VoodooShield 5.50

Forums VoodooShield Support Forum VoodooShield Releases VoodooShield 5.50

  • This topic has 952 replies, 34 voices, and was last updated 6 months ago by Dan.
  • Post
Viewing 15 replies - 76 through 90 (of 952 total)
  • Replies
    gorblimey
    Participant
    none

    Triple Helix: Do we have to check the Boxes in the Firewall list in WLC?

    Good question from my POV. I only have v4.70 (which works bloody beautifully Dan 🙂 ), but I’d assume the boxes are to insert rules for Windows Firewall. My assumption would be that you need to check the boxes to make the rule.

    I did look very hard at Glasswire, but they were not considering multi-user boxes at the time, and I was pointed to WFC which I now use. So I don’t know what Glasswire’s default ruleset is. You need to establish what the default Glasswire ruleset is, whether “deny outbound” or “deny inbound” (which is also the MS default). IF I was using WLC, I would check the outbound boxes for those that actually need outbound (which most don’t) and let WFC look after the rest.

    And yes, I do think Dan could add a clarification to the VS GUI on this matter, or put it into “How Whitelist Cloud works”…

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Krusty
    Participant
    AU
    I think the WLC firewall rules only block access to non-whitelisted files.  WLC doesn’t create ‘Allow’ rules.

    Just wondering… Could it be a slow connection between me and the WLC servers causing the WLC scan to take so long?

    _______________________________________________________
    • Windows 10 x64 20H2
    • Mint Cinnamon 20.1
    0
    0
    Dan
    Keymaster
    US
    Hey guys, I am hoping we are almost there.  If for some reason the scan is still taking forever, please email me your DeveloperLog.log and DeveloperServiceLog.log from the C:\ProgramData\VoodooShield folder.  The initial scan should take less than 10 minutes, and all subsequent scans should take a second or two.

    If you were not experiencing issues with 5.51, then you can install over the top.  Otherwise, I would uninstall VS, reboot the computer and install 5.52.

    I also included an automatic cleanup of the following folders, which runs right before each snapshot scan.  I personally think it is a great feature to add to VS anyway, but if there is a reason we should not automatically clean up the temp files, please let me know.  BTW, it automatically skips any files that are in use.

    C:\Windows\Temp

    C:\Users\User\AppData\Local\Temp

    Also, I read a suggestion somewhere that was really cool… if you are still having issues with the WLC, please try the standalone version of WLC and let me know how it does.  The code is essentially the same at this point, but it is a smart troubleshooting step either way.  You can download it here:

    https://www.whitelistcloud.com/Download/InstallWhitelistCloud.exe

    BTW, there should not be a conflict between the standalone version of WLC and VS, so it should be safe to run them along side each other.  Although there is obviously not a reason to do so now, with WLC being fully integrated into VS.  I have to admit, I miss the tiny WLC standalone app though 😉.

    Please let me know how it goes, thank you guys!

    https://voodooshield.com/Download/InstallVoodooShield552beta.exe

    SHA-256: dba4fd21024a2bc2686f5ed4e70f1242b5fd24bf66c5ad0987b4cd4ed56abc48

    2
    0
    Dan
    Keymaster
    US

    Telos: Another very clean warning (also under D: \Program Files\)

     

    This should actually work if you set your Program Files Windows environment variable to D:\Program Files, but until you do, VS just thinks it is just another folder on the drive ;).  Or you could always create a VoodooShield Rule.  I am actually shocked that a lot of people do not use the Rules feature… it is one of VS’s best features in my opinion.

    Also, WLC did not auto allow this because I changed the very first / top setting in the WhitelistCloud settings tab in VoodooShield Settings.  I wanted the auto allowing of Safe WLC files to be more flexible, so I changed it from a binary text box / option to a drop down box with 3 different options.  I set the default / middle option to still block WLC files when VS is ON… you know me, I still insist the computer should be locked when it is at risk ;).  The odds of someone bypassing WLC is extremely small.  Although a couple of weeks ago, someone was testing WLC and one of the malware files was signed with an EV cert.  What a waste of $600 ;).  Just kidding, I am quite sure they were just testing WLC, although I might look into it just to make sure.  Anyway, that malware file bypassed pretty much everything, including SmartScreen, and I believe it was mainly because of the EV cert.

    0
    0
    Dan
    Keymaster
    US

    gorblimey:

    Dan: … we will also have to figure out what to do about temp folders. As we all know, malware loves to hide in these folders, and the problem is so do legitimate apps, and a lot of these legitimate apps do not have a Safe file reputation.

    Unfortunately there is no simple answer for temp folders, especially %appdata\local\temp%.  We won’t go into the reasons here, there are too many of them, all bad.  The most useful idea I have seen is to alter the permissions on all %user\temp% so nothing can execute from them and only ever use the Admin account to do Admin-type stuff.  My own ruleset uses the “Block Silently”, but given that so many people have …legitimate (?) softs that operate from %user\temp%, it would be better to force decision-making with a non-silent “Block” action.

    It is important to also include c:\Program Data\ in the ruleset, as nothing should ever execute from this location.  Again, lazy devs.

    I reiterate my policy of feedback to the publishers involved, criticising their poor security practices, also letting them know I have deleted their products from my box in favour of better-behaved programs.

    Talking about restricting oneself to your LUA, I use and recommend SuRun, an adaptation of the *nix Sudo.  This securely elevates privileges in the LUA context rather than the Admin context.  It means I only need the Admin account for system-wide operations.

    I hear you on this one, you should see the medical and tax software that are on our client machines, they break every security rule in the book and do not even bother signing their binaries.  And these are not small software companies, some of them are multi billion dollar companies and they completely ignore sound security practices.  And then everyone wonders why hospitals are smashed with ransomware.  Cybersecurity should be a community effort and everyone needs to do their part.  Until this happens, there will always be breaches.

    0
    0
    Dan
    Keymaster
    US

    Triple Helix: Do we have to check the Boxes in the Firewall list in WLC?

     

     

     

    The inbound and outbound boxes will automatically be checked when a WLC Not Safe file is encountered.  When the user verifies the item as safe, the firewall rules are automatically removed, so the boxes are then unchecked.  As you guys use these new features, please let me know if we need to tweak anything.  For example, maybe we do not want the boxes to become unchecked when the user verifies the item as Safe.  That is just an example, but you get my point.

    Anyway, the inbound and outbound boxes can also be used to block internet access for Safe items.  A couple of people have requested a similar feature in the past because they wanted to block certain safe apps from accessing the internet.  Anyway, it’s pretty cool because you can do exactly that with these checkboxes ;).

    0
    0
    Dan
    Keymaster
    US

    Krusty: I think the WLC firewall rules only block access to non-whitelisted files.  WLC doesn’t create ‘Allow’ rules.

     

    Just wondering… Could it be a slow connection between me and the WLC servers causing the WLC scan to take so long?

    Well, the main SQL server is a super fast Microsoft Azure cloud database, and 90% + of the results will come directly from this server.  Unless you are rocking a dialup connection in Australia, I imagine this is probably not an issue.  We can actually replicate the SQL server to several different locations around the world, which will speed things up even more.  What kind of speeds do you guys get down under? ;).

    I am guessing that there is / was a bug in the code somewhere that is hopefully fixed now… especially since it was taking longer than 10 minutes.  I think WLC was somehow stalling when it was trying to analyze files that it is not capable of analyzing, like .dat files.  This should be fixed now, but if not, please let me know and also send me your 2 logs, and we will get it fixed in a jiffy ;).

    Sorry if I skipped a few posts… its been a long few weeks and I am dying to get away from the computer for a while ;).

    Thank you guys, have a great weekend!

    1
    0
    VecchioScarpone
    Participant
    AU
    Installed 5.52 over the top 5.51. No issue to report.

    Have a great weekend too.

    "Today is yesterday's future - Carpe diem"

    0
    0
    Krusty
    Participant
    AU
    Hey Dan,

    I hope you’re well and can get plenty of time away from the PC over the weekend.

    FYI, I get about 50 mb/s download speed here.  Not great but better than many.

    If I see the long scan times again I’ll be sure to send you the logs.

    Cheers,
    Krusty

    _______________________________________________________
    • Windows 10 x64 20H2
    • Mint Cinnamon 20.1
    0
    0
    Dan
    Keymaster
    US

    Gandalf:

    Dan:

    Gandalf: Dan, can you add the new chromium based Edge to the web apps?

     

    “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe”

    I have now added it myself through auto detect additional running web apps.

    I thought I did ;).  It should be under the Edge icon and it covers both the old Edge and new Edge… if it is not working correctly please let me know, thank you!

    It’s not working for me. I have to use auto detect additional running web apps to add MSEDGE.

    How odd… I am trying it now as we speak and it is working for me.  Is this working or not working for anyone else?

    0
    0
    VecchioScarpone
    Participant
    AU
    How or where do I check Edge Chrome or regular edge is working on VS.

    I know how to manual add it on webapps.

     

    "Today is yesterday's future - Carpe diem"

    0
    0
    VecchioScarpone
    Participant
    AU
    I did work it out:

    I have to manually add EdgeChrome. Without that no joy… I meant no show.

    FYI I run EdgeChrome Stable (leaked) I do not have old Edge anymore.

    "Today is yesterday's future - Carpe diem"

    0
    0
    Unauthorized Alien
    Participant
    AU
    Running 5.52beta and haven’t encountered any problems yet. Did a fresh install.

    Good work Dan

    I’m using KIS, I like how you can block internet incoming/outgoing traffic for not safe files feature. It doesn’t work for Kaspersky Firewall though. Would Windows Firewall be recommended to use and disable Kaspersky’s instead of manually doing it myself?
    I do want to use the blocking feature.

    What settings should I change to harden Windows Firewall?

     

    0
    0
    simmerskool
    Participant
    none
    late to the (v5.50) party.  But so far so good.  Still not sure I’m up to speed, I just installed 5.52beta.  Is that current or is Dan on 5.53?

    Was running VS 5.04 + WLC 1.04.  I uninstalled 5.04 but kept logs and settings.  Uninstalled WLC 1.04 everything.  Then installed VS 5.52beta.  It “remembered” my pro registration (must be that VAi feature 😉 and with WLC icon in systray — total happiness! WLC found 1 expected NOT SAFE and got that popup as I had tweaked in settings, whitelisted that, and it all seems to be running 5×5 — it’s behaving the way I “logically” expected it to work.  Kool! The WLC integration is seemingly perfecto so far, at least on this win10_vm test box.

    Now can one of you win10 experts tell me why Edge is always connected (apparently online) or why VS always sees it in yellow as connected?  Long weekend, perhaps time to dig deeper into the network…  Just running windows defender with Andy Ful’s configuredefender tweaks and VS.  Edge browser, with Brave on the side for testing.

    Dan disregard PM re 5.04, obvious “fix” ref openvpn as a webapp.

    I hope y’all had a happy thanksgiving.

     

     

    0
    0
    Baldrick
    Participant
    none
    Hi Dan

    Hope that you are well. Thanks for 5.52Beta. Now clean installed and running.

    Funny thing though. On both my systems with 5.51.Beta…initially all was as you stated it should be…initial scan some 5-10 minutes and then very quick follow on scans…but then after a while the follow on scans started extending in terms of duration to the point that nothing was being found but VS was still desperately trying to find somrthing .

    Anyway, with 5.52Beta installed all is running as it should but will keep an eye on it over then weekend because if the issue is still about it will not manifest itself until Saturday or later today, Friday.

    Generally, have to say for the zillionth time…what an app…and I just wonder what more greatness you are thinking of for putting into it. Do you ever rest? Or is the draw of Vegas still strong in you? ;o)

    Respect, Baldrick

     

     

    • This reply was modified 1 year, 1 month ago by Baldrick.
    2
    0
Viewing 15 replies - 76 through 90 (of 952 total)
  • You must be logged in to reply to this topic.