm thinking of shutting down the Desktop as well, but I have too many legit maintenance apps there, I'll have to let VS interrogate those.
Yeah, they can certainly be handy for unique situations.  There are a lot of things we can do to build that feature out more.  As a matter of fact, my to do list is finally caught up, so if anyone has any suggestions on optimizations or new features, please let me know!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1078 on: November 08, 2018, 02:35:41 pm »
I believe the false positive is now fixed... but please let me know if anyone continues to have issues with it.  I decided to undo each of the 3 changes  that I made in 4.63 to 4.64 to see what might be triggering it.  So the first one I tried fixed the issue... but then I went back to test 4.64, and sure enough, Microsoft had already fixed the issue.  So I just left it for now... it was a simply change in the logging that makes absolutely zero difference either way.

https://voodooshield.com/Download/InstallVoodooShield.exe

I also fixed the Training Mode on exit issue.  Now VS should start in whatever mode it was last in, even if it was not in a protected mode.

Thank you guys!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1079 on: November 08, 2018, 04:05:19 pm »
Well, it looks like the false positive is back... I guess we will just wait to hear from MS.

BTW, there was a small bug in the last version where VS would go into Disabled Mode on exit... it was a result of the last change I made.  Anyway, it is all fixed now, we just have to wait for the FP to be fixed.

https://voodooshield.com/Download/InstallVoodooShield.exe

SHA256: 47ab6dfb7729b3fb8b53e78b03907b4bf1c9a8bd45f2e604d7bb16c743275e2c

Thank you guys, sorry about this!