VoodooShield

[ichito]

Here is 3.18... I hope everything is just right now, but please let me know if you guys find anything.

I disabled the "Synchronize and backup my whitelist snapshot to the cloud option by default" for now. Users that have old snapshots before we included the SHA-256 hash in the database would have experienced some issues. We are going to be moving this to the VoodoAi cloud soon anyway, so now is a good time to make that change.
(...)

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Poniżej link do oficjalnego przewodnika po VS datowany na marzec 2016

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Wersja 3.21 jako kandydat do stabilnej wersji 3

Ok, I am hoping that the is the final VS 3.0 version that is ready for public release, but please let me know if you find anything!

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Thank you guys for sending in the logs, that helped a lot! I will catch up soon... but here is 3.22... I am hoping that the freeze issue is fixed, but if not, I think we are getting close.

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Po wersji 3.23, która naprawiała drobne błędy, mamy kolejną 3.24, która ma poprawić efekt zamrażania maszyny zgłaszany w poprzedniej. Niektórych może znudzić już ta lista kolejnych wersji, ale to świadczy tylko o tym, jak bardzo autorzy dbają o swój produkt i jak bardzo bazując na nowościach na rynku i informacjach użytkowników, chcą udoskonalać swój program.
Jeśli ktoś używał ostatniej wersji bez problemów, nie musi wg autora instalować tej najnowszej, choć ze względu na spore zmiany w algorytmie Ai może jednak warto spróbować

Ok, here is kind of a weird version. For the people not experiencing the freeze issue, there really is no reason to upgrade, however, this version does include the new Ai algorithms, so you might want to consider it. But, please read the next part before you do.

Vlad wrote some really cool code for the command line wildcards, but I think that there is a small bug in it that is causing the last freeze issue, and he ran out of time before he could work on the freeze issue. So this version, I disabled most of the code that he wrote for the command lines, and reinstated the old command line code. So there is actually a chance that VS could act really goofy it it encounters some weird command line.

But anyway, this is just a test to help narrow down where the last bug is. If it turns out to be in the new command line code, I really hope Vlad can find the time to help isolate the bug, because I am not at all familiar with that code, since that was basically Vlad's creation.

So, if you are having freeze issues, please try this version, and let me know in a few days (assuming it does not freeze before then

[Aby zobaczyć linki, zarejestruj się tutaj]

).

[Aby zobaczyć linki, zarejestruj się tutaj]

Also, the new algorithms are included in this version... I have not tested it that much, so far so good

[Aby zobaczyć linki, zarejestruj się tutaj]

. I retested the same random malpack, and this time it only missed 2 out of the 1000!!!

[Aby zobaczyć linki, zarejestruj się tutaj]

Kolejna sprawa...Dan testował VS i VS Ai porównawczo z Nortonem jako przykładem softu z niezwykle obszerną bazą zagrożeń i kontrolą behawioralną oraz Cylance, nowym projektem które bazuje sztucznej inteligencji. ...rezultat jest bardzo przyzwoity dla VS, jak twierdzi autor

Keep in mind, I have tested VS and VoodooAi EXTENSIVELY, so unless I somehow messed up the tests, VS / VoodooAi will do very, very well. I am getting ready to do a video that demonstrates an efficacy test on 10 or so of the top AV products... all based on blocking the malware pre-execution, so behavior blockers and the like will not do as well in the test... but what I can tell you, it is truly eye opening.

The way I see it, if a single line of malicious code is ever allowed to run, then all bets are off. Behavior blockers are great, but you are miles ahead if you can stop the malware pre-execution.

On a side note, while retraining the machines, VS blocked all 850,000+ malware files, one after another in rapid succession.

I just ran a very, very quick test... when I have time, I will do it right, but here are the results so far.

Norton:63.9%
Cylance: 94.5%
VoodooShield - AutoPilot: 100%
VoodooAi Stand Alone: 97.8% (VoodooAi all by itself

[Aby zobaczyć linki, zarejestruj się tutaj]

)
VoodooShield - Smart ON: 100%

BTW, in the VoodooShield - AutoPilot test, the blacklist scan blocked 22 of the 1000 files that VoodooAi would have missed. Like I as saying, the blacklist scan and VoodooAi is a phenomenal combo

[Aby zobaczyć linki, zarejestruj się tutaj]

.

[Aby zobaczyć linki, zarejestruj się tutaj]

-------------------------
edit:
Dan udostępnił instalator wersji 3.23

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

"dzień bez VS jest dniem straconym" można by powiedzieć
Dan szaleje i w ciągu ostatniej doby wypuścił już trzecią wersję swojego programu - teraz mamy już 3.26

[Aby zobaczyć linki, zarejestruj się tutaj]

która wprowadziła istotne zmiany "pod maską". Okazało się po dogłębnych analizach, że przyczyną zamrożeń aplikacji była obsługa do maksymalnie 10 tworzonych jednorazowo równoległych procesów...okazuje się, że np. Chrome może tworzyć ich na raz 15.
Nowa wersja obsługuje już do 50...więcej tu

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

I kolejna wersja - 3.27 - , która wygląda na stabilną wg autora

I will catch up soon... there is a chance the freeze issue is fixed in this version. It has been completely stable for me for 5 days or so.

[Aby zobaczyć linki, zarejestruj się tutaj]

BTW, I heard back from Vlad... he is doing well. It is a long story, but basically we are on the right track to fixing the freeze issue, if it is not already fixed in 3.27.

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Wersja 3.30...i wciąż "w budowie"

Hey everyone, here is the latest version, and here is what was changed.

- Added even more logging to see if we can isolate the freeze issue. I think there were a couple of different things causing the freeze issue, mainly because various users would describe the bug a little different. Also, VS used to freeze on my every 2 or so days, now it is every 10-15 days. Either way, we have to be getting close to figuring it out.
- The bug that Umbra found in Custom Folders should be fixed, if not, please let me know.
- I also just last night discovered a bug... I think someone mentioned this to me before, I was not sure what they meant. Anyway, for example, if you are running VS on AutoPilot and you download something with Internet Explorer, then try to run the file, VS will think it is an exploit (even though it is not). Anyway, that is fixed now, and AutoPilot should be even more user-friendly now. I do not think there is a chance that fixing this bug opened up a security hole, but if something is not quite right, please let me know!

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Kolejna wersja...bez oznaczenia nr...z listą poprawek

Hey guys, I will catch up soon... but here is the latest version, and here is what was fixed:

1. Custom Folders should be working perfectly now, if not, please let me know Umbra!
2. TH, I believe the Disabled Protection block is now fixed, if not, please let me know! As far as the USB issue is concerned... VS only toggles to ON when a USB is first inserted, otherwise, if a user constantly has a USB drive attached, VS would always be ON. If this does not make sense, please let me know!
3. As far as dismhost is concerned, I went back to the old way of dealing with dismhost, and simply hardwired in all 16 or so versions of dismhost. So it should be fixed now, if not, please post a screenshot of the Hash of the dismhost file that was blocked.
4. I added a feature that will safely reduce the number of command line and script blocks (long story).
5. I temporarily disabled the VoodooAi Cloud default process lookup... there is a chance that this is what was causing the freeze issue.

[Aby zobaczyć linki, zarejestruj się tutaj]

Please let me know how it does, and if it freezes or not, thank you!

Edit: If anyone is running the SBS version, if you do not mind, can you please run it for another couple of days, just to see if VS freezes? Thank you!

[ichito]

I kolejna wersja w odpowiedzi na zgłaszane problemy

Thank you guys for your kind words (and your patients

[Aby zobaczyć linki, zarejestruj się tutaj]

)... I will catch up soon, but I wanted to post the latest version, I believe the freeze issue is finally fixed. If for some reason it is not, please disable VoodooAi and see if it freezes, and please let me know either way, thank you!

[Aby zobaczyć linki, zarejestruj się tutaj]

 Czy ktoś z używających VS zauważa jakieś błędy? Dajcie znać, jeśli mogę prosić.

[ichito]

VS maj jakąś niemoc albo program zabrnął w ślepy zaułek...kolejne nowe wersje nie przynoszą oczekiwanych efektów, a póki co ostatnim z nich jest najnowsza wersja, którą linkuje poniżej

Vlad is still going to look at a couple of things when he returns from vacation, but there is a chance that the freeze issue is fixed in this version.

Also, please keep an eye on the VoodooShield.exe memory utilization in the task manager… hopefully it will not go sky high anymore.

Please try it and let me know, thank you!

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Kolejna nieoznaczona numerem wersja jako odpowiedź na pojawiające się problemy ze zużyciem pamięci

I will catch up asap, but here is the latest version. I think the memory issue is fixed... then again, I thought it was before, then seconds after I posted the latest version, it acted up again.

Please keep an eye on the memory utilization, it should not go sky high anymore. It will temporarily raise when VS blocks something, but it should lower back down to 25-35 mb or so.

Anyway, if the memory issue is fixed, I am hoping the freeze issue will be too... please let me know, thank you!

[Aby zobaczyć linki, zarejestruj się tutaj]

 

[ichito]

Dzień jak co dzień...czyli nowa wersja VS ...wygląda na to, że autorzy włożyli w nią sporo pracy (bez ironii żadnej...oni naprawdę pracują bardzo mocno nad swoim programem).

Here is 3.36... I performed around 2,500 optimizations on this version, a lot of memory stuff as well. I might have broke a small thing or two, so if I did, please let me know. Otherwise, it is running great, I will catch up soon, thank you guys!

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Historii VS ciąg dalszy...szczególnie chodzi o ostatnie problemy z przymrażaniem systemu i wyciekiem pamięci (też to odczuwałem w ostatnich tygodniach)...nowa wersja 3.38 która ma w zamiarze rozwiązać ten problem. Kod VS został oczyszczony i zoptymalizowany, więc możliwe, że to koniec kłopotów

Here is the latest… I am hoping the freeze issue is fixed, if not, I am talking to a software company on Monday, and they are going to help me figure out what is causing the freeze issue. I have been cleaning up the code and performing optimizations so that it will make a lot more sense to them when they see it. Visual Studio has a code analysis feature that helps to optimize the code for design, reliability, performance, security, etc. Most developers that I have worked with do not think it is necessary and do not bother performing the code analysis, but I always find that it helps quite a bit. It basically offers ways to make things more efficient and reliable.

So that is that I have been up to… along with tracking down any memory leaks. I am hoping that between cleaning up the code, performing the code analysis and tracking down the memory leaks, the freeze issue will be fixed once and for all.

I also added some logging to the dll’s… that is about the only thing we have not checked, so if VS freezes, please send me your logs.

I highly recommend everyone upgrade to this version asap!

Thanks again for all of your help and patients, I will catch up soon!

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Wersje 3.39 i 3.40 już za nami..jest wersja 3.41, która wciąż próbuje rozwiązać problemy z przymrożeniami ekranu/aplikacji.

[Aby zobaczyć linki, zarejestruj się tutaj]

[ichito]

Wersja 3.44

Here is 3.44... the 3-4 bugs that were mentioned should be fixed, and I also added a "VoodooShield Scan" Windows explorer right click context menu option.

[Aby zobaczyć linki, zarejestruj się tutaj]

BTW, on the regedit... just as cmd.exe, I found a way to safely auto allow regedit, even when VS is ON. There are basically several checks before regedit is allowed... the main one being that the path cannot contain arguments, in order for it to be auto allowed when VS is ON.

So I think the only remaining bug is the Windows 10 Cuckoo Sandbox RDP sessions. It turns out, there is nothing wrong with the VS code... it is just that Windows 10 cannot connect to the Cuckoo Server's RDP sessions for one reason or another... I am still trying to figure that out.

[ichito]

Here is 3.45… I think all of the issues are fixed, but if you guys find anything else, please let me know!
(...)
So as I was saying before, I think all of the issues are fixed. A couple of small notes… on the multiple monitor right click menu issue, what I did was to always make the right click menu appear at the bottom right of the main monitor… I think this is good to do anyway, to me it seems more refined then having the right click menu appear in random locations. One other quick note… the command line refresh is fixed (I think anyway), and I also made it so that if you double click on one of the command lines, it will bring up the edit screen.

I almost forgot to mention... on the "File is inaccessible or no longer exists" bug... I think this is fixed as well.

[Aby zobaczyć linki, zarejestruj się tutaj]

[Blade]

Sprawdziłem na VBox'ie
Program bardzo fajny i lekki ale problem przy mrażania chyba dalej występuje
Nie rozumiem też na jakiej zasadzie działa funkcja "sandbox" po której kliknięciu nic się nie dzieje Niemniej jednak znalazłem doskonały zamiennik dla Comodo

[Quassar]

Już pewnie czasu temu miałem zerknąć ta ten soft.
otrzymałem licencje na 2 lata więc będę miał trochę czasu aby zaprzyjaźnić się z tym oprogramowaniem .

[ichito]

Sprawdziłem na VBox'ie
Program bardzo fajny i lekki ale problem przy mrażania chyba dalej występuje
Nie rozumiem też na jakiej zasadzie działa funkcja "sandbox" po której kliknięciu nic się nie dzieje Niemniej jednak znalazłem doskonały zamiennik dla Comodo

Z przewodnika dostępnego pod tym adresem

[Aby zobaczyć linki, zarejestruj się tutaj]

Sandbox (Button):
 This button will display the Sandbox screen and will give the user the option to run the file in a Local Sandbox or in the Cuckoo Sandbox.
(...)
Local Sandbox
Although the Cuckoo / Remote Sandbox is the preferred sandbox, VoodooShield also offers the ability for the user to execute a blocked file in a local sandbox, which runs the file with limited rights.  Files that require administrator approval to perform certain tasks will typically fail in the local sandbox.  But keep
in mind, files that require administrator approval are capable of performing dangerous actions on the computer, so if a file fails in the local sandbox, there is a good chance that the user should not execute
this file outside of the sandbox.

Cuckoo / Remote Sandbox VoodooShield also offers the ability for the user to execute a file in a remote sandbox, safely in a remote computer, and receiving a full detailed analysis of the file’s execution, before deciding to run the file on their machine.  The user also has the ability to watch the Cuckoo Sandbox analysis in real-time, in a Remote Desktop ession, which allows the user to see first-hand the implications of running the blocked file, safely, on a remote machine before they choose to allow the file, as demonstrated in the ransomware sample below.