VoodooShield free blocks exploits and more


  1. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #1

    VoodooShield free blocks exploits and more


    VoodooShield is free for home users and works alongside your other onboard security to provide additional protection. It's not perfect though and does require some configuration and requires users to make some decisions on what to allow if a file gets blocked.

    Important Note: It did cause a problem with blocking scripts on SevenForums but there's a workaround. Change VoodooShield to "Training Mode" when first visiting and posting on SevenForums and VoodooShield will learn that it's a safe site and allow scripts to run.

    Important Note 2: VoodooShield will replace UAC. If you subsequently uninstall VoodooShield you'll need to reapply UAC settings manually.

    For anyone interested - watch the video here to get an idea of how it works and how to whitelist files that might get blocked even though you want to allow them to run. Basically any executable that's not in the whitelist gets scanned by multiple AV engines when it attempts to run and you get a notification if a threat is found. You also get the option to allow, block or sandbox.

    How it works:



    Blocking a blackhole exploit kit:



    VoodooShield FAQ

    VoodooSheild Home

    Screenshots from my machine:

    VoodooShield free blocks exploits and more-voodooshield-scan-file.jpg

    VoodooShield free blocks exploits and more-voodooshield4.jpg

    VoodooShield free blocks exploits and more-voodooshield1.jpg

    VoodooShield free blocks exploits and more-voodooshield2.jpg

    VoodooShield free blocks exploits and more-voodooshield3.jpg

    More Info:

    With ‘white list’, VoodooShield aims to change antivirus game

    Now the free version is listed on MajorGeeks:

    Download VoodooShield - MajorGeeks
    Last edited by Callender; 04 Jan 2015 at 11:45. Reason: Add info
      My Computer


  2. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #2

    Blocking CryptoLocker Test


    Here's a video showing what happens when attempting to run a CryptoLocker sample against VoodooShield and a few other layers of protection.

    Explanation:

    Downloaded a CryptoLocker Sample and saved to a folder on the Desktop. Comodo detects the file straight away. Set Comodo to ignore and allow the file to remain in the folder and added it to exclusions.

    Manually ran the CryptoLocker executable with admin rights.

    SecureAge detects the file attempting to run then scans it and reports a threat. I ignore the offer to block and instead choose to allow.

    VoodoShield then blocks the file but choosing to click on the pop up balloon will allow the file to run.

    I choose to let VoodooShield allow the file to run but before the file actually runs VoodooShield uploads the file for scanning and reports a threat.

    This time I choose to Quarantine the file. Comodo then needs to be configured to allow the quarantine operation.

    File is quarantined and renamed and this can be seen in the VoodooShield log.

    Conclusion: It's best to have layers of protection just in case something slips through your first or second layer of defence!



    Quarantine:

    VoodooShield free blocks exploits and more-quarantine.jpg
      My Computer


  3. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #3

    VoodooShield Pro


    Well I just upgraded to VoodooShield Pro ($19.99 for one year) and here's screenshots of the settings that you don't get access to in the free version. The free version worked well for me but I needed to add some apps that are not covered by the free version most notably a few non standard browsers.

    General Options:

    VoodooShield free blocks exploits and more-voodooshield-settings-1.jpg

    Adavnced:

    VoodooShield free blocks exploits and more-voodooshield-settings-2.jpg

    Add non-default apps:

    VoodooShield free blocks exploits and more-voodooshield-settings-3.jpg

    Tweaks - left default settings:

    VoodooShield free blocks exploits and more-voodooshield-settings-4.jpg

    Allow executables to run from defined folders. Will not be scanned or blocked:

    VoodooShield free blocks exploits and more-voodooshield-settings-5.jpg

    Whitelist manager:

    VoodooShield free blocks exploits and more-voodooshield-settings-6.jpg

    Command Line:

    VoodooShield free blocks exploits and more-voodooshield-settings-7.jpg
      My Computer


  4. Posts : 1,002
    XP Pro (x86) | 7 HP (x86) & (x64) | 7 Pro (x64)
       #4

    Hi Callendar :)
    - I heard the crickets when I opened this thread ...

    Fresh reinstall of Win-7 PRO x64 (on a cloned OS HDD) with free Voodoo Shield installed from the beginning.
    If Voodoo Shield fails I will revert to the fresh-and-clean original parent HDD

    I have been using VDS pro version for about 2 weeks and before that the free version for about 2 weeks.
    - using VDS with free Bitdefender also installed

    VDS blocks every new running EXE and offers: ... Quarantine, Block, Accept
    - installing a new program (the installer EXE) is whitelisted, which is unnecessary, when I won't be running the installer again!
    - once the install is established the apps EXE must also be whitelisted
    - leaving two EXEs whitelisted for the one program.
    - all this is carried out when VDS reports a perceived threat,
    - unlike some AVs (BD Internet Security) where I had to manually add all programs to the BD whitelist

    I cannot figure how to edit the VDS whitelist.
    - the local whitelist is for viewing only
    - when logged into my VDS cloud account I cannot find how to edit the white list.

    VDS help is limited to a PDF download and email support
    - online emails are quickly responded to , sometimes in a few hours (I am in GMT +10 hours time zone)
    There is no VDS forum (that I can find), browsing through forum threads can yield help
    - but there is no forum !
    - without a PDF reader I have not looked at the PDF download ... yet

    BD has stopped about 4 phishing threats ... VDS is set to always ON.
    - the novel VDS approach to create its own whitelist takes some getting used to.
    - no more of a "pest" than a new install of Bitdefender Interent Security (pro) when all EXE must be whitelisted manually.
    - I like the DVS approach to only allow the whitelist and block everything else, a reverse AV approach

    Free BD is woefully slow to boot because it updates automatically at boot then every 4(?) hours,
    - without BD ... VDS was very quick to load and boot was down to 20 seconds
    - with BD installed boot is now 75 seconds
    - so the slow boot is a BD problem (not VDS)
    - free BD has no settings atall, except for disable/enable, and it reverts to enabled on boot.
    - with VDS disabled it is always lurking in the wings, asking to be re-enabled

    I am also using free "Internet OFF" (by CrystalRich) to stop all internet traffic (emails, browsers, AV updates)

    Why am i using Voodo Shield (pro) and not a "normal" AV ?

    Over the years (20 or so) i have got frustrated with ...
    • AV that do not have backup of settings or whitelists
    • slow boots, while AVs call home to update
      ... BD pro updating can be disabled (AutoPilot OFF)
      ... free BD is locked into auto update on boot (no overriders)
    • in the previous 12 months I had to clean installed BD pro 4 times when BD broke
      - the standard advice from BD phone support
      - hours of manually restoring settings + manually filling the BD whitelist
    • corrupted whitelists where the AV has lost an item or items
    • AV settings that are buried deeply in the settings tree
    • each annual AV renewal requires a clean install of the new version
      and the pain of manually adding all programs to the whitelist
      re-establishig all preferences/settings


    Using Voodo Shield is an experiment on my machine
    - all other PCs are currently "protected" with current pro BD Internet Security
      My Computer


  5. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #5

    Hi. Currently my internet is down and I'm looking at changing provider. I'm using my work machine to write this so can't post screenshots from VS.

    Whitelist: Check user log and click blocked items to whitelist them. Delete blocked items via Whitelist Editor.The whitelist editor is not used to set allowed programs. You need to edit blocked items via user log or if blocked by command line then you use the command lines tab.

    My method of avoiding problems:

    Stop VS process and service. Uninstall VS and delete leftovers in ProgramData. Reboot. Install VS and let it take a snapshot. Use Smart Mode as it offers the best method of blocking/ allowing excutables or code on the fly.

    Once installed briefly switch to "training mode" and launch (run) each questionable executable that you wish to auto allow. Once you have launched all regularly used programs switch VS back into Smart Mode. It should then only bother you if some new (to your machine) process runs or some new code tries to execute at which point you can block, allow or sandbox.

    When installing new software you can right click the installer to scan with VS and get a file safety report. It determined dodgy you can still allow installation and whitelist.
    Last edited by Callender; 03 Aug 2017 at 08:44. Reason: spelling
      My Computer


  6. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #6

    RE: VS Forum (support)

    The developer is active here: VoodooShield ? | Wilders Security Forums

    Note: Thread is for beta versions and testing but post your question and you should get an answer.

    EDIT: Re: VS asking to be reactivated. There's a setting in the advanced tab that allows you to specify how much time VS will wait before prompting you to reactivate.
      My Computer


  7. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #7

    Take a look at these settings:

    VoodooShield free blocks exploits and more-voodooshield-settings-1.jpg

    VoodooShield free blocks exploits and more-voodooshield-settings-2.jpg

    VoodooShield free blocks exploits and more-voodooshield-settings-3.jpg

    VoodooShield free blocks exploits and more-voodooshield-settings-4.jpg

    VoodooShield free blocks exploits and more-voodooshield-settings-5.jpg
      My Computer


  8. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #8

    Note: If you use those settings VS will allow already installed files from Program Files and Program Files (x86)
    If you want to launch files from non default locations like external drives of user created directories then you need to enable the Custom Folders option to avoid repeated scanning of files on launch. Or just move files to default locations.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:11.
Find Us