Hey Guys, VoodooForums is not working well at all. It is built on wordpress / bbpress and I have read that these types of issues are typical with bbpress.
- June 30, 2020 at 11:17 pm
So I updated the entire site and started this new topic to see if it is working better. If not, we will either have to chose another platform, or maybe since most of the development and debugging for VS is finished, we figure out another way to communicate.
BTW, I just checked my PM’s and it seems as though I missed a lot of PM’s the last 5 months, sorry about that. I always forget to check my PM’s anyway, so it is best to email me at support at voodooshield.com.
Anyway, let’s try this thread and see how it does now that everything is updated.
Thank you guys!30
VecchioScarponeParticipantThanks Dan. 5.98e beta over the top running without any issue.
- September 16, 2020 at 9:52 pm
"Today is yesterday's future - Carpe diem"00
boredogParticipantHey Dan I contacted you via email but never heard back. The latest version keeps blocking a powershell command line on my insider build.
- September 17, 2020 at 9:27 pm
- September 18, 2020 at 1:33 am
boredog: Hey Dan I contacted you via email but never heard back. The latest version keeps blocking a powershell command line on my insider build.
Sorry about that, the email must have been sent to spam or something. The newest versions of VS will show the process path and the parent process path of the command line blocks… can you please scroll over to the right and let me know what they are? Thank you!00
Just testing the latest beta. Trying to understand when WLC labels files as “suspious”
- September 20, 2020 at 1:08 pm
File rorlauncher got a valid signature and 10/67 on VT > File labeled safe
File par2j got no signature and 0/66 VT and wasn’t modified since month (old file) > suspious
Any whats the way to whitelist a file in WLC while still having in and outbound traffic blocked? Some files I consider clean which never would need internet in any way.
And what’s up with the old wordpress stuff? Isn’t WP something thats needed constant bugfixes to get installed?
Can’t put the picture in the rightplaces in this forum no clue why…
Hey guys, here is the latest, I will be releasing 6.0 to the public this week, thank you!
- September 20, 2020 at 5:56 pm
VS 5.99 beta
RoRLauncher.exe- The 11 detections on VT are false positives, most of them are ML/Ai false positives due to the file probably being obfuscated into oblivion.
- September 20, 2020 at 6:05 pm
par2j64.exe- When a binary is not signed, it runs the risk of being classified as either suspicious or unsafe, unless its file reputation is high enough that it can overcome the lack of a digital signature. Also, MultiPar is a PUP.
Both of these cherry picked samples could easily go either way. If you want to test WLC’s efficacy, download the top 100,000 most common clean files, and collect 100,000 malicious files, then test with WLC. It will be difficult to find an instance where WLC returns an incorrect verdict.
The last time I updated WP, it broke a lot of stuff. But what the heck, it can’t get any worse than it is, so I will update it.
You can allow a file with WLC, then check the Inbound and Outbound FW Rule checkboxes.
Thanks for the answer explaining the results.
- September 20, 2020 at 6:52 pm
From the few programms I often use (rather static system) I got 2 results where I expect that they were the other way around.
I expected rorlauncher to be “suspious” and par2j.exe which is part of Sabnzb standalone to be labeled as safe.
Afaik the Sabnzb standalone got no mulitpar.exe include only the par2j64.exe and par2j.exe (so no PUP?).
Anyways I’m curious so I had to ask to understand it better.
Thanks for the tip with the checkboxes, I totaly forgot about them.00
Can’t edit the other post sorry
- September 20, 2020 at 8:06 pm
Sometimes my VS “AutoPilot” switches to “Smart Mode” still found no clue how exactly to reproduce it :/
E.g 5 mins ago:
I just ended an onlinegame and was not sure if I had VS on Autopilot. I looked and it was “smart mode”, I changed it to autopilot, got a coffe and ended the sandboxed webrowser> VS turned from autopilot to “smart mode”.
Since it not always happens and not always while doing the same things I can only offer this as beta feedback sadly.00
- September 20, 2020 at 11:15 pm
- September 21, 2020 at 9:09 pm
Hi @Triple Helix,
- September 21, 2020 at 10:24 pm
I thought the plan was for that link to open the default browser to VirusTotal. Yes, I know VT has been removed from VS.
- Windows 10 x64 20H2
- Mint Cinnamon 20.1
@Krusty it does work: https://www.wilderssecurity.com/threads/secureaplus-vs-voodoo-shield.376396/page-3#post-2950184VoodooShield Pro - Webroot SecureAnywhere Complete - Glasswire Elite10
- September 22, 2020 at 1:05 am
- September 22, 2020 at 2:17 am
Interesting thread ;). Once upon a time when signatures were relevant, VirusTotal worked pretty well with VS and VoodooAi, but this is simply no longer the case. Signatures are becoming less and less relevant by the day, which is why AV’s are starting to rely more on ML/Ai, behavior blocking and heuristics.
I distinctly remember when I came up with the idea for WLC over a year ago. I was thinking… why is VS even concerned with detecting malicious files anyway? The old adage “you can’t prove a negative” demonstrates why it makes a lot more sense for VS to be looking for safe files as opposed to looking for malicious files. I always figured the WLC / VoodooAi / VS integration would work really well, and I have to say, it far exceeded my expectations.
@bellgamin… combining whatever you believe to be the most capable deny-by-default product with whatever you believe to be the most capable AV product is probably a great way to go.
VS will let the capable AV’s do what they do best, while VS focuses on what it does best.30
- You must be logged in to reply to this topic.