VoodooShield 5.70

Forums VoodooShield Support Forum VoodooShield Releases VoodooShield 5.70

  • Post
    Dan
    Keymaster
    US
    Hey Guys, VoodooForums is not working well at all.  It is built on wordpress / bbpress and I have read that these types of issues are typical with bbpress.

    So I updated the entire site and started this new topic to see if it is working better.  If not, we will either have to chose another platform, or maybe since most of the development and debugging for VS is finished, we figure out another way to communicate.

    BTW, I just checked my PM’s and it seems as though I missed a lot of PM’s the last 5 months, sorry about that.  I always forget to check my PM’s anyway, so it is best to email me at support at voodooshield.com.

    Anyway, let’s try this thread and see how it does now that everything is updated.

    Thank you guys!

    3
    0
Viewing 15 replies - 361 through 375 (of 455 total)
  • Replies
    Krusty
    Participant
    AU

    gorblimey: Installed v6.11 in Admin as upgrade over the top chose “Use same settings for all users”, restarted, then wiped the whitelist, user logs and command lines. Played with it a bit, setting it up, returned to my UA and played some more. Dan, we need an upgraded user manual. I did not expect to see “Silently Blocked” in the User Log, and it was disconcerting to to see VS simply blocking things without asking (Smart:Aggressive), but simply flashing the System Tray icon. I will have to uninstall and reinstall, but I need to know what the app is doing and why. This is getting disconcertingly very complex, more than a “simple toggle” should be.

    Hi,

    Just an FYI, I don’t have any silently blocked items on my machine.

    Cheers,
    Krusty

    _______________________________________________________
    • Windows 10 x64 20H2
    • Mint Cinnamon 20.1
    0
    0
    gorblimey
    Participant
    none
    I have a RuleSet which silently blocks anything trying to execute in %user\local\temp% or in ProgramData when VS is in ON, OFF, AUTOPILOT.  None of my programs execute there, only a couple of installers.  So this RuleSet is not an issue here.

    It is possible that VS does not like an over-the-top upgrade install.  Many apps have that problem, there is only one solution: download, uninstall manually, hose out the folders, “clean install”.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Dan
    Keymaster
    US

    smf61: One minor annoyance I still have is cosmetic.  If you have a left side vertical taskbar in Windows 10 and right-click on the VS icon then the pop-up menu appears in the right corner (on the other side of the screen) where the icon would have been if you had the default bottom taskbar.  Weird?

    Thank you for letting me know… I have never tried VS with a left side vertical task bar, but now that I have I see what you mean.  Let me think about how we might be able to fix this, and once I am finished with the C# code conversion I will see what I can do.  If I forget in the next month or so please remind me.

    0
    0
    Dan
    Keymaster
    US

    gorblimey: Installed v6.11 in Admin as upgrade over the top chose “Use same settings for all users”, restarted, then wiped the whitelist, user logs and command lines.

     

    Played with it a bit, setting it up, returned to my UA and played some more.

    Dan, we need an upgraded user manual.  I did not expect to see “Silently Blocked” in the User Log, and it was disconcerting to to see VS simply blocking things without asking (Smart:Aggressive), but simply flashing the System Tray icon.

    I will have to uninstall and reinstall, but I need to know what the app is doing and why.  This is getting disconcertingly very complex, more than a “simple toggle” should be.

     

    Yeah, in a couple of months I will update the owners manual again.  I updated it somewhat recently but I still need to add a few things.  When the silent block happened, was there another app running full screen?  VS 6.11 has a new feature when the desktop icon is on the same screen of an app that is running full screen, then it will silently block anything that is not already on the whitelist.  The purpose of this feature is so that if a user is playing a video game or has another app full screen, then VS will not interrupt the user by displaying a user prompt.  It is a new feature so I am kinda still working out the details.  Also, if your whitelist was pretty new, that would explain why this happened… like with a well developed whitelist, that item would have already been whitelisted, so it would not have been blocked at all.  Thank you!

    0
    0
    Dan
    Keymaster
    US

    Krusty:

    gorblimey: Installed v6.11 in Admin as upgrade over the top chose “Use same settings for all users”, restarted, then wiped the whitelist, user logs and command lines. Played with it a bit, setting it up, returned to my UA and played some more. Dan, we need an upgraded user manual. I did not expect to see “Silently Blocked” in the User Log, and it was disconcerting to to see VS simply blocking things without asking (Smart:Aggressive), but simply flashing the System Tray icon. I will have to uninstall and reinstall, but I need to know what the app is doing and why. This is getting disconcertingly very complex, more than a “simple toggle” should be.

    Hi,

    Just an FYI, I don’t have any silently blocked items on my machine.

    Cheers,
    Krusty

    Great to know, thank you Krusty!

    0
    0
    VecchioScarpone
    Participant
    AU
    Dan, no silent blocking items on my machine either. I waited a day to report just to be sure.

    "Today is yesterday's future - Carpe diem"

    0
    0
    gorblimey
    Participant
    none

    When the silent block happened, was there another app running full screen?

    No, I use lots of “restored” screens as I don’t like fullscreen, but the desktop shield was (is) hidden.  A couple of times the hidden shield was covered by TedPad, which I usually have as a 30-line by 60 characters window at bottom right.  This may count as “full-screen covering the icon”.  And yes, the whitelist was pretty new.

    FWIW, any of my screens will be resized at need, and will almost certainly cover some feature with no consideration for trodden toes or fingers.  The only sacred site is the clock gadget at top right and the Lotus Reminders just above it.

    I will be uninstalling ready for a fresh clean install later this evening, see how many apps I can get up on one screen to train VS!

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    gorblimey
    Participant
    none
    The saga continues…

    I did a clinically clean install as Admin last night, set VS for “All Users” as soon as I could, created my custom RuleSet and deleted the default Rule, then retreated to my LUA.  Put VS in training mode, and lit up as many apps as I could, then took a snapshot.

    When creating the RuleSet, I first chose the “Block Rules” header.  Maybe I shouldn’t have done this, see the “Blank RuleSet.png”.  I also noted that VS had managed to block 3 threats?

    This morning, while VS was organising itself (blue shield), it silently blocked 3 more files, see the pics.  One of the files, “dmexc.exe” had been whitelisted at install, but may have been pinged for a change in pathway due to being cold-started in my LUA this morning.  Normally I would set VS to Training Mode and restart the Silently Blocked apps and take another snapshot, but these are system files.  I have Specific Critical Windows Processes checked in Basic Settings.

    Which log files do you need?  I’ll email them to you.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Triple Helix
    Participant
    CA
    I have never seen a Silent Block. @gorblimey which mode do you use? I use Smart Mode/ Aggressive and I run only an Admin account.

     

    VoodooShield Pro - Webroot SecureAnywhere Complete - Glasswire Elite
    0
    0
    gorblimey
    Participant
    none

    @gorblimey which mode do you use?

    Smart:Aggressive, and I only use Admin for Admin stuff. Productivity is done in my LUA.

    Aaaannndd…  Now it’s a Command Line?  I also was not happy to see Surun hit, this is fundamental security being compromised.

    …  I think I might go back to v6.0, at least that’s stable.  Maybe v5.x?

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    gorblimey
    Participant
    none
    Hi Dan –

    Sorry cobber, but I have to revert to v6.0.  The 6.1.1 is simply too complicated, and does not follow the model of a simple toggling computer lock.

    6.0 is not happy about being resurrected, but I can live with it.  On the good side, as of a few moments ago I have not had any “Silently Blocked”.  It has occurred to me that perhaps my own “Silently Block” Rules may well be triggering v6.1.1.  Too bad, there is a need to totally prohibit execution of any apps in those locations regardless of goodness or badness.  I deliberately chose the silent block so that I would never be bothered by wannabees in those locations that they should not be in in the first place.

    I look forward to the occasional alert, which at least gives me the option of allowing an action on its merits.

    • This reply was modified 2 weeks, 5 days ago by gorblimey.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Dan
    Keymaster
    US

    gorblimey: The 6.1.1 is simply too complicated, and does not follow the model of a simple toggling computer lock.

    VS 6.00 and 6.11 are essentially the same, but 6.11 has some bug fixes and refinements that were necessary after we replaced VT with WLC.  How is 6.11 more complicated than 6.00?

    The silent blocks are almost certainly a result of your rules.

    0
    0
    gorblimey
    Participant
    none
    V611 became more complicated due to lack of alerts and balloons. In short, I had to feel my way by touch.

    FWIW, all options involving “the Cloud” (WLC, VT etc) have always been switched off where possible. Some of them I just have to live with.

    The 4 rules I made all had one thing in common: they were aimed at specific folders, and I assume the logic was recursive down the subfolders. None of the blocked files lived in any %user\appdata\local\temp% or anywhere in C:\ProgramData. I chose the “Block Silently” option because I did not want to be bothered by malware being fatally interrupted.

    I did suspect the connection, and I made sure that in the last reinstall of v611 I applied each %local\temp% while logged into that account (Admin, my LUA and the guest LUA). I do not have a Guest Account enabled. The ProgramData rule was created in Admin just to take care of permissions.

    v600 did not and does not have any of the Silently Blocked incidents. So if the Silently Blocked in v611 were indeed a result of my Ruleset, this means that all of the exes were being executed from either %appdata\local\temp% or from C:\ProgramData (I really cannot see M$Windows blundering so clumsily) and had not been picked up by v600, or that v611 has a different interpretation of the Rules that I don’t know about.

    • This reply was modified 2 weeks, 4 days ago by gorblimey.

    _________________________________

    Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
    0
    0
    Dan
    Keymaster
    US
    We will be closing the forums in the next couple of days.  All of the longtime VS supporters, please email me with the subject “VS beta test group”.  We will create a closed beta test group and I can email you when a new beta version is released.  Thank you!
    0
    0
    Alexhousek
    Participant
    Dan, just curious. Where are we going to post, or how are we going to let you know if we are having issues with the public release version and not a beta if this forum is gone?  Do you want us to use Malwaretips for that?

    For example, I’m having an issue with Whitelist Cloud showing an unsafe item, and scanning for the past 24 hours.  And, no unsafe items are showing on the list.

     

    Thanks.

    1
    0
Viewing 15 replies - 361 through 375 (of 455 total)
  • You must be logged in to reply to this topic.