App Review AppGuard vs CyberLock

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/AppGuard-vs-CyberLock:6

AppGuard and CyberLock are system reinforcement software.
They will block unknown software (or suspicious behavior) to help your antivirus software.
Please note: they do not replace your antivirus software!
But they do work differently: AppGuard simply prohibits, while CyberLock goes further.
Let's compare them!



AppGuard :
The software is very light, but it has a way of working that I don't like: it blocks and that's it!
It gives no details and no reason...
It behaves like an anti-exe, blocking anything it deems suspicious. That's fine, because the machine hasn't suffered any damage, but if you download a program from a small unsigned publisher, it will be blocked.
I also find the interface rather austere, not suitable for novices.
Machine is clean (normal, it blocks everything)

CyberLock/VoodooShield :
The interface is much more welcoming and user-friendly, even though it's packed with settings.
I activated WhitelistCloud but it made a false positive which I ignored before testing.
CyberLock blocks all executions during URLS like AppGuard, it analyzes with its AI and gives a score. What I love: It's clear and I can quarantine!
On the pack, CyberLock also blocks everything except the scripts it failed to analyze. So I authorized it once before blocking: it ended up infecting the machine.
MSBuilder is in memory, connected and active!
NPE detects traces, while KVRT detects the Trojan in memory.

Request : @Dave Russo & @danb

@danb : I still have the archive if you need it

 

[Bot]

Thanks for the detailed comparison between AppGuard and CyberLock. It seems that while both are effective in their own ways, CyberLock provides more information about what it's blocking and why, which can be beneficial for users who want to understand more about potential threats. However, it's concerning that it missed a script that ended up infecting the machine. It's a reminder that no security solution is perfect and we should always be cautious when downloading and installing new software.

 

[Victor M]

I have always liked anti-exe's . Default deny at it's best.

 

[danb]

Hey Shadowra, thank you for the test... I do not remember requesting this test, but thank you either way, every little bit helps, and I think we might have stumbled on to something that we need to optimize.

And that is, I am confused why during the test, CyberLock recommended 100% of the time for each sample, that the user click Block, but you clicked Allow.

Was there a reason that you clicked Allow, even though the recommendation was to click Block? Or do we need to make the recommendation more clear to the end user? I am only asking so we can make any necessary adjustments. I have often thought that the blue Recommended label on the recommended button might not be clear enough to the end user, so if anyone has any ideas on how we can make the recommendation more obvious to the end user, please let me know. Maybe we can highlight the border of the recommended button in a certain color or something. Thanks again!

 

[Victor M]

Green means best choice to me.

 

[danb]

Green means best choice to me.

Yeah, and it might be a regional thing as well, so maybe we can make the color optional.

I have been working on the new simple mini prompt quite a bit. I know a lot of old time users are used to the standard prompt, but I really think the new simple mini prompt is the future, once we optimize it.

 

[Shadowra]

And that is, I am confused why during the test, CyberLock recommended 100% of the time for each sample, that the user click Block, but you clicked Allow.

Was there a reason that you clicked Allow, even though the recommendation was to click Block? Or do we need to make the recommendation more clear to the end user?

Are you talking about scripts?

 

[Dave Russo]

I have both programs, and both are excellent, Cyberlock is a way better program comparing cost, but Appguard does run smoothly and apparently(from past reports have read) apparently has been adjusted as I have had no disruptive problems,There is a setting that must be used when downloading any new programs, under protection which has allow installs, Cyberlock has an excellent context setting for virus total,I recommend either as really strong protection with pretty much any AV you like

 

[danb]

Are you talking about scripts?

I am talking about the second half of the test, I have not watched the first half (URL test) closely yet. But yes, for the second test, CyberLock recommended to the user to click Block for all of the samples.

This might be easier... what was the time in the video timeline where MSBuilder was allowed to run?

 

[Dave Russo]

Thanks Shadowra, for your time to produce another great video,

 

[simmerskool]

And that is, I am confused why during the test, CyberLock recommended 100% of the time for each sample, that the user click Block, but you clicked Allow.
Was there a reason that you clicked Allow, even though the recommendation was to click Block?

user "testing error" or let's see what happens if user clicks "allow" against CL recommendation, or doing what typical user does. CL protects you if you let it protect you.
so far I've only read the summary of each, but familiar with both.** re AG agree mostly except for "it gives no details and no reason" -- iirc AG's logs are on by default and it can overkill you with info if you look at it, and you have to learn to ignore some of it -- my experience. I use them both but not on the same system. Both work great for me. I like WLC on CL and its right click scan of a file.
** running linux tonight and its audio/video can be buggy

 

[simmerskool]

I have both programs, and both are excellent, Cyberlock is a way better program comparing cost, but Appguard does run smoothly and apparently(from past reports have read) apparently has been adjusted as I have had no disruptive problems,There is a setting that must be used when downloading any new programs, under protection which has allow installs, Cyberlock has an excellent context setting for virus total,I recommend either as really strong protection with pretty much any AV you like

yes I am currently running both too. (CL old-timer) As far as installing an app, I also set CL to "disable/install" while installing except perhaps for windows updates, and you need to do the same in AG.

 

[Digmor Crusher]

Having used both of these programs I assumed that both would protect 100%, a bit surprised CL let something slip through. ( Is the only reason it slipped through is that Shadowra allowed it?)

If I were asked to recommend a bulletproof solution it would be one of these two.

A few years ago my favourite setup was EAM and Appguard.

 

[Duotone]

Out of curiosity why were those scripts allowed? I assume if it were blocked then the system would not be infected...

 

[Shadowra]

Out of curiosity why were those scripts allowed? I assume if it were blocked then the system would not be infected...

Because CyberLock can't analyze a script.
Let's say a user accidentally authorizes the file, I wanted to see what happened and if CyberLock knew how to catch up, which I did.

I am talking about the second half of the test, I have not watched the first half (URL test) closely yet. But yes, for the second test, CyberLock recommended to the user to click Block for all of the samples.

This might be easier... what was the time in the video timeline where MSBuilder was allowed to run?

5:21
I first authorized a script and then quarantined an executable.
The best thing would be to set up a scoring system for scripts too, to determine how dangerous they are, because as you can see, a user error can happen very quickly...

 

[danb]

Out of curiosity why were those scripts allowed? I assume if it were blocked then the system would not be infected...

100% of the scripts and files were blocked, and only executed once the Allow button was clicked. Slow the video down to 0.25 and you will see.

WhitelistCloud and VoodooAi are not capable of analyzing every single file type. This is true with all scanners, they all have limitations on what file types they are able to analyze.

So in the test, whenever there was a file type that CyberLock was not able to analyze, Shadowra clicked Allow, but the recommendation in the user prompt was to Block for all of the files and scripts. Shadowra was just seeing what would happen if the user clicked Allow. Whenever I perform efficacy tests, I always click the button that is recommended.

Having said that, it would be a good idea to make the user recommendation even more obvious than it currently is. That is one of the things I have been working on, mainly in the new simple user prompt.

 

[danb]

Because CyberLock can't analyze a script.
Let's say a user accidentally authorizes the file, I wanted to see what happened and if CyberLock knew how to catch up, which I did.




5:21
I first authorized a script and then quarantined an executable.
The best thing would be to set up a scoring system for scripts too, to determine how dangerous they are, because as you can see, a user error can happen very quickly...

CyberLock can analyze some scripts, but there are some it is not able to analyze yet. Do you think the blue Recommended label on the Block button is sufficient, or should we make the user recommendation more obvious?

Thanks again for the test!

 

[Shadowra]

CyberLock can analyze some scripts, but there are some it is not able to analyze yet. Do you think the blue Recommended label on the Block button is sufficient, or should we make the user recommendation more obvious?

Thanks again for the test!

On the scripts, I'll be highlighting the blocking much more to avoid running into an infection.

Why not even the possibility of placing it in quarantine if VoodooAI has determined a score.

 

[Duotone]

Because CyberLock can't analyze a script.
Let's say a user accidentally authorizes the file, I wanted to see what happened and if CyberLock knew how to catch up, which I did.

I understand that you wanted to demonstrate or test CL's reaction. Enabling something that has been marked as suspicious leaves your system vulnerable. However, it's obviously a different matter if blocked was clicked and the system remained compromised.

Although I own both of these programs, I have chosen to continue with CL because it is considerably easier to use and more cost-effective for me. I loved AG, but it needed a lot of adjusting because it can't identify which is either good or bad.

 

[Andy Ful]

AppGuard :
It behaves like an anti-exe, blocking anything it deems suspicious.

A few years ago I was asked to bypass the AppGuard protection by @Lockdown (AppGuard staff). I had an opportunity to take a closer look. When executing malware AppGuard looks like a dumb Anti-Exe and Anti-Scripting blocker, but it is not what is happening. AppGuard is a unique combination of three features that can provide:

1. Restriction of launches from risky folders or of dangerous OS utilities.
2. Containment.
3. Isolation.

One can run many applications (like MS Office) and they are protected against exploitation. AppGuard can protect already installed trusted applications while allowing automatic updates.

AppGuard can be very useful and strong protection in enterprises.

https://www.appguard.us/wp-content/uploads/2023/01/How-AG-Works-Tech-Sheet-vUS.pdf

https://csazerotrust.co.uk/SoloUserGuide.pdf