How to configure VoodooShield for best performance and security

Forums VoodooShield Support Forum General VoodooShield Discussions How to configure VoodooShield for best performance and security

  • Post
    poeblightleague
    Participant
    Hello. Would be nice if more experienced users help with settings. Many noobs like me in the internet have no idea how to setup their security programs.
    2
    0
Viewing 7 replies - 1 through 7 (of 7 total)
  • Replies
    divinenews
    Participant

    poeblightleague: Hello. It would be nice if more experienced users help with settings. Many noobs like me on the internet have no idea how to set up their security programs.

     

    I agree with you, poeblightleague,  I have been guessing and hoping that my configuration is at its best, but I am left doubting myself.

     

    If there is a moderator, an expert on the staff of the VoodooShield team, or user who could speak to this issue then I think many of us users would be very grateful.

    1
    0
    poeblightleague
    Participant
    Is it possible whitelisted program or process get infected? If possible, how to prevent it? I mean what mode is the best?
    0
    0
    gorblimey
    Participant
    none
    Hokay.  Question says

    How to configure VoodooShield

    and

    best performance and security

    So, second bit first:

    If you’re working as Admin, DON’T. Make yourself a LUA, local user account. Then get Surun, which allows secure privilege elevation in a local context, similar to the *nix “sudo“.  And, as with sudo, use surun only for specific tasks, then exit.

    Now, always install from Admin, this allows you to easily set apps “for all users“.  And uninstall from Admin also.

    Make sure VS has been installed as Admin, then set it up in each of your accounts.

    Now the first bit, second:

    Part of the setup will have been done already as part of the install, the snapshots.

    This bit is “personalisation”. My setup is “Smart Mode | Agressive“. BTW, I’m still using v4.70 🙂

    Basic Setup

    Advanced Setup

    Utility Setup

    Web Management

    You’ll note that I don’t use the remote analysis. My reasoning is that if a program is queried, the info already presented is enough to let me make an informed decision. If I don’t recognise the parent or app name, it will be zapped. Of course, this is a choice YOU will have to make: I just like instant gratification 🙂 so I don’t want the small internet delay 🙁 Most of my important software is legacy, and some wiggling is needed to train VS, but after it has been set, I can forget…

    The only other security soft I use is Windows Firewall with Windows Firewall Control. This is also set to “Default Deny all outbound” (except for some necessary Windows functions).

    Enjoy.

    • This reply was modified 1 month, 1 week ago by gorblimey.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    3
    0
    Dan
    Keymaster
    US
    I believe the default settings and running VS in Smart / Aggressive mode provide the best balance between usability and security.  There are tons of options that we added throughout the years, but most of them are not necessary for most users.  But it is nice to be able to tweak a setting or two if needed.

    No, it is not possible for a clean whitelisted program to become infected, simply because if something were to change in the code, the hash would be different.

    As a secondary check, you could always run WhitelistCloud, and it will tell you if all of the apps running on your computer are safe.  So if it says “All Safe”, you can be essentially certain that only safe apps are running on your computer.

    When it comes to detection, nothing is perfect, but WhitelistCloud works on file reputation, ML/Ai, digital signatures and other features.  So the odds of WLC returning a false negative is ridiculously low.  Last night, someone was testing WLC efficacy and 2 of the files were PUP/PUA, with a lot of hits on VT (as PUP/PUA).  WLC determined these files were safe, and upon further inspection, they were not malware at all, they were PUP/PUA.  In short, about the most dangerous file WLC will determine to be safe is a PUP/PUA.  They were both digitally signed with valid signatures that had not been revoked… one was signed in June 2019 and one signed in April of 2018.  If these files would have been malicious, the signature would have certainly been revoked by now.

    4
    0
    divinenews
    Participant
    Thank you, Dan and Gorblimey, so much for your excellent posts on this issue. … This knowledge of the configuration of our great software is very valuable to all users of VoodooShield to maximize their protection against malware from “bad actors.”
    0
    0
    oldschool
    Moderator
    none
    One setting I like is Basic Settings> Uncheck> “Deny by Default” in UI, which eliminates balloon notification.
    Stay safe, not paranoid!
    0
    0
    oldschool
    Moderator
    none
    One setting I like is Basic Settings> Uncheck> “Deny by Default” in UI, which eliminates balloon notification.
    Stay safe, not paranoid!
    0
    0
Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.