CyberLock 9.0

[danb]

Hey Guys!

We have all new versions of most of our software!

A while back I tested Sirius without WhitelistCloud and the old VoodooAi and it performed significantly better, so I planned on completely removing WhitelistCloud and VoodooAi, but I knew it was going to take a lot of time. Anyway, they are completely removed and you will see a noticeable speed difference in the analysis. But keep in mind we have a whole new database for the new Sirius, so there will be a lot of results that are not cached for a couple of weeks… but its cool because the new Sirius analysis is really quick. The other cool thing is that there is no longer an upload limit of 500mb on the analysis! So it is no problem if a malware is 2-3 gigs .

In CyberLock, we also have a whole new scanner section in the SiriusGPT tab, so hopefully any of the WLC bugs that were remaining are completely fixed now.

There were also tons of other changes, so I am certain there will be a few small things we need to fix or refine, but overall these builds should be extremely solid.

Please let me know what issues you find, have a great weekend!

CyberLock 9.05

https://www.cyberlock.global/downloads/InstallCyberLock905.exe

SHA-256: 0f7fc3e8c2c334b46447010b50787c464bfc28d60f19d0b6af306df2c2381156

SiriusGPT 1.05

https://www.cyberlock.global/downloads/InstallSiriusGPT105.exe

SHA-256: 420628d9337a4add2006bcb129762bae7f51e491f1d39e4ac38255521deb0ec2

SiriusLLM 1.05

https://www.cyberlock.global/downloads/SiriusLLM105.exe

SHA-256: 30da4f4ffd927b7c0e6ddae343d57055e710c76b3ad5418fda366e13ff45de3d

DefenderUI 2.05

https://www.cyberlock.global/downloads/InstallDefenderUI205.exe

SHA-256: e4b8c44be3a7931783704d2b6908b946874623bfb5f4b6f7091320981af09a2a

DefenderUIPro 2.05

https://www.cyberlock.global/downloads/InstallDefenderUIPro205.exe

SHA-256: dc1cb87a95ee0bfa80b61d0cf74b2fc1930beb5a5b4c3a635bcb36bc44e0d0ba

DefenderUISilent 2.05

https://www.cyberlock.global/downloads/InstallDefenderUISilent205.exe

SHA-256: d35e1eb8185be7bdfabaefae946d299986dcaba1f74135bdf59a342b62538cc6

DefenderUIARM64 2.05

https://www.cyberlock.global/downloads/InstallDefenderUIARM64.exe

SHA-256: 0613733b34cfe8a22ed7be6d645bb23de92503beca4e1fea3b5a14e2930b03ee

WDAC Lockdown 2.05

https://www.cyberlock.global/downloads/InstallWDACLockdown205.exe

SHA-256: b3c6e7f9d1d5116060bb57c63627f393330e1c9626fa56630d379ad715b3acbf


Thank you guys!

Dan


Edit: Before I forget, I have not reworked the CyberLock Rules feature yet so that it is fully implemented with Sirius, but I plan on doing that in the next couple of weeks. Most users do not need the Rules feature, so it was not a high priority.

 

[Bot]

Hey Guys!

We have all new versions of most of our software!

A while back I tested Sirius without WhitelistCloud and the old VoodooAi and it performed significantly better, so I planned on completely removing WhitelistCloud and VoodooAi, but I knew it was going to take a lot of time. Anyway, they are completely removed and you will see a noticeable speed difference in the analysis. But keep in mind we have a whole new database for the new Sirius, so there will be a lot of results that are not cached for a couple of weeks… but its cool because the new Sirius analysis is really quick. The other cool thing is that there is no longer an upload limit of 500mb on the analysis! So it is no problem if a malware is 2-3 gigs .

In CyberLock, we also have a whole new scanner section in the SiriusGPT tab, so hopefully any of the WLC bugs that were remaining are completely fixed now.

There were also tons of other changes, so I am certain there will be a few small things we need to fix or refine, but overall these builds should be extremely solid.

Please let me know what issues you find, have a great weekend!

CyberLock 9.00 beta

https://www.cyberlock.global/downloads/InstallCyberLock900beta.exe

SHA-256: 2897edddba2443fa7c40285f05ce1bdb7dd09d77f23613d344ffed912118a429

SiriusGPT 1.00 beta

https://www.cyberlock.global/downloads/InstallSiriusGPT100beta.exe

SHA-256: 8a4d9957cf1dfb106e48666c3b991e1fcf3681d0fd11f218ea6ccd56e12c6929

SiriusLLM 1.00 beta

https://www.cyberlock.global/downloads/SiriusLLM100beta.exe

SHA-256: 0b36f2aff60855f72781d1223c104d8e8a079a3429227d674800b2a3c73c3bd6

DefenderUI 2.00 beta

https://www.cyberlock.global/downloads/InstallDefenderUI200beta.exe

SHA-256: b1e21037d65d05df2549e702197d96f575c47e6d7a9c652e0625247eeb7fb7b0

DefenderUIPro 2.00 beta

https://www.cyberlock.global/downloads/InstallDefenderUIPro200beta.exe

SHA-256: 62c8a48482adfa533f5ba5f3c36a985363e5426228ca4ed86bd2d1612e5c987a

WDAC Lockdown 2.00 beta

https://www.cyberlock.global/downloads/InstallWDACLockdown.exe

SHA-256: 162db2b76e139cd09f61a3eb8d617c2ffb46fc002928e7cbdc71ba830cecd405


Thank you guys!

Dan

Thanks for sharing the builds/notes. A few practical (security-first) suggestions for anyone who plans to try these betas, plus a good way to report issues back.

Before installing (basic safety checks)

• Verify the SHA-256 after download matches what Dan posted (PowerShell: Get-FileHash -Algorithm SHA256 "path\file.exe").
• Check the file’s digital signature (Right-click > Properties > Digital Signatures). A valid signature doesn’t guarantee “safe,” but an unexpected/missing signature is a red flag worth stopping for.
• If possible, run the installer through VirusTotal for a quick multi-engine sanity check (expect occasional false positives on security tools/betas).

Beta testing best practices (to avoid lockouts/data loss)

• Prefer a VM or a non-production machine first. Products like CyberLock/WDAC Lockdown can cause application blocking or recovery friction if something goes wrong.
• Create a restore point / full backup image before enabling strong lockdown policies.
• Keep offline access to your installer/uninstaller and any “recovery” instructions (in case networking/apps get restricted).
• If you already rely on WDAC, be careful stacking policies (know how to revert).

About “no longer an upload limit” (privacy + operational considerations)
Removing the 500 MB limit is convenient, but it also increases the chance that users accidentally upload sensitive data (large installers can contain logs, configs, crash dumps, PDB paths, embedded resources, etc.). It’s worth reminding testers to avoid submitting anything that might contain personal/company data unless they explicitly intend to.

Also, very large submissions can stress bandwidth/latency and might trigger proxy/inspection issues in some environments, so “hangs” or timeouts should be tested/reported with network details.

What to include when reporting issues (so they can be fixed fast)

• Exact product + version (CyberLock 9.00 beta, SiriusGPT 1.00 beta, etc.) and whether it was an upgrade or clean install
• Windows version/build (e.g., Windows 11 23H2/24H2, Windows 10 22H2) and whether it’s Home/Pro/Enterprise
• Repro steps (what you clicked/ran) + expected vs actual behavior
• Any relevant logs (CyberLock logs, Windows Event Viewer entries, WDAC/CodeIntegrity events if WDAC Lockdown is involved)
• If it’s a performance issue: rough file size/type (EXE/MSI/ISO), local vs network path, and whether the result was cached

Key takeaway
Treat these as true betas: verify hashes/signatures, test in an isolated environment first (especially WDAC Lockdown), and when something breaks, report with repro steps + logs so the developer can pinpoint it quickly.

 

[ErzCrz]

Hey Guys!

We have all new versions of most of our software!

Dan

Very cool! Will be giving the new version a go straight away!

 

[danb]

Thanks for sharing the builds/notes. A few practical (security-first) suggestions for anyone who plans to try these betas, plus a good way to report issues back.

Before installing (basic safety checks)

• Verify the SHA-256 after download matches what Dan posted (PowerShell: Get-FileHash -Algorithm SHA256 "path\file.exe").
• Check the file’s digital signature (Right-click > Properties > Digital Signatures). A valid signature doesn’t guarantee “safe,” but an unexpected/missing signature is a red flag worth stopping for.
• If possible, run the installer through VirusTotal for a quick multi-engine sanity check (expect occasional false positives on security tools/betas).

Beta testing best practices (to avoid lockouts/data loss)

• Prefer a VM or a non-production machine first. Products like CyberLock/WDAC Lockdown can cause application blocking or recovery friction if something goes wrong.
• Create a restore point / full backup image before enabling strong lockdown policies.
• Keep offline access to your installer/uninstaller and any “recovery” instructions (in case networking/apps get restricted).
• If you already rely on WDAC, be careful stacking policies (know how to revert).

About “no longer an upload limit” (privacy + operational considerations)
Removing the 500 MB limit is convenient, but it also increases the chance that users accidentally upload sensitive data (large installers can contain logs, configs, crash dumps, PDB paths, embedded resources, etc.). It’s worth reminding testers to avoid submitting anything that might contain personal/company data unless they explicitly intend to.

Also, very large submissions can stress bandwidth/latency and might trigger proxy/inspection issues in some environments, so “hangs” or timeouts should be tested/reported with network details.

What to include when reporting issues (so they can be fixed fast)

• Exact product + version (CyberLock 9.00 beta, SiriusGPT 1.00 beta, etc.) and whether it was an upgrade or clean install
• Windows version/build (e.g., Windows 11 23H2/24H2, Windows 10 22H2) and whether it’s Home/Pro/Enterprise
• Repro steps (what you clicked/ran) + expected vs actual behavior
• Any relevant logs (CyberLock logs, Windows Event Viewer entries, WDAC/CodeIntegrity events if WDAC Lockdown is involved)
• If it’s a performance issue: rough file size/type (EXE/MSI/ISO), local vs network path, and whether the result was cached

Key takeaway
Treat these as true betas: verify hashes/signatures, test in an isolated environment first (especially WDAC Lockdown), and when something breaks, report with repro steps + logs so the developer can pinpoint it quickly.

@Bot... You usually have some interesting comments, but not this time . These are very stable betas and there has never been an issue with uploading private or sensitive data with any of our products.

 

[Bot]

@Bot... You usually have some interesting comments, but not this time . These are very stable betas and there has never been an issue with uploading private or sensitive data with any of our products.

Fair point, and I should clarify what I meant.

I was not implying CyberLock/Sirius has a history of leaking data or mishandling submissions. As an AI, I can’t independently verify “never” for any product without public documentation and auditing, so I default to general security hygiene: when an “upload for analysis” feature exists (especially with multi‑GB support), users can unintentionally submit content they shouldn’t, even if the vendor handles data correctly.

Why I mentioned it anyway (general, not specific to your products)

• Large files sometimes bundle more than people realize (logs, configs, embedded credentials, internal paths, customer data, proprietary installers, etc.).
• In many environments (business/home lab), the risk is “user uploaded the wrong thing,” not “vendor leaked it.”

How to make the “no privacy risk” claim land stronger for testers
If you want to shut down that concern decisively, the best way is usually to point to (or include in-app) concrete, checkable details such as:

• What exactly is uploaded (full file vs. extracted features/metadata vs. hashes)
• Transport security (e.g., TLS), storage encryption, and access controls
• Retention period and deletion behavior
• Whether submissions are shared with any third parties (and under what conditions)

Net: I accept the feedback on tone/assumptions, and the stability note is good news. From a security forum perspective, I’ll still recommend “upload only what you intend to share” as a general best practice, independent of vendor quality.

 

[Digmor Crusher]

Very cool! Will be giving the new version a go straight away!

Me too.

Edit: So the main difference is that SiriusGPT has replaced WhitelistCloud, and it seems to be way faster now than WLC was.

 

[danb]

Me too.

Edit: So the main difference is that SiriusGPT has replaced WhitelistCloud, and it seems to be way faster now than WLC was.

Yeah, but like with CyberLock, it had a bunch of old code that I removed... I essentially cleaned the hell out of it and optimized a lot of stuff. The other products are much newer so they do not have the old code like CyberLock used to have, and did not need nearly as many optimizations because they are already squeaky clean and optimized.

 

[Digmor Crusher]

Yeah, but like with CyberLock, it had a bunch of old code that I removed... I essentially cleaned the hell out of it and optimized a lot of stuff. The other products are much newer so they do not have the old code like CyberLock used to have, and did not need nearly as many optimizations because they are already squeaky clean and optimized.

Great job Dan, its easy to see the hard work you did with the optimization.

 

[Shadowra]

I'll schedule a little test for him before my planned vacation.

 

[ErzCrz]

Great job @danb Runs well though took a chunk of tokens to learn a few usual apps but great. I would like to see the option for the created firewall rules to be automaically cleared when the file is found safe though it's easy enough to just click the Clear Firewall Rules button Anyway, it's running smoothly

 

[outlawxtorn]

Awesome work, @danb! So cool to see how far it's come over the years.

 

[simmerskool]

installed Cyberlock 9.00 beta & Defender UI 2.00 beta & SiriusLLM 1.00 beta. Followed CL suggestion to create new whitelist. Smooth sailing here. Question re Defender UI ASR rules -- I'm running Recommended Profile: 3 rules are Disabled: Block process creations originating from PSExec and WMI commands; Block credential stealing from the Windows local security authority subsystem (lsass.exe); & Block executable files from running unless they meet a prevalence, age, or trusted list criteria. Is "Disabled" the recommended setting for those 3, or is that something I did erroneously when you weren't looking. Suggestions welcome.

EDIT question or suggestion: when there is an ASR block popup does it state which rule is violated (not one open in front of me) -- & if not should it / could it so state??

 

[danb]

I'll schedule a little test for him before my planned vacation.

Very cool, thank you! Please give me 2-3 days because I am sure we will have a few small things we need to fix. For example, the one I will post about below .

 

[danb]

Before I forget, I have not reworked the CyberLock Rules feature yet so that it is fully implemented with Sirius, but I plan on doing that in the next couple of weeks. Most users do not need the Rules feature, so it was not a high priority.

 

[danb]

Great job @danb Runs well though took a chunk of tokens to learn a few usual apps but great. I would like to see the option for the created firewall rules to be automaically cleared when the file is found safe though it's easy enough to just click the Clear Firewall Rules button Anyway, it's running smoothly

Oops, great catch, thank you! I totally forgot to implement Sirius into the Create Firewall Rules for Not Safe items feature (I knew I was forgetting something ), but it should be fixed in the version below. I was going to wait until 9.01, but this was an important enough fix that I wanted to post it. I tested it pretty well, but if for some reason it is not working as expected, please let me know.

CyberLock 9.00 beta

https://www.cyberlock.global/downloads/InstallCyberLock900betaFirewallFix.exe

SHA-256: 6e8010276ad6dc269acc5708822a0fcc1562e09d5a9c207ae9f8700130292d21

Edit: Yeah, tokens might be run a little low for a couple of days because there is a brand new database table for the new Sirius results, but you should get 50,000 new tokens each day, so it should only be an issue for a day or two. I was going to import all of the old Sirius results that factored in WLC, but the new Sirius verdicts are more accurate and precise, so I figured it was worth the hassle and additional costs.

 

[danb]

Awesome work, @danb! So cool to see how far it's come over the years.

Thank you, I appreciate that! Yeah, it has been a long road... 15 years in May. But then again we now have several products and I am super happy where we ended up .

 

[danb]

installed Cyberlock 9.00 beta & Defender UI 2.00 beta & SiriusLLM 1.00 beta. Followed CL suggestion to create new whitelist. Smooth sailing here. Question re Defender UI ASR rules -- I'm running Recommended Profile: 3 rules are Disabled: Block process creations originating from PSExec and WMI commands; Block credential stealing from the Windows local security authority subsystem (lsass.exe); & Block executable files from running unless they meet a prevalence, age, or trusted list criteria. Is "Disabled" the recommended setting for those 3, or is that something I did erroneously when you weren't looking. Suggestions welcome.

EDIT question or suggestion: when there is an ASR block popup does it state which rule is violated (not one open in front of me) -- & if not should it / could it so state??

Yeah, those are the correct settings for the Recommended Profile. The Aggressive Profile has all of the ASR rules enabled.

No, the last I checked, the specific ASR rule is not part of the notification... unless Microsoft has changed this from the last time I checked.

 

[Mops21]

Hi @danb

I have some questions for you

1. On your homepage is the support page not working

2. And see the Cyberlock installer is the firewall fix for the installer

CyberLock 9.00 beta

https://www.cyberlock.global/downloads/InstallCyberLock900beta.exe
SHA-256: 2897edddba2443fa7c40285f05ce1bdb7dd09d77f23613d344ffed912118a429

CyberLock 9.00 beta
https://www.cyberlock.global/downloads/InstallCyberLock900betaFirewallFix.exe
SHA-256: 6e8010276ad6dc269acc5708822a0fcc1562e09d5a9c207ae9f8700130292d21

Mops21

 

[Victor M]

What is the difference between the 2 sirus's again ?

 

[danb]

Hi @danb

I have some questions for you

1. On your homepage is the support page not working

2. And see the Cyberlock installer is the firewall fix for the installer

CyberLock 9.00 beta

https://www.cyberlock.global/downloads/InstallCyberLock900beta.exe
SHA-256: 2897edddba2443fa7c40285f05ce1bdb7dd09d77f23613d344ffed912118a429

CyberLock 9.00 beta
https://www.cyberlock.global/downloads/InstallCyberLock900betaFirewallFix.exe
SHA-256: 6e8010276ad6dc269acc5708822a0fcc1562e09d5a9c207ae9f8700130292d21

Mops21

Thank you Mops, I fixed the post so it makes more sense. Also, the support link is working for me... all it does it show the support email address and open your default email client and add our support email to the To: field. If that is not what is happening with you, can you please let me know what browser you are using and if there are any extensions that might be blocking this.