DanKeymasterHey Guys, a couple of quick things…
- January 10, 2020 at 9:52 pm
There will be duplicates in the VoodooShield Settings Whitelist tab because these items have different parent processes. VS considers many features before allowing an item, like the process name, path, hash, file size, parent process, etc., so there will be duplicates in the Whitelist tab. For example, a lot of binaries call conhost, so there will probably be 10 or so conhost entries. Basically VS considers the entire chain of events (not just the hash and file size for example)… it is quite complex and I will explain how it works one day. The goal is to have the tiniest whitelist possible, and to only allow what is absolutely necessary on the endpoint, and only allow items to do what they are supposed to be doing… and it all pretty much happens automagically. This is infinitely more secure than simply whitelisting the entire drive only by hash and possibly file size upon installation… and not to mention, assuming that the whitelist that is initially built does not contain malware. Then again WLC would fix this… but that is another story ;). Anyway, it is complexities like this that makes VS somewhat difficult to debug… but once it is finished it will be worth it, I promise ;).
However, there should not be any duplicates in the WhitelistCloud (WLC) tab, and if there are, please send me your whitelist.db file and I will find out why. It is actually quite easy to figure out once I see the whitelist.db. As you guys know, the dups do not hurt anything, but we do what to polish the heck out of VS now that it is stable… that is actually the fun part ;).
Also, there will be some files that WLC cannot determine to be Safe (like the Webroot file)… this is completely normal. The job of WLC is to ONLY identify files that it is essentially certain are safe. At some point we might manually whitelist files, but at this point it does not look like we need to.
One last thing… so far there has not been one single exception on 5.59c… this is the first time ever this has happened with VS. So I think we are extremely close to having a 100% bug free version of VS. It was a rough 40 days or so, but I am happy we did it and also happy that you guys stuck with it. Thank you guys, talk to you soon!40