- Jun 15, 2023
- 226
Against long infection chains, payloads, malicious pdfs, scripts and LOLBins?
Is Cyberlock (Always ON) considered bullet-proof against sophisticated malware?
- Thread starter Azazel
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Jan 8, 2011
- 22,361
I would say no.
Cybercriminals are always evolving sophisticated malware to evade detection.
- Mar 29, 2018
- 7,117
I would add "Not against targeted attacks".
But for users with good internet hygiene VS is certainly excellent protection combined with a good AV. Highly recommended.
- Jan 27, 2018
- 1,265
I would say Yes in practice when Cyberlock is combined with two freebies (Simple Windows Hardening and Configure Defender on MAX)
Last edited:
- Apr 24, 2016
- 6,603
Is CyberLock still needed with that config...
- Mar 29, 2018
- 7,117
Overkill!Is CyberLock still needed with that config...
I dare to disagree with above eminences 
SRP is a build-in mechanism which hardly cost processing power. Windows does not need scripts to run for updates in user folders. I can;t see why average users need scripts to run in user folders. Most of CruelSister's made malware is started through risky file extensions. Plenty of reasons to use Andy's SWH as companion to block risky file extensions in user folders. The weak point of SRP is that this security mechanism itself also lives in userland.
Windows Defender on MAX has excellent embedded code protection for mail and office documents. Windows Defender on Max uses less CPU than WD on High or High+ and acts as a cloud whitelist for executable's. The weak point of (the very strong cloud whitelist) is that it is a huge and massive whitelist (a smaller whitelist is a more secure whitelist) and it has a very limited (only the ASR part) parent-child process monitor to deal with staged attacks.
Microsoft offers WDAC and Smart Application Control on top of these Windows mechanism to overcome the weaknesses mentioned. I look at CyberLock as a more granular and flexible WDAC or SAC and it remembers your decisions (in contrast to UAC). So why would SWH and WD-max be an overkill with CL, when CyberLock functions an improved (AI based) UAC/SAC?
The best reason to choose CL over SAC is that CL is backed by a developer who reacts rapidly on user issues (try that with M$ when SAC blocks your el cheapo unsigned restaurant menu designer).
SRP is a build-in mechanism which hardly cost processing power. Windows does not need scripts to run for updates in user folders. I can;t see why average users need scripts to run in user folders. Most of CruelSister's made malware is started through risky file extensions. Plenty of reasons to use Andy's SWH as companion to block risky file extensions in user folders. The weak point of SRP is that this security mechanism itself also lives in userland.
Windows Defender on MAX has excellent embedded code protection for mail and office documents. Windows Defender on Max uses less CPU than WD on High or High+ and acts as a cloud whitelist for executable's. The weak point of (the very strong cloud whitelist) is that it is a huge and massive whitelist (a smaller whitelist is a more secure whitelist) and it has a very limited (only the ASR part) parent-child process monitor to deal with staged attacks.
Microsoft offers WDAC and Smart Application Control on top of these Windows mechanism to overcome the weaknesses mentioned. I look at CyberLock as a more granular and flexible WDAC or SAC and it remembers your decisions (in contrast to UAC). So why would SWH and WD-max be an overkill with CL, when CyberLock functions an improved (AI based) UAC/SAC?
The best reason to choose CL over SAC is that CL is backed by a developer who reacts rapidly on user issues (try that with M$ when SAC blocks your el cheapo unsigned restaurant menu designer).
Last edited:
- Mar 29, 2018
- 7,117
Completely agree on this. SAC is mostly for the very rare breed of Windows user, like myself, who has very few apps installed on my surfing laptop. Although @SpyNetGirl is an opposite case. She probably has all kinds of legit apps since she's a coder and an MS geek. @oldschool: I think SAC is a great extra-security tool. It works great on more or less 'common' installs. In real life SAC works fine for most home users also, but MT is populated with people playing with (security) software. People like you using a simple but very secure and effective security setup are rare here
I rather would have had SAC to be the auto-elevation decision mechanism of UAC. My unsigned application to make menu's for the restaurant I am working as a cook, does not need elevation, it installs in userland. When SAC automatically decides to allow UAC elevation, people using portable applications also would not be harassed by SAC blocks.
I rather would have had SAC to be the auto-elevation decision mechanism of UAC. My unsigned application to make menu's for the restaurant I am working as a cook, does not need elevation, it installs in userland. When SAC automatically decides to allow UAC elevation, people using portable applications also would not be harassed by SAC blocks.
Similar threads
