Tarnak

Forum Replies Created

Viewing 15 replies - 1 through 15 (of 118 total)
1 2 3 6 7 8
  • Replies
  • Tarnak
    Participant
    @Dan

    Log sent a few minutes ago.

    0
    0
    Tarnak
    Participant
    My VS has started to become unresponsive to right click on it’s  tray icon, so I will need to reboot all the time to get it to work again. Not very practical to do this when VS becomes unresponsive, i.e. locks up.

     

    P.S.  I was running a third party uninstaller at the time, but it couldn’t proceed as per my screenshot. Hence the need to reboot, now.

     

     

    Attachments:

    1. VS_Unrseponsive-to-riight-click_01.jpg

    0
    0
    Tarnak
    Participant
    Whilst it is good to be able to e-mail Dan direct, I would prefer that when I have a problem with VS to post about it in the forum.

    That way we all get to see if the problem is a common one, or [just] exclusive to one.

    But, [whatever] we all get to learn something. So, I hope the forum continues…

    P.S. Installed latest beta:

     

     

     

     

    Attachments:

    1. VS_v6.06b-beta_fresh-instal_05.jpg

    2
    0
    Tarnak
    Participant
    As I have mentioned recently, I have been having problems with resources used by VS.

    Since, I can’t get any resolution, I have decided to uninstall VS for the time being.

     

    Attachments:

    1. VS_problems_01.jpg

    0
    0
    Tarnak
    Participant
    After a reboot, still something is wrong:

    P.S.  Compare the Last Snapshot scan times of the screenshots, both are the same time, but different duration. Seem odd?????

    P.P.S Just noticed that I can’t drag and drop the VS GUI in this Whitelist mode.

    • This reply was modified 2 months, 1 week ago by Tarnak.
    Attachments:

    1. VS_6.06a-beta_02.jpg

    2. VS_6.06a-beta_03.jpg

    0
    0
    Tarnak
    Participant
    I did an over the top install, but it seems to not have gone well. CPU usage abnormal. Refer to recent post mentioning this.

     

     

     

     

     

    Attachments:

    1. VS_6.06a-beta_01.jpg

    0
    0
    Tarnak
    Participant
    Resource usage went overboard for awhile, see  2nd and 3rd screenshots, especially:

     

     

    Attachments:

    1. VS_CPU-current-resource-usage_01.jpg

    2. VS_CPU-current-resource-usage_02.jpg

    3. VS_CPU-current-resource-usage_03.jpg

    0
    0
    Tarnak
    Participant
    Updated thru the GUI.   A few lines from C:\ProgramData\VoodooShield\DeveloperLog.log

    It is looking good, I think.

    [11-04-2020 09:38:34] [INFO ] – Snapshot Scan: 4/11/2020 9:38:34 AM
    [11-04-2020 09:38:36] [INFO ] – IsProcessInCurrentWhiteList: c:\program files (x86)\unhackme\unhackme.exe | 1
    [11-04-2020 09:38:36] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\program files (x86)\unhackme\unhackme.exe
    [11-04-2020 09:39:39] [INFO ] – IsProcessInCurrentWhiteList: c:\program files (x86)\unhackme\unhackme.exe | 1
    [11-04-2020 09:39:39] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\program files (x86)\unhackme\unhackme.exe
    [11-04-2020 09:39:47] [DEBUG] – UpdateDownloader::Download complete. Canceled=False, Error=No
    [11-04-2020 09:39:51] [INFO ] – IsProcessInCurrentWhiteList: c:\users\owner\appdata\local\temp\installvoodooshield.exe | 0
    [11-04-2020 09:39:55] [INFO ] – Queried Database for c:\users\owner\appdata\local\temp\installvoodooshield.exe
    [11-04-2020 09:39:55] [INFO ] – VoodooAi scan: True | False | 0 |
    [11-04-2020 09:39:55] [INFO ] – VoodooAi scan: c:\users\owner\appdata\local\temp\installvoodooshield.exe
    [11-04-2020 09:40:17] [INFO ] – Process allowed by VoodooShield Update: c:\users\owner\appdata\local\temp\installvoodooshield.exe
    [11-04-2020 09:40:17] [INFO ] – Update requested. Exiting.
    [11-04-2020 09:41:12] [INFO ] – *************************** User started VS 6.06 ***************************
    [11-04-2020 09:41:33] [INFO ] – The Windows Defender Firewall Service is running.
    [11-04-2020 09:41:44] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\program files (x86)\unhackme\unhackme.exe
    [11-04-2020 09:41:50] [INFO ] – The Windows Defender Firewall Service is running.
    [11-04-2020 09:42:29] [INFO ] – The Windows Defender Firewall Service is running.
    [11-04-2020 09:42:46] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\program files (x86)\unhackme\unhackme.exe
    [11-04-2020 09:43:26] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\windows\syswow64\dllhost.exe
    [11-04-2020 09:43:33] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\windows\system32\openwith.exe
    [11-04-2020 09:43:39] [INFO ] – Process allowed by Current Whitelist Snapshot: c:\windows\system32\notepad.exe

     

     

     

    0
    0
    Tarnak
    Participant
    This alert has popped before, and I always allow:

     

     

    Attachments:

    1. VS_v6.05-beta_baseline-install_06.jpg

    0
    0
    Tarnak
    Participant
    I got  a whole slew conhost. exe blocks, but then allowed for –  https://answers.microsoft.com/en-us/windows/forum/windows_10-security/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4

    2/11/2020 7:08 PM Auto Blocked conhost.exe c:\windows\system32\conhost.exe 5EAD300DC7E4D637948ECB0ED829A072BD152E17 baf97b2a629723947539cff84e896cd29565ab4bb68b0cec515eb5c5d6637b69 c:\windows\system32\conhost.exe 0xffffffff -forcev1 885760 7z.exe c:\program files\secureage\whitelist\7z.exe Owner

    3/11/2020 10:44 PM Auto Allowed waasmedicagent.exe c:\windows\system32\waasmedicagent.exe 5EAD300DC7E4D637948ECB0ED829A072BD152E17 74253b0fea39bbe6fd6a825ad640e6c6e25ad7cb84b8566d379ec631070f281a c:\windows\system32\waasmedicagent.exe ac588a3f70a00ed836c418a1ca0a9496 i1a06ukc00wnvlfwetsbxq.0.1.0.0.0 89088 svchost.exe Owner

    3/11/2020 10:44 PM Auto Allowed conhost.exe c:\windows\system32\conhost.exe 5EAD300DC7E4D637948ECB0ED829A072BD152E17 baf97b2a629723947539cff84e896cd29565ab4bb68b0cec515eb5c5d6637b69 c:\windows\system32\conhost.exe 0xffffffff -forcev1 885760 waasmedicagent.exe c:\windows\system32\waasmedicagent.exe Owner

    baf97b2a629723947539cff84e896cd29565ab4bb68b0cec515eb5c5d6637b69

    Interesting…I think so.

     

     

     

    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    Attachments:

    1. VS_v6.05-beta_baseline-install_05-scaled.jpg

    0
    0
    Tarnak
    Participant
    @Dan …If irrelevant, feel free to delete this post

    Here are a couple of errors taken from the DeveloperLog.log:

    [QUOTE][11-01-2020 16:44:34] [INFO ] – Process allowed by WhitelistCloud: c:\windows\system32\svchost.exe
    [11-01-2020 16:44:35] [ERROR] – Exception in SQL_UpdateVoodooShieldVariablesFromSQLDatabase: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 – An attempt was made to access a socket in a way forbidden by its access permissions.). at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling, SqlAuthenticationProviderManager sqlAuthProviderManager)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
    at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.Open()
    at VoodooShield.SQL.UpdateVoodooShieldVariablesFromSQLDatabase()
    [11-01-2020 16:44:35] [INFO ] – IsProcessInCurrentWhiteList: c:\windows\system32\svchost.exe | 3[/QUOTE]

    [QUOTE][11-02-2020 08:49:04] [INFO ] – Snapshot Scan: 2/11/2020 8:49:04 AM
    [11-02-2020 08:49:07] [ERROR] – Exception in SQL_UpdateVoodooShieldVariablesFromSQLDatabase: Connection Timeout Expired. The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement. This could be because the pre-login handshake failed or the server was unable to respond back in time. The duration spent while attempting to connect to this server was – [Pre-Login] initialization=3557; handshake=0; . at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling, SqlAuthenticationProviderManager sqlAuthProviderManager)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
    at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
    at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
    at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
    at System.Data.SqlClient.SqlConnection.Open()
    at VoodooShield.SQL.UpdateVoodooShieldVariablesFromSQLDatabase()[/QUOTE]

     

    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    0
    0
    Tarnak
    Participant
    I  just noticed something about the second screenshot…

    It is headed “User log”, but the sidebar shows “UI Tweaks” .  Strange, or not?

    0
    0
    Tarnak
    Participant
    😉  At least I wasn’t going mad…:)

    But,  now include a couple of screenshots, about the

    Multiple instances of conhost.exe…

    A staccato effect is seen for the first one, and hours later it settles down

     

     

     

    • This reply was modified 2 months, 2 weeks ago by Tarnak.
    Attachments:

    1. VS_v6.05-beta_baseline-install_02.jpg

    2. VS_v6.05-beta_baseline-install_03.jpg

    0
    0
    Tarnak
    Participant

    Dan:

    Tarnak: I have taken a screenshot of part of the C:\ProgramData\VoodooShield\DeveloperLog.log , and as can be seen, it is from before the update to v6.05 beta.

     

     

     

     

    It looks like something went wrong during the installation.  None of this part of the code has changed in a very long time, so there is probably something else going on here.

    Please try this…

    1.  Exit out of VS and Uninstall VS

    2.  Reboot the computer

    3.  Disable all other security software

    4.  Reinstall VS

    During the uninstall, VS will ask if you want to delete your settings and logs.  It would be best to click Yes, especially if you have had the same settings and whitelists for a long time.

     

    OK  …I have done a new baseline install as you can see from my screenshot. Will see how it goes over the following days.

     

     

    Attachments:

    1. VS_v6.05-beta_baseline-install_01.jpg

    0
    0
    Tarnak
    Participant

    Dan:

    Tarnak: I have taken a screenshot of part of the C:\ProgramData\VoodooShield\DeveloperLog.log , and as can be seen, it is from before the update to v6.05 beta.

     

     

     

     

    It looks like something went wrong during the installation.  None of this part of the code has changed in a very long time, so there is probably something else going on here.

    Please try this…

    1.  Exit out of VS and Uninstall VS

    2.  Reboot the computer

    3.  Disable all other security software

    4.  Reinstall VS

    During the uninstall, VS will ask if you want to delete your settings and logs.  It would be best to click Yes, especially if you have had the same settings and whitelists for a long time.

     

    OK  …I have done a baseline install as you can see from my screenshot. I will see how it goes over the following days.

     

    Attachments:

    1. VS_v6.05-beta_baseline-install_01-1.jpg

    0
    0
Viewing 15 replies - 1 through 15 (of 118 total)
1 2 3 6 7 8