New Update VoodooShield CyberLock 7.0

[Avethil]

A few minutes ago I noticed that C:\Program Files\CyberLock\CyberLockService.exe CPU usage increased slightly (max 6%) then checking C:\ProgramData\CyberLock\DeveloperLog.log I notice a new entry [03-05-2024 08:02:34] [INFO ] - Cleanup Whitelist: 3/5/2024 8:02:34 AM , exactly the time of increased CPU usage but still no changes on Cyberlock whitelist as the rule mentioned in my posts above and other entries that refer to files not anymore on disk are still in the whitelist.
In the past I already noticed these increased CPU usages (CPU fan noise was louder then usual) by Cyberlock service so probably Cyberlock was trying to clean the whitelist, without success unfortunately.

 

[vaccineboy]

Also, I don't know if this is expected or not, but CL/VS RAM usage grows ever larger overtime. Starting at <30MB for each process, CL will grow to 80-90 MB while CLService will be 30-40 MB.
Not that I'm too concerned about RAM, but it might mean something, like CL is trying to clean up the whitelist but unable to?
I remember not long ago, both processes almost always remain 20-30 MB each.

 

[danb]

Hey guys, I checked into the whitelist cleanup, and I was able to reproduce the bug where the cleanup is not working as expected when the WLC Realtime Scan is disabled. It will be an easy fix, I just want to think through the best way to fix this, so it may take a few days.

Also, the [12-20-2023 13:17:15] [INFO ] - Cleanup Whitelist: 12/20/2023 1:17:15 PM log event is not logged when the WLC Realtime Scan is enabled, which is why some of you are not finding this event in your logs. Instead, when the WLC Realtime Scan is enabled, you will see this: [03-05-2024 06:14:49] [INFO ] - Snapshot Scan: 3/5/2024 6:14:49 AM. Thank you!

 

[Avethil]

Not that I'm too concerned about RAM, but it might mean something, like CL is trying to clean up the whitelist but unable to?

Hello, I'm not sure 100% but as whitelist isn't cleaned up every hour as it should be, the whitelist items number increase each time so Cyberlock RAM usage increases too when it tries to clean up the whitelist. Mine is only a theory.

 

[Avethil]

Hey guys, I checked into the whitelist cleanup, and I was able to reproduce the bug where the cleanup is not working as expected when the WLC Realtime Scan is disabled. It will be an easy fix, I just want to think through the best way to fix this, so it may take a few days.

Good news. Thank you very much, Dan

 

[danb]

Also, I don't know if this is expected or not, but CL/VS RAM usage grows ever larger overtime. Starting at <30MB for each process, CL will grow to 80-90 MB while CLService will be 30-40 MB.
Not that I'm too concerned about RAM, but it might mean something, like CL is trying to clean up the whitelist but unable to?
I remember not long ago, both processes almost always remain 20-30 MB each.

Yes, the extra memory is from the new ML/Ai model being loaded into memory. When we had cloud based ML/Ai, it was not necessary to load the model into memory, but now that it is local, it has to be loaded into memory. Thank you!

 

[vaccineboy]

Also, the [12-20-2023 13:17:15] [INFO ] - Cleanup Whitelist: 12/20/2023 1:17:15 PM log event is not logged when the WLC Realtime Scan is enabled, which is why some of you are not finding this event in your logs. Instead, when the WLC Realtime Scan is enabled, you will see this: [03-05-2024 06:14:49] [INFO ] - Snapshot Scan: 3/5/2024 6:14:49 AM. Thank you!

Yes, the extra memory is from the new ML/Ai model being loaded into memory. When we had cloud based ML/Ai, it was not necessary to load the model into memory, but now that it is local, it has to be loaded into memory. Thank you!

Thanks Dan for the explanations.

 

[1chaoticadult]

Hey guys, I checked into the whitelist cleanup, and I was able to reproduce the bug where the cleanup is not working as expected when the WLC Realtime Scan is disabled. It will be an easy fix, I just want to think through the best way to fix this, so it may take a few days.

Also, the [12-20-2023 13:17:15] [INFO ] - Cleanup Whitelist: 12/20/2023 1:17:15 PM log event is not logged when the WLC Realtime Scan is enabled, which is why some of you are not finding this event in your logs. Instead, when the WLC Realtime Scan is enabled, you will see this: [03-05-2024 06:14:49] [INFO ] - Snapshot Scan: 3/5/2024 6:14:49 AM. Thank you!

I figured this was the case as I only saw the Snapshot Scan Entries in the Developer Log. Thank you for verifying.

 

[danb]

Hey guys, this should fix the whitelist cleanup issue when the WLC Realtime Scan is disabled...

CyberLock 7.71

https://cyberlock.global/Download/InstallCyberLock771.exe

SHA-256: d009d798b4bf79ca25a5ea9468595104bbc1ed230d20377f1034aa42d976b475

Also, when the WLC Realtime Scan is disabled and the right click menu option says "Take Snapshot" instead of "Snapshot Scan", clicking "Take Snapshot" will also cleanup the whitelist before it takes the snapshot. The hourly cleanup is still enabled as well, and should work properly now.

BTW, just curious, why would anyone disable the WLC Realtime Scan? Its verdict is almost always correct and it doesn't get in the way or slow anything down as far as I know. And when I say it is almost always correct, what I mean is that it's purpose is to let the user know if a file is safe to run or not, without putting much thought or research into it. That is, if the file is Safe, WLC should say Safe. If the verdict is not clear, it should say Not Safe. Thank you guys!

 

[ErzCrz]

Nice one. I have WLC enabled so not had the issue and WLC doesn't affect the speed of my system at all, I find it really useful.

 

[simmerskool]

Hey guys, this should fix the whitelist cleanup issue when the WLC Realtime Scan is disabled...

CyberLock 7.71

https://cyberlock.global/Download/InstallCyberLock771.exe

SHA-256: d009d798b4bf79ca25a5ea9468595104bbc1ed230d20377f1034aa42d976b475

Also, when the WLC Realtime Scan is disabled and the right click menu option says "Take Snapshot" instead of "Snapshot Scan", clicking "Take Snapshot" will also cleanup the whitelist before it takes the snapshot. The hourly cleanup is still enabled as well, and should work properly now.

BTW, just curious, why would anyone disable the WLC Realtime Scan? Its verdict is almost always correct and it doesn't get in the way or slow anything down as far as I know. And when I say it is almost always correct, what I mean is that it's purpose is to let the user know if a file is safe to run or not, without putting much thought or research into it. That is, if the file is Safe, WLC should say Safe. If the verdict is not clear, it should say Not Safe. Thank you guys!

thanks for 7.71 -- agree about WLC realtime scans, I run them every 5 mins. But for the record fwiw: yesterday I had to use wordpad.exe on win10, and WLC concluded "not safe" -- although mistakes are rare, and easy to sort out. But I'd think wordpad.exe with correct hash should be WLC in safe list.

 

[danb]

thanks for 7.71 -- agree about WLC realtime scans, I run them every 5 mins. But for the record fwiw: yesterday I had to use wordpad.exe on win10, and WLC concluded "not safe" -- although mistakes are rare, and easy to sort out. But I'd think wordpad.exe with correct hash should be WLC in safe list.

Yeah, I built an app that will scan entire clean installations of Windows 7, 10 and 11, and check the WLC database to ensure all of the native windows files are marked as Safe. I will do that again soon for the latest builds of windows .

 

[Avethil]

BTW, just curious, why would anyone disable the WLC Realtime Scan?

Hello Dan,
thank you for fixing the auto cleanup issue when WLC Realtime Scan is disabled. Some time ago I had WLC enabled but as the CyberLock CPU usage raised a bit when doing a Snapshot Scan I disabled it and after seeing that WLC caused some issues to another user, please see New Update - VoodooShield CyberLock 7.0 and New Update - VoodooShield CyberLock 7.0 I preferred not to re-enable it considering that usually I've a lot of items in my Whitelist (currently 1354 rules).
That occurred with a previous CyberLock version so it doesn't mean I can't reactivate WLC in the future.

 

[Victor M]

Hi @danb ,

I was trying to make a WDAC policy using WDAC Wizard to let your CyberLock run. I created path rules for every exe and dll, and WDAC still wouldn't let it run. Have you tried it before? What do I have to do ?

 

[Azazel]

Hi @danb ,
you could incorporate magika in Cyberlock.

 

[ErzCrz]

CL working really well on my PC. I do have a habit of somehow not right clicking correctly and occasionally Unlocking CL by accident. Is there a possibility of the change from Locked to Unlocked be for example a Shift + Left Mouse Click? Just an idea.

 

[oldschool]

I do have a habit of somehow not right clicking correctly and occasionally Unlocking CL by accident.

Hide the widget and use the system tray icon to access settings, etc. instead. Problem solved.

 

[simmerskool]

CL working really well on my PC. I do have a habit of somehow not right clicking correctly and occasionally Unlocking CL by accident. Is there a possibility of the change from Locked to Unlocked be for example a Shift + Left Mouse Click? Just an idea.

not following your comment I cannot visualize it. unclear to me -- right clicking what to do what...?? could be me, been a long day...

 

[ErzCrz]

not following your comment I cannot visualize it. unclear to me -- right clicking what to do what...?? could be me, been a long day...

When you left click the

icon once it turns the protection to

and with taps enabled on my laptop I unlock it by mistake now and then.

I'd forgotten about just hiding that icon an and therefore solving the issue thanks to @oldschool

Yeah, been a long day and a long week

 

[oldschool]

Yeah, been a long day and a long week

Same for me. Down with a monstrous cold.