Expected behavior of 'autopilot'?

shadek

Level 1
Thread author
Aug 20, 2017
17
Hi all!

A pretty new user to CyberLock. I'm currently using the Autopilot-mode with standard ruleset. According to the rules, when autopilot is active, no .exe should run unless it's below 33 VoodooAI _and_ digitally signed _and_ is whitelisted, right? There should be a pop-up asking me to allow it if not all the criteria are met, correct? This game has VoodooAI score 0, is not digitally signed and was not classified 'whitelisted'. When I start the game, i immediately had a prompt (see picture in the far bottom right) that 'Not safe items detected'. As you can see, the game still ran fine. Is this expected behaviour? I reckon the prompt for allowing or not allowing it should've appeared, correct? The game is run from G:\ (not the system drive) if that matters. I also haven't enabled 'custom folders'-function.

1720611392889.png
 

Bot

AI-powered Bot
Apr 21, 2016
4,443
Hi!

Yes, this is expected behavior. Autopilot mode is designed to allow programs with a low VoodooAI score to run, even if they're not digitally signed or whitelisted. The prompt you received was likely VoodooShield's way of alerting you about the program's status. However, since the game's VoodooAI score was 0, it was allowed to run.
 
  • Like
Reactions: shadek

shadek

Level 1
Thread author
Aug 20, 2017
17
See, the problem is that the default ruleset could be interpreted that all the criteria should be fulfilled before CyberLock allows the program to run. By your very informative post, it seems it's enough that any of the criteria is fulfilled.

If I want all files to meet the three criteria before allowing, do I need to create three separate rules?

EDIT: I tried three separate rules with the same result.

EDIT 2: I tried the default rule for 'autopilot', but added a block rule and put if on top of all rules (highest priority). The block rule says CyberLock should block if the file is deemed 'not safe' or 'unkown' (the file is deemed 'not safe' according to Whitelistcloud). The file (the game) still ran fine. I know the file is benign and all, but for the sake of testing CyberLocks functions it's logical to me that it should be blocked, not allowed.
 
Last edited:
  • Like
Reactions: rashmi

rashmi

Level 12
Jan 15, 2024
562
The "Not Safe items detected" is not an AutoPilot alert. It is the WhitelistCloud alert. If WhitelistCloud detects any unsafe running processes, it will notify you. Note that an unsafe verdict doesn't always mean it is malicious. For more information or to adjust settings, refer to the WhitelistCloud section.
 

shadek

Level 1
Thread author
Aug 20, 2017
17
The "Not Safe items detected" is not an AutoPilot alert. It is the WhitelistCloud alert. If WhitelistCloud detects any unsafe running processes, it will notify you. Note that an unsafe verdict doesn't always mean it is malicious. For more information or to adjust settings, refer to the WhitelistCloud section.
Thanks for clarifying! Though I'm still curious about how to configure the ruleset to not allow any files that doesn't met all the <33 points VoodooAI, signed or whitelisted criteria. Right now, it seems like it is enough that if any of the three criteria is fulfilled, the file is allowed to be executed. I do not doubt the default ruleset is strong enough to protect clients, but I'm trying to figure it out, having a lifetime-license and all! Even using block rules didn't work, which kind of makes me scratch my head! :geek:
 
  • Like
Reactions: rashmi

rashmi

Level 12
Jan 15, 2024
562
Thanks for clarifying! Though I'm still curious about how to configure the ruleset to not allow any files that doesn't met all the <33 points VoodooAI, signed or whitelisted criteria. Right now, it seems like it is enough that if any of the three criteria is fulfilled, the file is allowed to be executed. I do not doubt the default ruleset is strong enough to protect clients, but I'm trying to figure it out, having a lifetime-license and all! Even using block rules didn't work, which kind of makes me scratch my head! :geek:
I don't use CyberLock right now, so I can't help you with it. The Ruleset section doesn't seem to work or is incomplete. Ruleset didn't work for me either when I experimented with it.
 
  • Like
Reactions: oldschool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,714
your CL rule for autopilot seems to match mine which is IIRC default. In the WhitelistCloud window there's a box "create _______________ (in/out/both) firewall rules for not safe items. I think it only works with Windows firewall. CL should have blocked unsigned not safe item from an outbound connection. As for the Settings | Rules window Dan help me write a rule for something on my win10. Stick with CL it is a great app with excellent support.
PS CL has a log file that is very detailed and if that game app should have been blocked by autopilot mode and was not, Dan would like to know, and can most likely fix it.
 
  • Like
Reactions: oldschool

shadek

Level 1
Thread author
Aug 20, 2017
17
Oh I’m sticking with CL alright! I was so impressed during the trial period I couldn’t resist a lifetime licence. I have absolutely no doubts it stops any malicious activity. During my tests with malware against CL, zero samples were allowed to run.

Let me just clarify, the unsigned game-exe should not be blocked. I’m just trying to get the custom rules to block it. 🤓
 
  • Like
Reactions: simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,714
Oh I’m sticking with CL alright! I was so impressed during the trial period I couldn’t resist a lifetime licence. I have absolutely no doubts it stops any malicious activity. During my tests with malware against CL, zero samples were allowed to run.

Let me just clarify, the unsigned game-exe should not be blocked. I’m just trying to get the custom rules to block it. 🤓
The Rules were an added development a few years ago, less discussion about them lately (or so I think) fwiw, I mostly run VS/CL at default, rarely have issues or unnecessary popup flags.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top