Make your video test requests!

[Parkinsond]

incorporating an AI analysis into its scanning

MD utilizes AI analysis also, but it has a wider user-base with more robust telemetry.

 

[rashmi]

... or just leave Cyberlock default settings, it works. I probably have a CL saved settings profile... (& yes, I like AndyFuls apps too).

It's the same with Hard_Configurator; during installation, you choose AutoPilot or SmartMode for CyberLock, and you choose to hide or show the "Run As Admin" feature for Hard_Configurator. In simpler terms, you get default settings with CyberLock and Hard_Configurator after installation.

that's why @AndyFul created WHHL (more or less no difference??)

WHHLight is a simplified interface with some changes, but you won't experience much difference using/installing programs or overall. The most visible difference is when you run executables from downloads or desktop folders; WHHLight allows them if WDAC approves, but Hard_Configurator blocks the run; you need to use the "Install By SmartScreen" context-menu feature.

 

[Andy Ful]

that's why @AndyFul created WHHL (more or less no difference??)

In H_C, the EXE/MSI application installers are initially blocked (even if they can be later accepted by SmartScreen). Users may apply several setting profiles that can highly restrict file execution/opening. However, this requires a more complex GUI. In the most restrictive settings on SUA, the user cannot run/install anything new except Windows Updates or Microsoft Store apps. Also, many LOLBins can be blocked. The H_C is the most preventive approach to security.

In WHHLight, the EXE/MSI files are initially not blocked. The protection comes from Windows SmartScreen or from WDAC ISG (WDAC enabled).
Users can tweak settings to highly restrict file execution/opening, but highly reputable EXE/MSI files are never blocked.
WHHLight approach is less preventive than H_C, but more robust (due to WDAC) on the post-infection stage. The malware can sometimes be blocked at a later infection stage, compared to H_C.

WHHLight with enabled WDAC is more like CyberLock, but with automatic Allow/Block decisions based on file reputation.
H_C is rather a smart version of SRP (first block). It is also lighter on the system than WHHLight with WDAC enabled.

 

[rashmi]

Suppose an average user has downloaded a mod which contains malware. With Comodo, the file will be run virtualised at first and the user will be notified. Now inside the sandbox the malware does not work. So the user thinks that Comodo is the culprit and excludes the file from virtualisation the next time since Comodo does not provide any analysis result. Ultimately the PC becomes infected.

Now suppose an average user with H_C tries to run another mod file packed with malware & the file is blocked. So the user disables H_C and tries to install it, thereby infecting the system. Hence , H_C is perfect as a companion to an AV blocking the most widely used vectors of infection (scripts, powershell & lolbins).

With CyberLock, as soon as the user tries to run the file, it will perform an analysis and give a verdict score. An average user will then see the message and depending on the verdict will decide the next course of action. So from a layman perspective, I think that CL is the most user friendly while advanced users will be pretty happy with H_C and CF.

From my perspective, this comparison is not fair. You assume the user would view Comodo and Hard_Configurator as culprits and allow the file. In contrast, with CyberLock, you assume the user would strictly follow the program's verdict. Okay, CyberLock clearly shows a file is safe or unsafe, but if a user strictly follows this verdict, he/she will certainly block their programs, updates, or installations, negatively affecting usability. For instance, during my testing of CyberLock (SiriusGPT), I would not have used Ant Download Manager and Defender Control if I had followed CyberLock's verdict.

 

[simmerskool]

MD utilizes AI analysis also, but it has a wider user-base with more robust telemetry.

yes probably. I run MS Defender with Cyberlock. a good combo imo.

 

[simmerskool]

WHHLight is a simplified interface with some changes, but you won't experience much difference using/installing programs or overall. The most visible difference is when you run executables from downloads or desktop folders; WHHLight allows them if WDAC approves, but Hard_Configurator blocks the run; you need to use the "Install By SmartScreen" context-menu feature.

I found WHHL somewhat easier to setup than H_C, and I have Run_by_SmartScreen standalone on all my windows computers / VMs.

 

[Zero Knowledge]

I found WHHL somewhat easier to setup than H_C, and I have Run_by_SmartScreen standalone on all my windows computers / VMs.

I find H_C easy to set up, recommended settings with run by smart screen with block all extensions with paranoid extensions with block all sponsors/LOLbins then whitelist programs and set Defender protection to HIGH with Firewall recommended block list. Easy for me and anything I need to troubleshoot I just deactivate SRP or add files to whitelist.

 

[rashmi]

Using right-click RunBySmartScreen does not require a power user. It requires only an instruction and a little training on how to install applications. Users who have problems with RunBySmartScreen are exactly those who shouldnot be allowed to install applications.
You do not need to test it. @rashmi uses both Comodo and H_C, so he can share his experience (however, maybe in another thread).

I'll keep it short.

I currently have Hard_Configurator Tools (H_C, CD, and FH) with recommended settings on 13 Windows 11 Pro systems: my family members' systems, including mine (4), and my extended family members' systems (9)—all 12 users are average, clueless, and careless. It has been nearly a year since I started using H_C Tools on 3 of our systems, 7 months on 1 system, and 5 months on my extended family members' systems. I simply showed them to use the "Install By SmartScreen" context menu feature: if the program runs, that's fine; if they see the block screen (which I showed them), they cannot install the program; and if they need the program, they can call me. On all systems except mine, I block the "Run anyway" option of SmartScreen, delete the H_C shortcut folder from the desktop, enable the Hide "Run As Admin" option, and remove H_C entries from the start menu. I manage these systems through visits to my extended family or via remote connection. There have been no complaints or issues whatsoever, including on my family members' systems, except for H_C blocking .csv/Excel files on our kids' systems; whitelisting them worked.

 

[rashmi]

I find H_C easy to set up, recommended settings with run by smart screen with block all extensions with paranoid extensions with block all sponsors/LOLbins then whitelist programs and set Defender protection to HIGH with Firewall recommended block list. Easy for me and anything I need to troubleshoot I just deactivate SRP or add files to whitelist.

Users gave a "like" to your post, but I'm not seeing the "like" options!!!

 

[Jonny Quest]

Users gave a "like" to your post, but I'm not seeing the "like" options!!!

LOL, welcome to my world, sometimes all to often it happens Give it a couple more hours, and it should display, eventually.

edit: @rashmi while viewing this thread, I cannot Like @TairikuOkami post, it has no Like option as well.

 

[Zero Knowledge]

Users gave a "like" to your post, but I'm not seeing the "like" options!!!

Bugs in The Matrix rashmi, code needs updating. Mystery disappearances for like button happen to me too..

 

[rashmi]

I found WHHL somewhat easier to setup than H_C, and I have Run_by_SmartScreen standalone on all my windows computers / VMs.

I'm unsure what you or @Parkinsond mean when you say "easier to set up" or "easy"; I mean, all I would check was Events and Whitelist when I was using WHHLight, and it's the same with H_C; you would rarely need to fiddle with configurations.

 

[Victor M]

User psychology aside. I like H_C's more comprehensive protection covering what to do with scripts and LoLBins and various file extensions. Maybe the sirus part can do these but I haven't tested. Has anybody tried different scripts with CyberLock sirus?

ChatGPT says it can do evaluation of scripts to see if it is malicious, particularly regarding:

• Identify download/execute behavior (curl/wget/Invoke-WebRequest + execution)
• Look for obfuscation (Base64, gzip, XOR, eval, Invoke-Expression, weird string building)
• Check for persistence (cron, registry run keys, systemd services, scheduled tasks, startup folders)
• Check for credential/data theft (browser/SSH key paths, cookies, token files, keychains)
• Check for lateral movement / remote control (reverse shells, C2 URLs, unusual ports)
• Flag privilege escalation attempts (sudo tricks, UAC bypass patterns, service installs)
• Extract IOCs (domains/IPs, file paths, mutex names, registry keys) so you can block/monitor

Dont know which engine Sirus is using. And I don't know if it knows about anything happening inside a powershell / cmd session.

 

[Kongo]

yes probably. I run MS Defender with Cyberlock. a good combo imo.

So I'm the only one running Deep Instinct now?

 

[rashmi]

yes probably. I run MS Defender with Cyberlock. a good combo imo.

I also like CyberLock. If you see the opening post of my security configuration thread, I was planning to use either my preferred Comodo or CyberLock, but eventually H_C won me over. Initially, I was uncertain about using hardening tools, thinking silent protection would be too much hassle. I also tried SpyNetGirl's tool (if I remember the name correctly) and one Easy Application Control (I don't remember the exact name). SpyNetGirl's tool is impressive and features an option to browse and upload a file to SmartScreen for a verdict within the interface, if I recall correctly. However, it requires some effort or proper configuration to use effectively. I liked the simplicity and presets of H_C Tools and how @Andy Ful has implemented SmartScreen, which helps enhance usability and security. And yes, Microsoft Defender is the perfect wife for CyberLock! I'm satisfied with Hard_Configurator and Microsoft Defender's sizzling affair!

 

[rashmi]

So I'm the only one running Deep Instinct now?

That's a profound question that demands a thoughtful response... YES!!!

 

[devjitdutta2025]

From my perspective, this comparison is not fair. You assume the user would view Comodo and Hard_Configurator as culprits and allow the file. In contrast, with CyberLock, you assume the user would strictly follow the program's verdict. Okay, CyberLock clearly shows a file is safe or unsafe, but if a user strictly follows this verdict, he/she will certainly block their programs, updates, or installations, negatively affecting usability. For instance, during my testing of CyberLock (SiriusGPT), I would not have used Ant Download Manager and Defender Control if I had followed CyberLock's verdict.

The user is the only culprit here. I was pointing out that out of these 3, CL will assist the user in taking a proper decision by showing a verdict. The other two will simply block the file (H_C will show SS verdict). I myself use SWH and @Andy Ful makes some of the best free tools for Windows home users. There’s not a single PC that I’ll use without SWH.

 

[ForgottenSeer 123960]

It's easy for these discussions to turn into subjective debates based on personal preferences rather than hard data. Instead of arguing over unsubstantiated claims, why don't we rely on some objective testing? Shadowra could set up a fair comparison for all these products using a standardized 'average user' scenario. Since we generally know the habits of everyday users, applying the exact same conditions to each product would give us some solid, unbiased results to discuss.

 

[simmerskool]

So I'm the only one running Deep Instinct now?

I have more than 1 computer and several VMs (not all running at the same time). Actually DeepInstinct runs 24/7_365 on my Host. For the past couple of months I did decide to make DeepInstinct secondary to MS Defender as primary AND with Cyberlock as sidekick (two VM run AppGuard instead of Cyberlock). Defender solo runs on a VM with Cyberlock, another with MD and AndyFul's apps, and a few VM run win10 with other AV: Eset, or McAfee, or CheckPoint Harmony, or TrendMicro. But lately mostly fedora 43. I also replaced an older Apple Mini with a newer Mini. VMware is mostly rock solid. Currently trying to get FTTH unsuccessfully so far... despite misleading marketing ads.

 

[Digmor Crusher]

I have more than 1 computer and several VMs (not all running at the same time). Actually DeepInstinct runs 24/7_365 on my Host. For the past couple of months I did decide to make DeepInstinct secondary to MS Defender as primary AND with Cyberlock as sidekick (two VM run AppGuard instead of Cyberlock). Defender solo runs on a VM with Cyberlock, another with MD and AndyFul's apps, and a few VM run win10 with other AV: Eset, or McAfee, or CheckPoint Harmony, or TrendMicro. But lately mostly fedora 43. I also replaced an older Apple Mini with a newer Mini. VMware is mostly rock solid. Currently trying to get FTTH unsuccessfully so far... despite misleading marketing ads.

Wow, you pretty much use everything.