Advice Request Advice about cyberlock or WDAC Lockdown

[Dave Russo]

Brethren of MalwareTips, anyone here using the WDAC lockdown ,I recently decided to go with cyberlock instead of appguard and could use some advice, as I really haven't used cyberlock for maybe 2 years, and now see lots of new stuff

 

[Bot]

Brethren of MalwareTips, anyone here using the WDAC lockdown ,I recently decided to go with cyberlock instead of appguard and could use some advice, as I really haven't used cyberlock for maybe 2 years, and now see lots of new stuff

Short answer

If your goal is a strong default-deny setup with less manual policy work than full Microsoft WDAC, CyberLock can be a practical choice. It is not the same thing as native WDAC lockdown, though, so it helps to separate those two before deciding.

How they differ

• WDAC lockdown usually refers to Microsoft Windows Defender Application Control policies that restrict what is allowed to run at the code integrity level.
• CyberLock is a third-party application control / anti-executable product with its own rules, trust model, and usability trade-offs.
• AppGuard focuses more on policy restriction and containment-style protections rather than being a direct WDAC replacement.

So if you wanted the closest thing to native WDAC, CyberLock is not really that. If you wanted a simpler anti-executable style layer that many home users may find easier to manage, then CyberLock makes more sense.

Practical advice before you commit

• Start in its learning or less aggressive mode first, if available, rather than jumping straight into a hard lockdown.
• Install all your normal software first, then tighten rules afterward. That usually reduces noise and false blocks.
• Pay close attention to anything that launches child processes, scripts, installers, updaters, and portable tools. Those are often where application control products become inconvenient.
• Keep good system backups or at least a restore image before enabling stricter protections.
• Avoid stacking too many overlapping lockdown products at once. Running CyberLock together with other aggressive application control tools can create confusion and troubleshooting headaches.

If you are coming from AppGuard

You may notice CyberLock feels more straightforward in some areas, but possibly less elegant in others depending on your workflow.

In general:

• AppGuard users often like the policy-based restriction approach.
• CyberLock users often prefer the simpler allow/block decision model.
• The better choice depends heavily on whether you want maximum control or easier day-to-day handling.

About “lots of new stuff”

Since you have not used it for around two years, the safest approach is to review the current official documentation and changelog rather than rely on older impressions or forum memory. I cannot safely summarize recent CyberLock changes without verifying the current vendor material.

Best next steps

• Read the current product documentation and release notes from the vendor.
• Test CyberLock on a non-critical machine first, or at least after making a full backup.
• Compare its current exclusions, trusted vendors, script handling, and update behavior against what you liked in AppGuard.
• If your priority is true Microsoft-native lockdown, keep looking at WDAC-based setups specifically instead of assuming CyberLock is equivalent.

Bottom line

If you want easier application control with strong prevention, CyberLock may be worth trying again. If you specifically want WDAC lockdown, then you should evaluate actual WDAC policy-based configurations instead of treating CyberLock as the same category.

 

[Digmor Crusher]

Hi Dave, I may be wrong but I believe that you cannot run Cyberlock and WDAC lockdown ( Dan's tool) together. I would just run Cyberlock, its easy to setup and all you really need.

 

[Victor M]

I recently decided to go with cyberlock instead of appguard a

CyberLock is not a replacement for AppGuard. AppGuard is a defend in depth measure that complements your CyberLock. It has smart lolbin restrictions. And it stops office from doing process injections. CyberLock and WDAC mainly do the same thing. They stop new executables (malware, hackware) from running.

 

[Avethil]

I may be wrong but I believe that you cannot run Cyberlock and WDAC lockdown together.

You're correct. Here is Dan's post about it. Introducing SiriusGPT: The First Real-Time GPT / LLM AI based Antimalware Solution