New Update CyberLock 8.0

[danb]

When CL spits out its results, could it also just show the virustotal score rather than asking "would you like a 2d opinion" or is there a restriction about that... I got hungup last night running sysinternals sigcheck with VT as there's a limit of 4 lookups per minute for my standard free API key. Just a suggestion

No, we removed VirusTotal quite some time ago, and truly the WhitelistCloud and VoodooAi scans are a MUCH better fit for the Zero-Trust use case. VirusTotal scans for malicious files, whereas WhitelistCloud scans for Safe files... it is the perfect fit.

 

[danb]

@danb
Is there a chance that you will finally implement some of the former Yugoslav languages in the new v8 version? It can be any of these three: Bosnian, Croatian or Serbian. These are languages spoken by at least 50 million people in the world. I can spare my time to help with translation and correcting mistakes.

Sure, we can add new languages sometime in the new couple of months. Please email me an a month and let me know what languages we should add.... support at cyberlock.global, thank you!

 

[danb]

Hey Guys,

Here is the latest version, I believe we are ready for the 8.0 release, but if you find anything please let me know!

All known bugs have been fixed... and BTW, if you want CyberLock to be able to upload files for analysis, please do not block port 1433 .

CyberLock 7.97

https://cyberlock.global/Download/InstallCyberLock797.exe

SHA-256: 58fec35f2fa6de88eb2fd6114dc463b626f40d47d691906d928f3d6eb3d32497

Thank you guys!

 

[rashmi]

BTW, if you want CyberLock to be able to upload files for analysis, please do not block port 1433.

Jio or Vodafone ISP users from India, please respond. Does CyberLock analyze unknown files and show a verdict? It doesn't for me. It appears most ISPs here block some ports, including 1433.

 

[Avethil]

Hello,
would it be possible to add a selectable option to globally disable autoblocks ? I checked CyberLock user log and I found several autoblocks that prevented me to install legitimate software on my system such as Windscribe VPN installer, Wintun driver, .NET Runtime and Wireguard driver. Adding those items to whitelist isn't a viable solution because very often they are re-created in a different path and anyway you have to interrupt the setup to check the CyberLock user log to see what items are autoblocked. To install that software I had to exit completely from CyberLock right-clicking on its taskbar icon than exit. If it's not possible to disable autoblocks is there a workaround to avoid this issue ? Thanks
I have Cyberlock 7.97 beta.

 

[oldschool]

Auto blocks are what I have encountered, and one thing I don't like about VS. No warning. Nothing. I don't remember encountering this problem in very early versions, or at least not as often.

But I'm also pretty certain @danb will have an explanation to aid our understanding.

 

[Avethil]

Auto blocks are what I have encountered, and one thing I don't like about VS. No warning. Nothing. I don't remember encountering this problem in very early versions, or at least not as often.

But I'm also pretty certain @danb will have an explanation to aid our understanding.

Hello, I first noticed autoblocks in 7.90 beta when I couldn't update Google Chrome

New Update - CyberLock 8.0

I've experienced outages and slow internet speeds from my ISP for the last few days, with no resolution yet. I'm unsure if that's the cause of the problem. I will verify after the ISP fully resolves the issue. I have had some intermittent wifi connection issues recently, but it has stabilized...

malwaretips.com

 

[oldschool]

Hello, I first noticed autoblocks in 7.90 beta when I couldn't update Google Chrome

Same here, at least for recent auto blocks. It's supposed to be fixed with latest beta version.

I've also encountered them generally in earlier v 7.xx versions, maybe even earlier.

 

[simmerskool]

Hello, I first noticed autoblocks in 7.90 beta when I couldn't update Google Chrome

I'm pretty sure some auto-blocks were around before 7.90, some are hard-wired in IIRC, but yes, let's wait for @danb to explain.

 

[simmerskool]

Same here, at least for recent auto blocks. It's supposed to be fixed with latest beta version.

"recent auto-blocks..." fwiw if issue is related to Chrome -- I don't have it installed, so quite possible I'm missing something...

 

[danb]

Hello,
would it be possible to add a selectable option to globally disable autoblocks ? I checked CyberLock user log and I found several autoblocks that prevented me to install legitimate software on my system such as Windscribe VPN installer, Wintun driver, .NET Runtime and Wireguard driver. Adding those items to whitelist isn't a viable solution because very often they are re-created in a different path and anyway you have to interrupt the setup to check the CyberLock user log to see what items are autoblocked. To install that software I had to exit completely from CyberLock right-clicking on its taskbar icon than exit. If it's not possible to disable autoblocks is there a workaround to avoid this issue ? Thanks
I have Cyberlock 7.97 beta.

View attachment 288316

View attachment 288317

View attachment 288318

View attachment 288320

Thank you for letting me know! We do not have to have an option... we just need to fix the issue, then there will not be any unwanted Auto Blocks. The only Auto Block you should ever see is when the user does not respond to a prompt (clicking Allow or Block on a prompt), either because they are away from their computer, or they chose to not respond to the prompt. Either way, you gave me several examples to work from, so this should be an easy fix, I will look at it tonight and should have a fix very soon.

So in short, you should never see Auto Block entries when you are installing or running new software, assuming that you reply to the prompts. You might see a small handful of Auto Blocks for items that were blocked when you were away from the computer, but over time they will be allowed... but this is mainly for whitelists that are quite new. If someone has a well developed whitelist that is a month or so old, there should be even few blocks.

These were actually the Auto Blocks that I have been asking for users to report when they see them . Thank you!

 

[danb]

In short, Auto Block means the user did not respond to the prompt, and the item needed to be blocked because it was not whitelisted, or have another feature to auto allow the item... like the Digital Signature Whitelist, Attack Chains, etc.

These might be vulnerable process blocks... but either way, if the user is responding to prompts, there should not be ANY Auto Blocks. If there are, then that means there is a bug that needs to be fixed.

 

[Avethil]

Thank you for letting me know! We do not have to have an option... we just need to fix the issue, then there will not be any unwanted Auto Blocks. The only Auto Block you should ever see is when the user does not respond to a prompt (clicking Allow or Block on a prompt), either because they are away from their computer, or they chose to not respond to the prompt. Either way, you gave me several examples to work from, so this should be an easy fix, I will look at it tonight and should have a fix very soon.

So in short, you should never see Auto Block entries when you are installing or running new software, assuming that you reply to the prompts. You might see a small handful of Auto Blocks for items that were blocked when you were away from the computer, but over time they will be allowed... but this is mainly for whitelists that are quite new. If someone has a well developed whitelist that is a month or so old, there should be even few blocks.

These were actually the Auto Blocks that I have been asking for users to report when they see them . Thank you!

Hi Dan,
first of all thank you for the quick reply, even on Sunday
I can say it's a bug because I didn't get any Allow / Block prompt when installing that software. Furthermore for Wintun and Wireguard drivers there are a lot of autoblocks so it's improbable I couldn't see at least one CyberLock's Allow / Block prompt and I was always in front of the PC while installing that software.

 

[danb]

Sure, thank you as well! I think I might know what is going on...

I do not have any Auto Blocked entries in my C:\ProgramData\CyberLock\DeveloperLog.log, but here is a User Blocked Entry, and they are logged the exact same way, so we can use this as an example...

[04-26-2025 01:20:24] [INFO ] - User Blocked: tester.bar | ProcessPath: c:\users\user\desktop\test files\tester.bar ................ RuleID: 22 | Allowed: False

See the Allowed: False at the very end of the entry? That tells you if the item was actually allowed or not. The reason we know this is because that is the actual value that is sent to the kernel mode driver. The first part of the entry... User Blocked: tester.bar, changes as the event navigates through the rules... it should be correct, but off the top of my head, I think I know where there might be a bug in the code that would assign this the wrong value of Auto Blocked.

So what we need to know... for the files that were marked as Auto Blocked, can you please look in your C:\ProgramData\CyberLock\DeveloperLog.log and check the last value (you can just open the DeveloperLog.log in Notepad and search for Auto Blocked). If the last value is Allowed: True, then that means the item was not blocked at all... it means there is a bug in the logging, and as I was saying, I think I know right where it is.

However, if the last value says Allowed: False, please let me know the specific example, because that means the item was actually blocked, and we definitely need to fix that (or the logging bug if that is what is wrong).

But I totally agree with you... stuff should not be blocked nilly willy, it can create serious problems. A great example is when someone is installing a driver and an item is silently blocked... then a week later they have no idea why their video card is not working correctly. And actually, we have seen this on here before with some other deny-by-default product, and I think it was simmerskool that noticed it... it was blocking like 1,000 items an hour. That is insanity.

Security products should keep you safe, not break your computer, and thankfully most security products have gotten a lot better at not breaking your computer the last 5 or so years. Remember 10-20 years ago? Pretty much all of them were guaranteed to at least slow down your system.

Anyway, please let me know the last value of the Auto Blocked entries in your DeveloperLog.log... especially if the last value is Allowed: False, and if so, please let me know how to recreate that block (let me know what was blocked). Thank you!

 

[Avethil]

you can just open the DeveloperLog.log in Notepad and search for Auto Blocked

I opened the file with Notepad++ but it didn't found any reference to Auto Blocked



For the items I posted above there are simply multiple references like these, with different numbers after HandleProcess:
[04-24-2025 19:01:17] [INFO ] - HandleProcess 1: c:\windows\temp\windscribeinstaller22639\7zr.exe
04-27-2025 13:53:26] [INFO ] - HandleProcess 1: c:\windows\temp\{3de0f66d-a6e2-44dc-8fc7-f1f090bdf467}\.cr\netruntimeinstaller86.exe
[04-25-2025 19:18:02] [INFO ] - HandleProcess 1: c:\windows\temp\27511a5b46cd529821ef22367f58ca0884b7d257c3dbcefd2448678ff68caf46\wintun.inf
[04-27-2025 14:52:44] [INFO ] - HandleProcess 1: c:\windows\temp\c007ab0523ab9dbf277c8a6d8ae881baaee18aa9a9629e70959750483384e665\wireguard.inf

 

[rashmi]

I use CyberLock Smart or Always ON mode with the deny-by-default option and countdown timer for alerts disabled. I have not experienced CyberLock auto-blocking apps or installation.

 

[danb]

The Auto Blocked issue should be completely fixed! I always say "that will be an easy fix"... this was not an easy fix (it was not crazy hard though), but the good news is that I believe it is 100% fixed. Since you supplied me with several test files to reproduce the bug, it made it a lot easier to track down and fix the bug... so thank you for letting me know which files you were having issues with. I doubt there will be anymore Auto Blocked issues, but if there are, please send me a link to download the file and I will fix it asap. One of the problems in fixing this bug is that I never have any Auto Blocked events... so I never experience this issue.

So here is the fixed version, I tested with Windscribe, Wireguard and a .NET installer, and it worked perfectly after the bug was fixed... even the logging . It really is vital that we do not silently block stuff that needs to run, so I am happy this is fixed. Please feel free to uninstall some of your apps that you were having issues with, and reinstall them to test. But if you do test, please make sure to uninstall the apps, then reset the CyberLock Whitelist and User Log, then try to reinstall the apps. I reinstalled Windscribe so many times during testing that it stopped giving me the "Sorry to see you go" website .

CyberLock 7.98

https://cyberlock.global/Download/InstallCyberLock798.exe

SHA-256: bb2bb2964da1675b2bf7b85988c976eb713bd2b48d24f1e765c79e7ce68e9056

I think this version really is ready for an 8.0 release, but if there are any other issues, please let me know, thank you!

 

[rashmi]

Is displaying the upload progress for unknown files, besides analysis, workable?

 

[simmerskool]

I just installed 7.98 over 7.97 but first I put 7.97 in disable/install mode. Then 7.98 with runbysmartscreen. it balked, but [try again] and it installed, I then opened settings because I want to reset the Whitelist (387), but first looked at User Log. in the open screen I see 3 "auto-blocked" installcyberlock797.tmp, updater.exe \appdata\local\temp\ , & installcyberlock798.tmp -- these 3 are (were) all in \appdata\local\temp\ ( fwiw -- fwiw)

 

[danb]

Is displaying the upload progress for unknown files, besides analysis, workable?

I tried this a while back and it did not work great in practice, although it sounds great in theory. First, it is not very accurate... and what about retries when the upload fails? At some point I might revisit this, but probably not in the near future. Thank you for the suggestion though!