Author Topic: VoodooShield v4 STABLE Thread  (Read 142192 times)

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1440 on: March 13, 2019, 10:16:27 pm »
Would someone please remind me what the white dots moving across desktop VS Shield mean. I am using free version although I doubt that matters.
TIA

Bumping this forward.......Dan you there??
Yeah, sorry, things have been crazy.  The white dots are basically a progress bar.  On VS startup, once the progress bar disappears, then VS is fully loaded / idle.  VS protects before the progress bar disappears, but it is simply showing that it is fully loaded and not really doing much except for waiting.  The progress bar will also be displayed when this file is unknown to VS and has to be scanned by VoodooAi, since this process takes 2-3 seconds.  Most of the time the file has already been analyzed and is in the database, so the result is returned quickly, and so in this case, VS does not show the progress bar because it happens really fast (and it would look silly if it just flashed really quick).

I am going to go a few pages back to see if I missed anything.  Most of the suggestions and bug fixes that you guys posted on here or emailed me are included in the last release (499beta2).  But if I am missing anything, please email or post what I missed and I will get to it asap.

BTW, here is a really interesting and informative post that explains how signatures are created (actually, there is a lot of great info in this thread in general)...

https://malwaretips.com/threads/i-am-head-of-research-at-emsisoft-ask-me-anything.90999/post-802313

ML/Ai works much the same way, except there is essential zero human involvement.

For example, if you look at the features (the box on the right, you will see 4 of 160 features selected.

https://malwaretips.com/threads/i-am-head-of-research-at-emsisoft-ask-me-anything.90999/page-4#lg=attachment210180&slide=0

Well, these features are the exact features that modern ML/Ai products use, except the algo does all of the work... you simply feed the machine tons of samples to train, and it extracts features from the file to build the training data set.  Once the models are trained, you can then feed the machine an unknown and it will tell you whether the features more closely resemble malware or safe files.  VoodooAi is using 245 at the moment, but a lot of these features are not great indicators of maliciousness.  I think typically, there are around 60 or so features that are really strong indicators of maliciousness, and the really cool part is that the algo simply ignores the features that are weak indicators.

Anyway, the post linked above really does a great job of explaining how signatures work, and from there, it is quite easy to see how ML/Ai works.  But my point is, it is extremely easy to see how both signatures and ML/Ai are important and necessary, but it is also extremely easy to see that they are both far from perfect.  Signatures have an advantage in that a human expert can inspect the file and spot anomalies that a machine would never be able to spot.  On the other hand, ML/Ai can analyze large amounts of data (and keep it in memory) to spot patterns that a human expert would never be able to spot.

Lastly, Andy Ful... I also like "the idea of compromise between "block all scripts" and "allow all scripts".  As you guys know, VS has been doing that for years ;).

Please let me know if you guys find any bugs or anything we need to change in the most recent beta.  I am still playing catch up, and hope to be in a position soon where I am able to keep up with everything daily.  Thank you guys!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1441 on: March 13, 2019, 10:21:04 pm »
Hi Dan,

Just an FYI that Norton Power Eraser is flagging VS v4.99 b e t a as bad and wants to remove it.
Wow... really?  Is it detecting the VS installer or VS the installed program?  Thank you for letting me know!

BTW... I just ran a scan with the VS installer on the desktop and VS installed, and there were no FP's.  But if it happens again, please let me know, thanks again!
« Last Edit: March 13, 2019, 10:43:48 pm by VoodooShield »

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1442 on: March 13, 2019, 10:26:57 pm »
Weirdness. Chrome won't let me download the new beta ??? I click the link and the explorer window opens to my downloads folder, and I click OK. Nothing happens after that. There's no record in Chrome's Downloads list.

I open Firefox and do the same, and the download completes. What has Chrome snuck into my settings?

UPDATE1: If I go to the VS site, I can download the executable there... but on the executable here... Hmmm...
No issues here with the Latest Chrome Release and in my Download Folder.
Hmmm, that's odd, it is working for me... please let me know if this continues, thank you!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1443 on: March 13, 2019, 10:29:41 pm »
... where as clean samples are much more difficult to obtain… especially truly diverse clean samples.
...

I have a lot of legacy softs if they would be of help.  Some of them, for example DLExpert, a Chinese download manager, always attract false positives.  EEK doesn't like it.  Lotus does seem to get VS' attention, especially Organizer, so I guess that qualifies :)  and Avast! could never get its head around IconEdit32...  Yes, they are clean, or else somebody is about to rule the universe 'cos he's got better softs than we can even dream of  :o
Thank you, I appreciate that... and maybe at some point we can see if users want to send me their stash ;).  I am working on a really great source that would give us more than we would ever need.  And as far as malware sample go, they is easy to come by.  Thanks again!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1444 on: March 13, 2019, 10:31:33 pm »
@Rainwalker - @Triple Helix and @Geri123 have answered your question. I will notice it, e.g. on machine restart, when VS is coming online. 8)
Yeah... that is actually a better way to explain it then I did, thank you OS!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1445 on: March 13, 2019, 10:33:54 pm »
Hi Dan,

Ever since I purchased a license for VS I cannot get it to register me as a Pro user. I receive a message that the maximum number of seats has been reached for my license!
There is a limit to the number of devices you can use a Pro license on. I had the same error when I purchased Pro. Go to Voodooshield.com , Account, Log-In, Devices, delete all the devices listed. Now you can register your device.  If that fails (which it did for me) email the tech support on the same site and they will fix it promptly. In my case Dan had me up and running in a few hours.

Thank you for the tip. I discovered that I have 4 devices in my account and they all refer to the same PC. I deleted all but the last one and hopefully the registration will stick.
Thank you guys for figuring this out.  BTW, if you ever have an issue like this, please email me directly and I will fix it right away.  Sometimes I am slow on the less important issues, but if there is an important issue, I should be able to get to it right away.

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1446 on: March 13, 2019, 10:36:06 pm »
Over at Wilders Rainwalker posted

https://www.wilderssecurity.com/threads/voodooshield.313706/page-715#post-2811920
"I am using the free version. When I booted up day VS showed a popup indicating a threat was blocked. At the time I was offline. Is there a way I can view the threat? Quarantine page was empty."

Did this person bother to look at the user log? or does the free version not have this? And why has this person not asked for a Lic from Dan?
Thank you BD... yeah, if anyone needs a license, please email me the email address for your account (and your handle on COU) and I will set it up for you.  I try to get to the PM's on here, but I get really confused ;).

Offline Triple Helix

  • Administrator
  • Sr. Member
  • *****
  • Posts: 412
  • Truth is more of a stranger than fiction.
    • View Profile
    • Webroot Community Supporter
Re: VoodooShield v4 STABLE Thread
« Reply #1447 on: March 14, 2019, 12:12:14 am »
Over at Wilders Rainwalker posted

https://www.wilderssecurity.com/threads/voodooshield.313706/page-715#post-2811920
"I am using the free version. When I booted up day VS showed a popup indicating a threat was blocked. At the time I was offline. Is there a way I can view the threat? Quarantine page was empty."

Did this person bother to look at the user log? or does the free version not have this? And why has this person not asked for a Lic from Dan?
Thank you BD... yeah, if anyone needs a license, please email me the email address for your account (and your handle on COU) and I will set it up for you.  I try to get to the PM's on here, but I get really confused ;).

Thanks Dan!  beta
Microsoft® Windows Insider MVP - Windows Security
Webroot SecureAnywhere Complete & VoodooShield Pro
Alienware 17R5 Laptop with the new i9-8950HK Processor, 32GB of RAM and 2 Samsung NVMe 960 Pro's.

Offline HempOil

  • Youngling
  • *
  • Posts: 20
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1448 on: March 15, 2019, 10:06:02 pm »
Hi Dan,

Just an FYI that Norton Power Eraser is flagging VS v4.99 b e t a as bad and wants to remove it.
Wow... really?  Is it detecting the VS installer or VS the installed program?  Thank you for letting me know!

BTW... I just ran a scan with the VS installer on the desktop and VS installed, and there were no FP's.  But if it happens again, please let me know, thanks again!

It flagged the VS directory (where the program is installed).

At the time, I ran NPE twice and it flagged it both times. I just ran it again a moment ago, and it came up clean. I guess Norton updated their white list  :o
Windows 10 Home 64-bit, version 1809, build 17763.437
Comodo Internet Security Premium 11.0.0.6744 (Hotfix)
VoodooShield 5.00
HMP.A 3.8.0 b839 CPT1 & HMP 3.8.11 b300 (64-bit)
Google Chrome 74.0.3729.131 (Official Build) (64-bit) run in Comodo sandbox

Offline Mr.GumP

  • Youngling
  • *
  • Posts: 28
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1449 on: March 16, 2019, 01:23:58 am »
anyone know why the command line blocked 'echo 10.0.17763.379'?
--BitDefender AV
--VoodooShield
--OSArmor


Offline djg05

  • Youngling
  • *
  • Posts: 40
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1450 on: March 17, 2019, 12:34:21 pm »
Hi Dan

Been running 4.99 for a couple of days now and all seems fine, and the double click on the icon now brings up the window whereas it used to be minimised.

Forgot about doing a clean install and did it over the top. Win 8

Offline HempOil

  • Youngling
  • *
  • Posts: 20
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1451 on: March 19, 2019, 08:34:11 pm »
Somehow I missed the post with the link to beta2. I just performed the upgrade from 4.99 beta to 4.99 beta2. No issues to report.
Windows 10 Home 64-bit, version 1809, build 17763.437
Comodo Internet Security Premium 11.0.0.6744 (Hotfix)
VoodooShield 5.00
HMP.A 3.8.0 b839 CPT1 & HMP 3.8.11 b300 (64-bit)
Google Chrome 74.0.3729.131 (Official Build) (64-bit) run in Comodo sandbox

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1452 on: March 20, 2019, 07:05:01 pm »
anyone know why the command line blocked 'echo 10.0.17763.379'?
Hmmm... it's hard to say.  If it happens again, can you please see if you can find out the parent process?  The parent process might even be in your DeveloperLog.log... if so, please let me know, thank you!

Offline VoodooShield

  • VoodooShield Developer
  • VoodooShield Support
  • Sr. Member
  • *
  • Posts: 456
    • View Profile
    • VoodooShield
Re: VoodooShield v4 STABLE Thread
« Reply #1453 on: March 20, 2019, 07:17:43 pm »
Thank you TH, HempOil and djg05 for letting me know!

Also, a big thank you to all of the VS fans that helped to make this happen...

https://www.pcmag.com/roundup/256703/the-best-antivirus-protection

One last extremely sincere thank you to you guys for always being honest, maintaining your integrity and not resorting to dirty tricks, like this...

https://malwaretips.com/threads/avlab-feb-2019-online-banking-protection-test-windows-10.91259/post-805164

I am astonished no one has figured out who he is yet.  It has reached the point that the only honorable thing to do is to feel sorry for him.

Please let me know if you guys find any bugs or have any suggestions, thanks again!

Offline boredog

  • Jr. Member
  • **
  • Posts: 79
    • View Profile
Re: VoodooShield v4 STABLE Thread
« Reply #1454 on: March 20, 2019, 09:00:35 pm »
At first I thought for sure it is lockdown by they way the posts are written but then the poster said this person is a she and that made me only think of one person that writes like that and codes in python.