GrDukeMalden

Forum Replies Created

Viewing 15 replies - 1 through 15 (of 32 total)
  • Replies
  • GrDukeMalden
    Participant
    US
    Does voodoo protect against python scripts? Or any other kinds of scripts besides the ones that run in files found on a clean install of windows?
    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    Under “UI Tweaks” just give the user an option to enable a second countdown for the reconnect attempts. the default would be 20 seconds and during that time there would be one reconnect attempt after another until the timer is done.
    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I think what I was requesting may have been misinterpreted.

    I’m well aware VS has its users covered against the kind of malware propagated as DLL’s and SYS’s

    What I was suggesting is for WLC to scan for those kinds of things in addition to what it already scans for. To help ensure that the machine really doesn’t have anything unknown running.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I did a clean install of 5.75 just to be safe.

    I still have that issue where it can’t connect to the internet sometimes. My VPN has a killswitch so when it first starts connecting.

    Sometimes manually starting a WLC scan will fix this problem. Any time that doesn’t work, making my VPN disconnect with the killswitch doing its thing and then reconnecting fixes this problem.

    One way to fix this would be to make VS’s reconnect attempt frequency more often. any time it can’t connect when an alert shows, it should try to connect again while the countdown is happening

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    There’s not much else to tell. When the prompt to enter the password on the settings comes up for any reason it will get deselected randomly. Sometimes right after I click the text entry box sometimes after I’ve typed just one or two characters of the password.

    And sometimes it doesn’t happen at all and works just fine.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I use firefox too. Same story as @Geri123. I don’t like chrome, because there aren’t any good options to spoof fingerprinting mechanisms for it. I still have chrome, but I only use it when I can’t view a web page in firefox for whatever reason.

    IE/Edge is even worse when it comes to compatibility with websites I visit, although chromium edge is slightly better about that…also I can run chromium edge inside sandboxie with no issue. The appcontainer is worthless by comparison.

    And yes, to answer @gorblimey ‘s question. I sandbox everything except my PC games. I visit unfamiliar websites every day.

    • This reply was modified 1 month, 4 weeks ago by GrDukeMalden.
    • This reply was modified 1 month, 4 weeks ago by GrDukeMalden.
    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    Okay, I simply cannot quote another post when I reply in this thread. I tried three times, fiddling with my extensions.
    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    the link Daniel san linked to on malware tips is 404’d. I’m still unable to post a quoted reply.

    Whitlisting on, garbage security product off!

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    1
    0
    GrDukeMalden
    Participant
    US
    Can’t get the latest firefox Nightly to install. I made sure it was the legit firefox nightly, but I feel like it would be best to have an expert look at the file submissions.

    Firefox nightly’s installer runs just fine, but there’s a command line that VS blocks afterward.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    Yes, the admin approval thing that prevents a user from left-clicking on VS’s two icons.

    But everything else I launch from either the run command or the startmenu triggers the password protection like normal. Regedit needs to be locked down the same way as everything else. The UAC is easy to bypass.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    1
    0
    GrDukeMalden
    Participant
    US
    I think I might know the youtuber you’re talking about. He made a video about his opinion about whitelisting security not being good. And even used VoodooShield as an example.

    When he talked about SecureAPlus, I was with him most of the way because SOME of the things on a prompt from SAP can be a little vague.

    But when he talked about voodooshield, which gives alerts that are much easier for a normal user to understand, that’s where he lost me.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    @simmerskool may or may not remember me from wilders security when I’ve shared the way I configure comodo firewall. It’s very similar to CruelSister1’s way of configuring it. Except my way blocks ALL unknown and ALL known malware instead of sandboxing it. My way of configuring comodo firewall has evolved a little, since there’s a few new features in it now.

    Proactive security,

    General settings: User interface: turn off welcome screen, turn off notifications about tasks being sent to the background turn off the upgrade button and enable password protection. Keep the widget but get rid of all of the “Pane” things. It confirms that comodo is actually running, sometimes the tray icon can be a little finicky

    Firrewall: Firewall settings: Turn on “do not show popup alerts” and select “block requests”. Turn on “filter IPv6 traffic” turn on “do protocol analysis”

    Firewall: Network Zones: Turn on “do not show popup alerts” and select “public”

    HIPS: HIPS Settings: Turn on “do not show popup alerts” and select “block requests”.

    Containment: Containment Settings: Turn off “do not virtualize access to” options, turn off “enable automatic startup for services installed in the container” Turn on “do not show privilege elevation requests” Select “block” Don’t allow virtualized access to the clipboard Protect the virtual desktop with a password. The virtual desktop can now be used to protect your PC from a friend that wants to use it now.

    Containment: Auto-Containment: Change the setting currently set to “run virtualized” to “block”

    File Rating: File Rating settings: Enable “do not show popup alerts.

    Advanced Protection: VirusScope: Enable “do not show popup alerts” and make sure “monitor only the applications in the container is OFF

    (Optional)Advanced Protection: Device Control: Make sure it’s enabled, log detected devices should be turned on, enable “show notifications when devices are being disabled or enabled” Add all existing devices to the exclusions, and block every category of devices that can be blocked. This will keep anyone from being able to spread their crap from their own devices into your PC. Allow only your own devices whenever you get a new one.

    Advanced Protection: Miscellaneous: Turn off “do not automatically clean up suspicious certificates And maybe turn off “show alerts in case any other software attempts to modify current settings of installed browsers

     

    • This reply was modified 3 months, 3 weeks ago by GrDukeMalden.
    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I’m of the mindset that nothing is infallible. So if one whitelisting application like VS works great, adding on another whitelisting application like SecureAPlus and/or comodo firewall (Or just add comodo I.S.) would make that setup even better.

    After all, comodo was revealed in…certain leaks that I won’t specifically name here…as a “colossal pain in the ass” by…an agency…that was trying to subvert its protection on a windows computer.

    But you may or may not have heard of the DoubleAgent ransomware that hijacks your antivirus through a DLL injection into its processes, comodo was on that list of products that were vulnerable to it. (it was done through the application verifier)

    So having voodooshield along with comodo makes for a damn near perfect setup. Especially now that VS can block any unknown DLLs from loading into memory, no matter what process tries to inject them.

    After some proof reading, I’m sorry for the rambling.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I was talking more about which antivirus products, besides VS, aren’t being misleading when their product says it’s protecting them. As far as I’ve seen, only other whitelisting applications are telling the truth with their equivalent of the green checkmark.

    But I do get what you’re saying.

    Microsoft SE back during the windows 7 and windows XP days was awful. It got a really crappy detection rate on top of sometimes being unable to handle some of the things it would catch. But it kept showing the green checkmark all the while a piece of ransomware would be running on the system.

    Norton was and still is the same way. I have elderly friends that use it and their computer tech says it’s “the best one” but in the next breath with admit he doesn’t know specifics about how software functions. I’ve had him work on my PC a few times whenever I have a hardware issue and he’s good about that at least.

    Back to my point about Norton. It consistently gets the lowest detection rate out of all of the top selling products. Even comodo’s antivirus gets a better detection rate and comodo is notorious for having a bad detection rate with the antivirus (don’t misunderstand what I’m saying, comodo works great, their virus database is bad though.) Any time I’m doing someone’s backup with a norton product it only tells me AFTER I’ve finished the backup that “you haven’t performed a backup recently”

     

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
    GrDukeMalden
    Participant
    US
    I’m a little confused about what @Gorblimey is talking about.

    They said that ccleaner “has a download hash” in a way that implies not everything has a “download hash”

    Literally every file has an info hash of every kind. MD5, SHA1, SHA256 and so on. Every file has one. That’s why it’s such a good way to keep a whitelisting application from being fooled. Because if the file is different, the hashes calculated from it will also be different.

    A digital signature is more like a name tag. Any idiot can wear a name tag that says anything, it doesn’t make them who that name tag says they are.

    I’ve never seen an honest test of voodooshield where it failed. Even with the default settings.

    If you want to make it tighter, uncheck the option to allow by parent process and uncheck the option to auto allow anything that matches a digital signature in the whitelist snapshot. Maybe even disable the option for VS to be deactivated after X-number of minutes.

    |VPN(paid)| VoodooShield(Paid)| ComodoFW(free)| HitmanPro.Alert!(Paid)|
    0
    0
Viewing 15 replies - 1 through 15 (of 32 total)