VoodooShield 5.70

Forums VoodooShield Support Forum VoodooShield Releases VoodooShield 5.70

  • Post
    Dan
    Keymaster
    US
    Hey Guys, VoodooForums is not working well at all.  It is built on wordpress / bbpress and I have read that these types of issues are typical with bbpress.

    So I updated the entire site and started this new topic to see if it is working better.  If not, we will either have to chose another platform, or maybe since most of the development and debugging for VS is finished, we figure out another way to communicate.

    BTW, I just checked my PM’s and it seems as though I missed a lot of PM’s the last 5 months, sorry about that.  I always forget to check my PM’s anyway, so it is best to email me at support at voodooshield.com.

    Anyway, let’s try this thread and see how it does now that everything is updated.

    Thank you guys!

    3
    0
Viewing 15 replies - 256 through 270 (of 411 total)
  • Replies
    Tarnak
    Participant

    Dan:

    Tarnak: I have taken a screenshot of part of the C:\ProgramData\VoodooShield\DeveloperLog.log , and as can be seen, it is from before the update to v6.05 beta.

     

     

     

     

    It looks like something went wrong during the installation.  None of this part of the code has changed in a very long time, so there is probably something else going on here.

    Please try this…

    1.  Exit out of VS and Uninstall VS

    2.  Reboot the computer

    3.  Disable all other security software

    4.  Reinstall VS

    During the uninstall, VS will ask if you want to delete your settings and logs.  It would be best to click Yes, especially if you have had the same settings and whitelists for a long time.

     

    OK  …I have done a baseline install as you can see from my screenshot. I will see how it goes over the following days.

     

    0
    0
    Tarnak
    Participant

    Dan:

    Tarnak: I have taken a screenshot of part of the C:\ProgramData\VoodooShield\DeveloperLog.log , and as can be seen, it is from before the update to v6.05 beta.

     

     

     

     

    It looks like something went wrong during the installation.  None of this part of the code has changed in a very long time, so there is probably something else going on here.

    Please try this…

    1.  Exit out of VS and Uninstall VS

    2.  Reboot the computer

    3.  Disable all other security software

    4.  Reinstall VS

    During the uninstall, VS will ask if you want to delete your settings and logs.  It would be best to click Yes, especially if you have had the same settings and whitelists for a long time.

     

    OK  …I have done a new baseline install as you can see from my screenshot. Will see how it goes over the following days.

     

     

    0
    0
    Dan
    Keymaster
    US

    Tarnak:

    OK  …I have done a new baseline install as you can see from my screenshot. Will see how it goes over the following days.

    Sounds great, thank you!  For some odd reason these replies had to be manually “Approved”, I am not sure why, especially since your other replies were visible.

    1
    0
    Tarnak
    Participant
    😉  At least I wasn’t going mad…:)

    But,  now include a couple of screenshots, about the

    Multiple instances of conhost.exe…

    A staccato effect is seen for the first one, and hours later it settles down

     

     

     

    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    0
    0
    Tarnak
    Participant
    I  just noticed something about the second screenshot…

    It is headed “User log”, but the sidebar shows “UI Tweaks” .  Strange, or not?

    0
    0
    Tarnak
    Participant
    @Dan …If irrelevant, feel free to delete this post

    Here are a couple of errors taken from the DeveloperLog.log:

    [QUOTE][11-01-2020 16:44:34] [INFO ] – Process allowed by WhitelistCloud: c:\windows\system32\svchost.exe
    [11-01-2020 16:44:35] [ERROR] – Exception in SQL_UpdateVoodooShieldVariablesFromSQLDatabase: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 – An attempt was made to access a socket in a way forbidden by its access permissions.). at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling, SqlAuthenticationProviderManager sqlAuthProviderManager)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
    at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.Open()
    at VoodooShield.SQL.UpdateVoodooShieldVariablesFromSQLDatabase()
    [11-01-2020 16:44:35] [INFO ] – IsProcessInCurrentWhiteList: c:\windows\system32\svchost.exe | 3[/QUOTE]

    [QUOTE][11-02-2020 08:49:04] [INFO ] – Snapshot Scan: 2/11/2020 8:49:04 AM
    [11-02-2020 08:49:07] [ERROR] – Exception in SQL_UpdateVoodooShieldVariablesFromSQLDatabase: Connection Timeout Expired. The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement. This could be because the pre-login handshake failed or the server was unable to respond back in time. The duration spent while attempting to connect to this server was – [Pre-Login] initialization=3557; handshake=0; . at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling, SqlAuthenticationProviderManager sqlAuthProviderManager)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
    at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.Open()
    at VoodooShield.SQL.UpdateVoodooShieldVariablesFromSQLDatabase()[/QUOTE]

     

    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    0
    0
    Dan
    Keymaster
    US

    Tarnak: 😉  At least I wasn’t going mad…:)

     

    But,  now include a couple of screenshots, about the

    Multiple instances of conhost.exe…

    A staccato effect is seen for the first one, and hours later it settles down

     

     

     

    Yes, all of those conhost.exe entries have different parent processes, so that is why there are so many of them.  Remember, VS considers the entire attack chain ;).

    0
    0
    Dan
    Keymaster
    US

    Tarnak: I  just noticed something about the second screenshot…

     

    It is headed “User log”, but the sidebar shows “UI Tweaks” .  Strange, or not?

    Yeah, that is very odd… I am unable to reproduce this, but if you see it again please let me know.  I wonder if you were mousing over the UI Tweaks tab when you took the screenshot?

    0
    0
    Dan
    Keymaster
    US

    Tarnak: @Dan …If irrelevant, feel free to delete this post

    Here are a couple of errors taken from the DeveloperLog.log:

    Yeah, our server and database has been overwhelmed and refusing connections, so I upgraded the database and we should be good to go now.

    0
    0
    Krusty
    Participant
    AU

    Dan: 2. Delete weather_tracker.exe from the whitelist

    Dan, do you mean “Blacklist item”?

    Thanks.

    _______________________________________________________
    • Windows 10 x64 20H2
    • Mint Cinnamon 20.1
    0
    0
    Dan
    Keymaster
    US

    Krusty:

    Dan: 2. Delete weather_tracker.exe from the whitelist

    Dan, do you mean “Blacklist item”?

    Thanks.

    Sorry, I meant to go to VoodooShield Settings / Whitelist tab, then right click on the weather_tracker item and delete it from the whitelist.  I am just curious if we know for sure that the “Create both firewall rules for not safe items” option is disabled, if the checkboxes are checked or unchecked the next time WLC detects that item.

    0
    0
    Geri123
    Participant
    none
    Hi Dan,

    any chance on a tip whats happening with my VS?

    See post

    0
    0
    Dan
    Keymaster
    US

    Geri123: Hi Dan,

     

    any chance on a tip whats happening with my VS?

    See post

    Yes, this should be fixed in 6.05 beta.  I was having the same issue with 6.04 but have not had the issue at all with 6.05 beta.

    0
    0
    Geri123
    Participant
    none
    Thanks Dan I will give it a try then.
    0
    0
    Krusty
    Participant
    AU
    Hi Dan,

    I forgot #1, but without that step, after deleting Weather_Tracker from the whitelist and restarting my machine, Weather_Tracker was once again “Not Safe”, but no firewall rules were created.

    Cheers.

    _______________________________________________________
    • Windows 10 x64 20H2
    • Mint Cinnamon 20.1
    0
    0
Viewing 15 replies - 256 through 270 (of 411 total)
  • You must be logged in to reply to this topic.