Battle Cyberlock vs WDAC-ISG

Compare list
Cyberlock
WDAC-ISG
Platform(s)
  1. Microsoft Windows
  2. Windows on Arm (Qualcomm)
Victor M

Victor M

Level 8
Verified
Well-known
Oct 3, 2022
390
I meticulously create hash rules for the applications I use. I believe a whitelist is better than a generic allow everything installed rule. An intruder-app maybe installed without your knowledge if it bypasses your detection mechs. You can't trust your automated detection mechs, they are just for good measure.
 
  • Like
Reactions: ng4ever, Jack, Dave Russo and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,158
Azazel said:
WDAC-ISG similar to whhlight in super safe (No Whitelist)
Click to expand...

WDAC-ISG is similar to one-third of WHHLight (when one skips SWH settings and WHHLight tools).
WDAC-ISG cannot be managed on Windows Home (if one does not use WHHLight).
For EXE files, WDAC-ISG can be probably compared to the Cyberlock file lookup in VirusTotal + WhitelistCloud.
WDAC-ISG can detect/block loading DLLs but CyberLock can apply more comprehensive anti-script + LOLBin protection.

I do not think that anyone could reliably settle which one is better and more robust.
See also:
malwaretips.com

Serious Discussion - Is AppGuard better than WDAC and CyberLock ?

Looking at the AppGuard web site, it seems to do default deny with allowed applications thru behavior? Is this better than WDAC and CyberLock ?
malwaretips.com malwaretips.com
 
  • +Reputation
  • Like
Reactions: Jack and Azazel
danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,670
We could always add a WDAC mode to CyberLock. I have been toying with doing this for years, but never really found a great reason to do so. There are a lot of cons for WDAC, like 1) not being able to whitelist items on the fly, 2) total lack of context (which is absolutely vital to properly securing a system), 3) being forced to globally block LOLBins to be able to protect against them. That, and the fact that 4) WDAC is completely unusable without ISG, and easily bypassable with ISG. And 5) the basline WDAC policies are an absolute mess, and only block based on a single criteria, not multiple like CyberLock.

I am guessing that if CyberLock offered a WDAC mode, most users would not use it. Maybe it would be good for SMB / Enterprise, especially as a method to quickly build and manage policies. But it might be pretty cool to have WDAC block most of the executable file types, then have CyberLock's kernel mode driver block the other 100 or so file types, LOLBins, fileless malware, etc.

If someone can provide one massive advantage for adding a WDAC mode to CyberLock, I would be happy to do so.
 
  • +Reputation
  • Like
Reactions: j9ksf, Azazel, ng4ever and 1 other person

Similar threads

danb
    • Like
    • +Reputation
Serious Discussion Smarter App Control?
Replies
10
Views
323
General Security Discussions
pxxb1
P
Victor M
    • Like
Serious Discussion Is AppGuard better than WDAC and CyberLock ?
Replies
7
Views
1,191
Other security for Windows, Mac, Linux
ForgottenSeer 97327
F
F
    • Like
    • Applause
Advice Request Differences Hard_Configurator vs WHHLight
Replies
6
Views
847
Hard_Configurator Tools
Tiamati
Tiamati

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top