VoodooShield/Cyberlock

It's the same...

 

Yeah, I was just checking the database and noticed that too . Let me think of what else might be causing this issue... I will check with Vlad to see what he thinks too. Thank you!

 

Can you please copy the entire "Unhanded Exception" error message and PM it to me?

 

If this could help:
It's on virtual machine (VirtualBox)
Info:

 

Is like this OK?
http://www32.zippyshare.com/v/WLR0zqAi/file.html

 

Cool, thank you, I will see if I can figure out what is causing the issue right now. Yeah, it works fine on VirtualBox for me, so it is probably something else.

 

Is it possible for you to try VoodooAi on a different computer, maybe a different OS and different AV software?

 

Sure...
Here is Win 7_x64 in Virtualbox, same thing
Error - http://www51.zippyshare.com/v/TNRbCd5u/file.html

 

Hmmm, this is really odd, there must be a simple explanation .

Have you tried it without a VM just to see what happens?

Also, can you please try 3-4 files, then assuming that it acts up, can you please send me those files?

Thank you for all of your help, we will figure this out soon!

 

Yes good point, I also don't know why we didn't get to see the malware successfully loaded. So things are quite unclear.

 

Works well here on Win 10 x64.

Daniel

 

One file is OK but when try 2 or more and then select one of them on the right then it crush.

 

Thank you TH!

 

Ahhhh, now we are on to something . Is this true with running it in a VM and not running it in a VM?

Also, do you drag and drop, or do you click the button and select the files?

Also, are you seeing results you would expect to see when you analyze one file, or are the results clearly incorrect or way off?

 

4 EXE's at a time working well. Looks like it's needs to expand on the right side? 2/.....

 

1. It's the same on VM or not VM.
2. Drag'n'drop
3. Here are some pictures with 3 legit files

Picture 1:
Safe .dll - VodooAi say Unsafe, slider is on Safe side

Picture 2:
3 safe files D'n'D - VoodooAi say Suspisicus & Unsafe

Picure 3:
Click on files names for details (on the right) VoodooAi Error message

 

Thank you TH!

BTW, please keep in mind that when analyzing multiple files, you can click on the items in the Safe and Suspicious / Unsafe boxes and it will display some details on the item. We almost need a box for suspicious as well... otherwise users will think that files that are just a little past the Safe upper limit are being detected as Unsafe, when really they are being detected as suspicious. Either way, we still need to figure out where to set the limits for safe, suspicious and unsafe, but really what matters are the probabilities.

For example, in VS's Cuckoo Sandbox, if the results are 2.5 / 10, the file is called suspicious, and to me, that is a little low... the lower limit for suspicious files should be closer to 5 or so (at a minimum).

Also, please keep in mind, we just started the VoodooAi project 5 months ago... and 2 of those five months I stopped working on it (and basically quit the project about 50 times, hehehe), because it was so frustrating to get everything right. The only thing that kept me going was that I saw the math working, so I knew it was possible to get it right. Over the next 3-4 months, the results will only continue to get better, especially when we have much larger training data sets (the current training data set is only 179,177 samples!!!). But even with the limited training data set, I am very happy with the results so far... they are 2-3 times better than I expected.

 

Hmmm, something is still not right... it should look like TH's screenshot from post #8663.

If you can analyze 3-4 samples at one time, then send me the files, I think there is a chance that will help a lot. Thanks again!

 

BTW... this is a great example of the need to increase the lower limit for suspicious files to .75 or so, that way files like this we be detected as safe. Once we have more data, we will be able to pinpoint the exact limits we should use.

 

The thing that is odd is that all of the features are being extracted from the files properly, and ALL of those numbers are correct and look great. The only numbers that are not correct are the 3 probability results that are returned from Azure... and for some reason they are sky high (like 2934237432972297 or something), but they should be between 0.0000 and 1.0000... which btw I have never seen while working on this project. We will figure it out one way or another .

 

Add one file from desktop for analyze and it is OK (picture 1)
Picture 2 - add 9 malware files (looks OK?) - Download malware pack from here: hxxp://www59.zippyshare.com/v/i29h3Zay/file.html
Picture 3 - click on files (26.exe), VoodooAi crush
(if you want I can record quick/short video)

 

Here is video I made:
https://youtu.be/z9QcJXwpGtU

 

Watch the video in Post: # 8674. Was Zemana a false positive?
I quess because it still in beta?

 

VoodooShield 3.09 Beta Release
You can download it from https://voodooshield.com/Download/beta3/InstallVoodooShield.exe

System requirements:

• Windows Vista sp1 and above (XP is not supported!)
• .NET 2.0/3.5 and above

What's new in VoodooShield 3.09 Beta:

This release contains:

• Added the new Edit form for editing Command Lines with wildcard support (currently only * and ? are supported for wildcards)
• Added search box to Whitelist, Command lines and Quarantine lists
• Improved performance of User Log, Whitelist, Quarantine and Command Line lists
• Some small bugs fixes

Known issues

• Sometimes gray user prompt is shown - have direction of an investigation

Have a good day,
Vladimir

 

Vlad,

When I click on Edit the Edit window is too long for my laptop screen so there is no way to see what is off to the right.