- October 30, 2019 at 4:06 pm
poeblightleague: Hello. It would be nice if more experienced users help with settings. Many noobs like me on the internet have no idea how to set up their security programs.
I agree with you, poeblightleague, I have been guessing and hoping that my configuration is at its best, but I am left doubting myself.
If there is a moderator, an expert on the staff of the VoodooShield team, or user who could speak to this issue then I think many of us users would be very grateful.10
Is it possible whitelisted program or process get infected? If possible, how to prevent it? I mean what mode is the best?00
- October 30, 2019 at 11:37 pm
gorblimeyParticipantHokay. Question says
- October 31, 2019 at 3:13 am
How to configure VoodooShield
best performance and security
So, second bit first:
If you’re working as Admin, DON’T. Make yourself a LUA, local user account. Then get Surun, which allows secure privilege elevation in a local context, similar to the *nix “sudo“. And, as with sudo, use surun only for specific tasks, then exit.
Now, always install from Admin, this allows you to easily set apps “for all users“. And uninstall from Admin also.
Make sure VS has been installed as Admin, then set it up in each of your accounts.
Now the first bit, second:
Part of the setup will have been done already as part of the install, the snapshots.
This bit is “personalisation”. My setup is “Smart Mode | Agressive“. BTW, I’m still using v4.70 🙂
You’ll note that I don’t use the remote analysis. My reasoning is that if a program is queried, the info already presented is enough to let me make an informed decision. If I don’t recognise the parent or app name, it will be zapped. Of course, this is a choice YOU will have to make: I just like instant gratification 🙂 so I don’t want the small internet delay 🙁 Most of my important software is legacy, and some wiggling is needed to train VS, but after it has been set, I can forget…
The only other security soft I use is Windows Firewall with Windows Firewall Control. This is also set to “Default Deny all outbound” (except for some necessary Windows functions).
- This reply was modified 11 months, 3 weeks ago by gorblimey.
_________________________________Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]30
DanKeymasterI believe the default settings and running VS in Smart / Aggressive mode provide the best balance between usability and security. There are tons of options that we added throughout the years, but most of them are not necessary for most users. But it is nice to be able to tweak a setting or two if needed.
- October 31, 2019 at 3:15 am
No, it is not possible for a clean whitelisted program to become infected, simply because if something were to change in the code, the hash would be different.
As a secondary check, you could always run WhitelistCloud, and it will tell you if all of the apps running on your computer are safe. So if it says “All Safe”, you can be essentially certain that only safe apps are running on your computer.
When it comes to detection, nothing is perfect, but WhitelistCloud works on file reputation, ML/Ai, digital signatures and other features. So the odds of WLC returning a false negative is ridiculously low. Last night, someone was testing WLC efficacy and 2 of the files were PUP/PUA, with a lot of hits on VT (as PUP/PUA). WLC determined these files were safe, and upon further inspection, they were not malware at all, they were PUP/PUA. In short, about the most dangerous file WLC will determine to be safe is a PUP/PUA. They were both digitally signed with valid signatures that had not been revoked… one was signed in June 2019 and one signed in April of 2018. If these files would have been malicious, the signature would have certainly been revoked by now.40
Thank you, Dan and Gorblimey, so much for your excellent posts on this issue. … This knowledge of the configuration of our great software is very valuable to all users of VoodooShield to maximize their protection against malware from “bad actors.”00
- October 31, 2019 at 10:21 pm
One setting I like is Basic Settings> Uncheck> “Deny by Default” in UI, which eliminates balloon notification.Stay safe, not paranoid!00
- November 2, 2019 at 5:58 pm
- You must be logged in to reply to this topic.