Every Child Process Needs to be Scanned No Matter What it’s started by

Forums VoodooShield Support Forum General VoodooShield Discussions Every Child Process Needs to be Scanned No Matter What it’s started by

  • Post
    GrDukeMalden
    Participant
    US
    I emailed back and forth with Daniel san about this, but now I want feedback from this community.

    A lot of programs. Chrome and Firefox among many others download setup files for their updates into the program files folders that they’re installed in. VS already scans most child processes no matter what BUT!

    I was talking to Dan about how Voodooshield should always scan every child process no matter what it’s started by or where the application that started it is installed on. Even the child processes of child processes.

    I also suggested to Dan that the user should have an option to enable a setting in VS where the rating from virustotal will be considered as unknown until said rating is (x-number) of days old. To mitigate any risk of a brand new malware being submitted not long before an installation of VS encountering it.

    Doing these two things would make voodoo even more secure.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW-Beta(Free)| HitManPro.Alert!(Paid)|
    1
    0
Viewing 10 replies - 1 through 10 (of 10 total)
  • Replies
    Dan
    Keymaster
    US
    Thank you for the suggestions!  Once we figure out how we are going to finish implementing the blacklist, VoodooAi and WLC results, we will implement something like you suggested as well.
    1
    0
    gorblimey
    Participant
    none
    Two things attracted me to VS:

    It does one thing only.

    Its utter simplicity.

    I’ve only got one thing to wish for, that the main alert popup (and also the little notification) should pop up on top and smack dead center of the screen.  This is because very often I’m in a Galaxy Far Far Away, and may not see the recall notice immediately.

    Apart from those two items, I have always been satisfied that VS will detain and interrogate any process not on its whitelist: I was delighted when I needed to use elevated privileges (SuRun) to clean a HDD the other day, and VS was very concerned about the Command Prompt starting as Admin, and then running  Diskpart 🙂  [VS often questions SuRun.  Just doing its job.]

    The beaut part is that VS doesn’t actually need to “scan” anything.  It can, and has always been able to work independently.  I’m satisfied that VS as it is now will detect any spawned process, and query it, regardless of the depth of ancestry.

     

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    gorblimey
    Participant
    none
    Ummm.  I logged in from the bottom of this page, and was able to post.  I then clicked on the little house, to check for other posts, and Lo! and Behold! I was not logged in!  So I Alt-Left Arrowed back to this page, and guess what?  I’m logged in still — probably for this page only.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Dan
    Keymaster
    US

    gorblimey: Two things attracted me to VS:

     

    It does one thing only.

    Its utter simplicity.

    I’ve only got one thing to wish for, that the main alert popup (and also the little notification) should pop up on top and smack dead center of the screen.  This is because very often I’m in a Galaxy Far Far Away, and may not see the recall notice immediately.

    Apart from those two items, I have always been satisfied that VS will detain and interrogate any process not on its whitelist: I was delighted when I needed to use elevated privileges (SuRun) to clean a HDD the other day, and VS was very concerned about the Command Prompt starting as Admin, and then running  Diskpart 🙂  [VS often questions SuRun.  Just doing its job.]

    The beaut part is that VS doesn’t actually need to “scan” anything.  It can, and has always been able to work independently.  I’m satisfied that VS as it is now will detect any spawned process, and query it, regardless of the depth of ancestry.

     

    Thank you for the compliments and suggestions!  The user prompts should already be on top, but if they are not please let me know.  Also, we can either create an option for the user prompt placement, or simply make it movable, and it would remember its position for the next time.  Which of these would you guys prefer?

    0
    0
    GrDukeMalden
    Participant
    US
    Daniel San (that’s a Karate Kid reference) once told me about how sometimes, however rarely this happens, malware and PUP’s can be mistakenly added to WLC.

    I was talking to Dan about how the ratings from voodoo AI and virustotal should always override the rating from whitelist cloud. If WLC says something is safe, but VoodooAI and virustotal say it’s bad, it’s probably bad.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW-Beta(Free)| HitManPro.Alert!(Paid)|
    0
    0
    gorblimey
    Participant
    none

    Dan:

    … we can either create an option for the user prompt placement, or simply make it movable, and it would remember its position for the next time.  Which of these would you guys prefer?

    On reflection, I think the “moveable” might be preferable.  Mostly because I guess there are lots of folks like me who have things already in strategic locations which don’t need to be covered up.  Also, the shield gadget is moveable, so the code needed only needs to be repurposed.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    1
    0
    bellgamin
    Participant
    US
    Moveable, please!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Daniel san? Actually should be Daniel-sensei.

    iro iro osewa ni narimashita,
    bellgamin

    • This reply was modified 2 months, 1 week ago by bellgamin.
    0
    0
    GrDukeMalden
    Participant
    US
    Much in the way that you need to activate the function to move the shield, a second thing in the context menu could open a little something and moving that little something around on the screen could allow you to pick where you want the balloon alert and prompt to show up.

    Just a mostly blank balloon alert that says “example alert” or something. clicking the X on it will set that location in stone and deactivate the command for selecting where it will pop up.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW-Beta(Free)| HitManPro.Alert!(Paid)|
    0
    0
    Dan
    Keymaster
    US
    Cool, thank you guys… I have been making major changes to the VS code.  Basically I am converting all of the code to C# since some of the code was in vb.net and some was in C#.  Anyway, it is finding all kinds of optimizations and small bug fixes, its pretty cool.  I will try to remember to make the user prompt movable, but if I forget please remind me in a week or two.  I should have VS 6.0 ready for you guys to try in the next week or two, thank you guys!
    2
    0
    Triple Helix
    Participant
    CA
    Awesome to hear Daniel! 😉
    Attachments:
    Microsoft® Windows Insider MVP - Windows Security - VoodooShield Pro - Webroot SecureAnywhere Complete - Glasswire Elite
    0
    0
Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.