Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: VoodooShield free blocks exploits and more

04 Dec 2014   #1
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
VoodooShield free blocks exploits and more

VoodooShield is free for home users and works alongside your other onboard security to provide additional protection. It's not perfect though and does require some configuration and requires users to make some decisions on what to allow if a file gets blocked.

Important Note: It did cause a problem with blocking scripts on SevenForums but there's a workaround. Change VoodooShield to "Training Mode" when first visiting and posting on SevenForums and VoodooShield will learn that it's a safe site and allow scripts to run.

Important Note 2: VoodooShield will replace UAC. If you subsequently uninstall VoodooShield you'll need to reapply UAC settings manually.

For anyone interested - watch the video here to get an idea of how it works and how to whitelist files that might get blocked even though you want to allow them to run. Basically any executable that's not in the whitelist gets scanned by multiple AV engines when it attempts to run and you get a notification if a threat is found. You also get the option to allow, block or sandbox.

How it works:



Blocking a blackhole exploit kit:



VoodooShield FAQ

VoodooSheild Home

Screenshots from my machine:

VoodooShield free blocks exploits and more-voodooshield-scan-file.jpg

VoodooShield free blocks exploits and more-voodooshield4.jpg

VoodooShield free blocks exploits and more-voodooshield1.jpg

VoodooShield free blocks exploits and more-voodooshield2.jpg

VoodooShield free blocks exploits and more-voodooshield3.jpg

More Info:

With ‘white list’, VoodooShield aims to change antivirus game

Now the free version is listed on MajorGeeks:

Download VoodooShield - MajorGeeks




My System SpecsSystem Spec
.
07 Dec 2014   #2
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Blocking CryptoLocker Test

Here's a video showing what happens when attempting to run a CryptoLocker sample against VoodooShield and a few other layers of protection.

Explanation:

Downloaded a CryptoLocker Sample and saved to a folder on the Desktop. Comodo detects the file straight away. Set Comodo to ignore and allow the file to remain in the folder and added it to exclusions.

Manually ran the CryptoLocker executable with admin rights.

SecureAge detects the file attempting to run then scans it and reports a threat. I ignore the offer to block and instead choose to allow.

VoodoShield then blocks the file but choosing to click on the pop up balloon will allow the file to run.

I choose to let VoodooShield allow the file to run but before the file actually runs VoodooShield uploads the file for scanning and reports a threat.

This time I choose to Quarantine the file. Comodo then needs to be configured to allow the quarantine operation.

File is quarantined and renamed and this can be seen in the VoodooShield log.

Conclusion: It's best to have layers of protection just in case something slips through your first or second layer of defence!



Quarantine:

VoodooShield free blocks exploits and more-quarantine.jpg


My System SpecsSystem Spec
01 Jan 2015   #3
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
VoodooShield Pro

Well I just upgraded to VoodooShield Pro ($19.99 for one year) and here's screenshots of the settings that you don't get access to in the free version. The free version worked well for me but I needed to add some apps that are not covered by the free version most notably a few non standard browsers.

General Options:
VoodooShield free blocks exploits and more-voodooshield-settings-1.jpg
Adavnced:
VoodooShield free blocks exploits and more-voodooshield-settings-2.jpg
Add non-default apps:
VoodooShield free blocks exploits and more-voodooshield-settings-3.jpg
Tweaks - left default settings:
VoodooShield free blocks exploits and more-voodooshield-settings-4.jpg
Allow executables to run from defined folders. Will not be scanned or blocked:
VoodooShield free blocks exploits and more-voodooshield-settings-5.jpg
Whitelist manager:
VoodooShield free blocks exploits and more-voodooshield-settings-6.jpg
Command Line:
VoodooShield free blocks exploits and more-voodooshield-settings-7.jpg


My System SpecsSystem Spec
.

02 Aug 2017   #4
bawldiggle

XP Pro (x86) | 7 HP (x86) & (x64) | 7 Pro (x64)
 
 

Hi Callendar
- I heard the crickets when I opened this thread ...

Fresh reinstall of Win-7 PRO x64 (on a cloned OS HDD) with free Voodoo Shield installed from the beginning.
If Voodoo Shield fails I will revert to the fresh-and-clean original parent HDD

I have been using VDS pro version for about 2 weeks and before that the free version for about 2 weeks.
- using VDS with free Bitdefender also installed

VDS blocks every new running EXE and offers: ... Quarantine, Block, Accept
- installing a new program (the installer EXE) is whitelisted, which is unnecessary, when I won't be running the installer again!
- once the install is established the apps EXE must also be whitelisted
- leaving two EXEs whitelisted for the one program.
- all this is carried out when VDS reports a perceived threat,
- unlike some AVs (BD Internet Security) where I had to manually add all programs to the BD whitelist

I cannot figure how to edit the VDS whitelist.
- the local whitelist is for viewing only
- when logged into my VDS cloud account I cannot find how to edit the white list.

VDS help is limited to a PDF download and email support
- online emails are quickly responded to , sometimes in a few hours (I am in GMT +10 hours time zone)
There is no VDS forum (that I can find), browsing through forum threads can yield help
- but there is no forum !
- without a PDF reader I have not looked at the PDF download ... yet

BD has stopped about 4 phishing threats ... VDS is set to always ON.
- the novel VDS approach to create its own whitelist takes some getting used to.
- no more of a "pest" than a new install of Bitdefender Interent Security (pro) when all EXE must be whitelisted manually.
- I like the DVS approach to only allow the whitelist and block everything else, a reverse AV approach

Free BD is woefully slow to boot because it updates automatically at boot then every 4(?) hours,
- without BD ... VDS was very quick to load and boot was down to 20 seconds
- with BD installed boot is now 75 seconds
- so the slow boot is a BD problem (not VDS)
- free BD has no settings atall, except for disable/enable, and it reverts to enabled on boot.
- with VDS disabled it is always lurking in the wings, asking to be re-enabled

I am also using free "Internet OFF" (by CrystalRich) to stop all internet traffic (emails, browsers, AV updates)

Why am i using Voodo Shield (pro) and not a "normal" AV ?

Over the years (20 or so) i have got frustrated with ...
  • AV that do not have backup of settings or whitelists
  • slow boots, while AVs call home to update
    ... BD pro updating can be disabled (AutoPilot OFF)
    ... free BD is locked into auto update on boot (no overriders)
  • in the previous 12 months I had to clean installed BD pro 4 times when BD broke
    - the standard advice from BD phone support
    - hours of manually restoring settings + manually filling the BD whitelist
  • corrupted whitelists where the AV has lost an item or items
  • AV settings that are buried deeply in the settings tree
  • each annual AV renewal requires a clean install of the new version
    and the pain of manually adding all programs to the whitelist
    re-establishig all preferences/settings

Using Voodo Shield is an experiment on my machine
- all other PCs are currently "protected" with current pro BD Internet Security
My System SpecsSystem Spec
03 Aug 2017   #5
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hi. Currently my internet is down and I'm looking at changing provider. I'm using my work machine to write this so can't post screenshots from VS.

Whitelist: Check user log and click blocked items to whitelist them. Delete blocked items via Whitelist Editor.The whitelist editor is not used to set allowed programs. You need to edit blocked items via user log or if blocked by command line then you use the command lines tab.

My method of avoiding problems:

Stop VS process and service. Uninstall VS and delete leftovers in ProgramData. Reboot. Install VS and let it take a snapshot. Use Smart Mode as it offers the best method of blocking/ allowing excutables or code on the fly.

Once installed briefly switch to "training mode" and launch (run) each questionable executable that you wish to auto allow. Once you have launched all regularly used programs switch VS back into Smart Mode. It should then only bother you if some new (to your machine) process runs or some new code tries to execute at which point you can block, allow or sandbox.

When installing new software you can right click the installer to scan with VS and get a file safety report. It determined dodgy you can still allow installation and whitelist.
My System SpecsSystem Spec
03 Aug 2017   #6
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

RE: VS Forum (support)

The developer is active here: VoodooShield ? | Wilders Security Forums

Note: Thread is for beta versions and testing but post your question and you should get an answer.

EDIT: Re: VS asking to be reactivated. There's a setting in the advanced tab that allows you to specify how much time VS will wait before prompting you to reactivate.
My System SpecsSystem Spec
03 Aug 2017   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Take a look at these settings:
VoodooShield free blocks exploits and more-voodooshield-settings-1.jpg
VoodooShield free blocks exploits and more-voodooshield-settings-2.jpg
VoodooShield free blocks exploits and more-voodooshield-settings-3.jpg
VoodooShield free blocks exploits and more-voodooshield-settings-4.jpg
VoodooShield free blocks exploits and more-voodooshield-settings-5.jpg


My System SpecsSystem Spec
03 Aug 2017   #8
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Note: If you use those settings VS will allow already installed files from Program Files and Program Files (x86)
If you want to launch files from non default locations like external drives of user created directories then you need to enable the Custom Folders option to avoid repeated scanning of files on launch. Or just move files to default locations.
My System SpecsSystem Spec
Reply

 VoodooShield free blocks exploits and more




Thread Tools




Similar help and support threads
Thread Forum
Will Certain Updates open me up to Exploits?
I am just wondering... You can call me a noob if you want =) My way of thinking is that the least amount of software that you do not use is installed.... that more protected it will be. For instance... I do not use Silverlight whatsoever. Nor do i use Microsoft Security Essentials. Are there...
Windows Updates & Activation
Browser exploits.
Source - TippingPoint offers hackers $100,000 for browser and phone exploits | Security Central - InfoWorld
Browsers & Mail
Researchers up ante, create exploits for IE7, IE8
VULNERABILITIES Researchers have created attack code that exploits a zero-day vulnerability in Internet Explorer 7 (IE7) as well as in the newest IE8 -- even when Microsoft's recommended defensive measure is turned on. … On Sunday, Dino Dai Zovi, a security vulnerability researcher…, crafted...
System Security
With Exploits on the Way, It's Critical Win 7 Testers R
More at: DailyTech - With Exploits on the Way, It's Critical Win 7 Testers Run Tool to Safeguard Their PCs
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:33.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App