Dan

Forum Replies Created

Viewing 15 replies - 1 through 15 (of 282 total)
  • Replies
  • Dan
    Keymaster
    US

    boxes: Problem as tittle, i must comfirm registration manually everytime.

     

    By the way, my laptop need proxy software to get online in office, which must be started manually after login. Would it cause this problem?

    Hi boxes, nice you meet you!  Yeah, it probably is the proxy software.  Can you please send me (support at voodooshield.com) the C:\ProgramData\VoodooShield\DeveloperLog.log file?  There might be a way to fix that quickly.  Also, what proxy software is it?  Thank you!

    0
    0
    Dan
    Keymaster
    US

    oldschool: VS v.5.75 running fine on my refreshed system. Still my favorite piece of software! ^-^

    Thank you OS, I appreciate that!

    1
    0
    Dan
    Keymaster
    US
    Thank you Mr.GumP, I appreciate that!
    0
    0
    Dan
    Keymaster
    US
    Yes, it is funny that you should ask. I started the day with a few simple tests, then one thing kind of led to another, and I ended up testing many different deny-by-default products.

    As it turns out, the parent / child process mechanism that I have talked about for years now works better than I ever thought it would. Simple whitelisting by the single executable’s path is no longer an effective mechanism to stop malware. The entire attack chain should be considered (parent, child, etc), and I am finding this to be the exception rather than the rule. So VS might be overkill, but that is only because it actually functions as a true deny-by-default.

    I will probably create a video on this, it is quite interesting what I found.

    1
    0
    Dan
    Keymaster
    US

    GrDukeMalden: Under “UI Tweaks” just give the user an option to enable a second countdown for the reconnect attempts. the default would be 20 seconds and during that time there would be one reconnect attempt after another until the timer is done.

    Thank you for the suggestion, we can consider adding an option if we think it is necessary.  I am hoping we can make the timeout work well for everyone without having to make it an option.  Either way, we can only have so many attempts… we do not want to put it in an infinite loop.

    0
    0
    Dan
    Keymaster
    US

    GrDukeMalden: I did a clean install of 5.75 just to be safe.

     

    I still have that issue where it can’t connect to the internet sometimes. My VPN has a killswitch so when it first starts connecting.

    Sometimes manually starting a WLC scan will fix this problem. Any time that doesn’t work, making my VPN disconnect with the killswitch doing its thing and then reconnecting fixes this problem.

    One way to fix this would be to make VS’s reconnect attempt frequency more often. any time it can’t connect when an alert shows, it should try to connect again while the countdown is happening

    Yeah, VPN’s are great and all, but they certainly add a lot of opportunity for errors.

    There are currently 5 retries, and each has a 3 second timeout.  Please let me know if you have an idea of how we should adjust this to see if we can fix your VPN issue.  We might actually want to adjust the timeout to 5 or so and test.  Maybe the connection is timing out before the next retry?

    0
    0
    Dan
    Keymaster
    US
    Thank you guys for letting me know!  If there are any features we should modify or add, please let me know!
    0
    0
    Dan
    Keymaster
    US
    Oops, sorry about that… now that I read your question again I see what you mean. I have been working on a stand alone real time version of WLC for SMB and enterprise, so that is why it was on my mind. The goal is for admins to know that only Safe files are running on their endpoints / networks at any moment in time, and to only allow known Safe files at the kernel level. Kind of like a stripped down version of VS on AutoPilot.

    But to answer your question, the supported file types for WLC are currently: .bat, .cmd, .com, .cpl, .dll, .exe, .jse, .msi, .ocx, .pif, .scr, .tmp, .vbe

    0
    0
    Dan
    Keymaster
    US
    BTW, the forums are still not working correctly.  There is an update that just came out today that might fix the issue.  Or it might break the site further, I guess we will find out ;).
    0
    0
    Dan
    Keymaster
    US
    Exactly… we do not want to add mechanisms that cause issues with the OS, especially if the OS already has mitigations for those types of attacks.  Thank you!
    0
    0
    Dan
    Keymaster
    US
    I released 5.75 to the public, thank you guys for all of your help!  Please let me know if you ever find anything we need to fix, thank you!
    1
    0
    Dan
    Keymaster
    US
    Thank you guys, this really should be the public release, but if you find anything please let me know!

    VS 5.75
    https://voodooshield.com/Download/InstallVoodooShield575.exe
    SHA-256: 13728cde64f3173369ab2c34f6c3cb0a947cdf0c3c3f63a8768ca28b010e553d

    3
    0
    Dan
    Keymaster
    US
    Also, please keep in mind… the type of exploits you are referring to run as System, which for example, easily bypasses other similar tech, such as SRP.  VS will parse and block the command lines, so it will at a minimum disrupt the attack chain, rendering the attack useless.  We can add other anti-exploit tech, but we need to be careful what to add because doing so tends to break things in the system.  And we certainly not add a specific exploit mitigation if the OS already provides a mechanism.
    0
    0
    Dan
    Keymaster
    US
    Yeah, people ask about this all of the time.  Using your dll example, how are you going to run your dll without an exe or command line?  This is how VS blocks it.  Same with a driver and service.  Both require something to install them, which VS should block.  If you have a PoC I would be happy to look at it.

    At some point we might start implementing anti-exploit mechanisms that will block the kind of things you are talking about even quicker.

    0
    0
    Dan
    Keymaster
    US
    Yes, that is the plan, especially for the foreseeable future ;).
    0
    0
Viewing 15 replies - 1 through 15 (of 282 total)