Reply To: VoodooShield 5.50

Forums VoodooShield Support Forum VoodooShield Releases VoodooShield 5.50 Reply To: VoodooShield 5.50

    Hey guys, here is the latest version., we are getting super close but I am sure there will be a few bugs we have to work out.  Integrating a complex component like WLC, which is basically a complete realtime scanner in 3-4 weeks is simply not possible without experiencing a few bugs.  In all fairness, it is not like we are developing an AutoIt script or something…  and whenever we do something ambitious like this, there are going to be issues.  But VS would not be nearly as advanced as it is today if we would not have been ambitious and added sophisticated features and mechanisms throughout the years.  We could lock the computer and call it a day or rarely update our software, but that is not going to change anything.  If you want the world to use your computer lock, you have to make it user-friendly for them.

    About the WLC icon… WLC is FULLY implemented into VS.  The WLC icon is simply there to let the user know at all times that only known, safe files are running on the endpoint.  It is also there for quick access to the WLC tab in VS settings.  Either way, the WLC icon is completely optional.  In fact, all of WLC options are completely optional.  If you only want to allow WLC items, and not have it create firewall rules or alert you with the WLC icon and mini prompt when a new Not Safe item is detected, you can do that.  You can configure WLC exactly how you want… it is incredibly flexible and elegant.

    Besides any remaining bugs, we will also have to figure out what to do about temp folders.  As we all know, malware loves to hide in these folders, and the problem is so do legitimate apps, and a lot of these legitimate apps do not have a Safe file reputation.  So the issue is that there will be a few files in temp folders that appear at Not Safe files.  WLC will automatically remove these files when they no longer exist, but some temp files hang out longer than they should.  The obvious answer is to have VS automatically cleanup the temp folders… this would fix everything, and keep the temp folders sparkling clean all of the time.  Can anyone see a disadvantage in doing this?

    There are some other usability tweaks we will implement in WLC soon, for now I just wanted to get the implementation up and running.  For example, in the user prompt, we will probably remove the VoodooAi result and replace it with the WLC.  The whole goal is to reduce VS’s dependence on VT as much as possible, while replacing it with a mechanism that fits VS even better.  But we had to get to this point before we even thought about refining the implementation.  VT is great, but really VS should only utilize it for instant preliminary results while waiting for the WLC results, assuming the file is a not seen before file.  Yes, I agree that when a file has not yet been analyzed by WLC, it takes a while to upload and analyze the file (mainly the upload).  But once that hash is in the database, all subsequent lookups / scans will be super quick.  Once we release VS to the public, the database will grow massively and there will be even less not seen before files that require the file to be uploaded.

    And really, the full WLC feature set are mainly intended for SMB / enterprise, and for security enthusiasts / pros, with the goal of letting admins know on a continual basis that only safe files are executing on their endpoint… all at a glance.  But some features of WLC will be super cool for home users as well… especially the ability to automatically allow Safe WLC files.  The unwanted VS blocks will be essentially nonexistent.

    In 5.51 beta, you will notice that I added Inbound and Outbound columns the WLC tab.  Obviously, those are firewall rules, which can be applied or removed at any time… EVEN IF THE ITEM IS SAFE 😉.

    Thank you for letting me know about the handful of Windows files false positives (like dismhost)… I will fix those in the cloud in a day or so, and when you reset your whitelist it will be fixed.

    BTW, if you installed the 5.50 beta, you will need to uninstall VS then install the 5.51 beta.  If you are running the 5.02 or 5.04, you should be able to install over the top with 5.51 beta.

    SHA-256: e05cb8ac0a89edaade7c3543c4717955c451efb2f953be3874f2bbad8e1cecdb

    Please let me know about the remaining bugs and I will start figuring out the usability and start refining the WLC implementation.  Thank you guys!