New Update VoodooShield CyberLock 7.0

[danb]

@simmerskool The nice thing about Dan is that he is more a techie than a marketeer, "the new and improved cyber lock, now without unnecessary blocks"

Yeah, marketing is not my greatest strength . I try to be brutally honest and just explain VS and how it is different from the other products. If anyone ever has any suggestions on the marketing, please let me know, thank you!

 

[danb]

The "Watchdog Violation" BSOD occurred when I attempted to use CyberLock on Windows 11. I booted into Windows after a couple of tries. The solution to the BSOD problem was to uninstall CyberLock.

Hmmm, this is very, very odd. I am not seeing ANY exceptions / errors for any CyberLock version in our logs. The only errors I see are from a few users still running VS 7.36, for errors that have already been fixed.

If you could provide more info, I would certainly appreciate it. Either a screenshot or a C:\ProgramData\CyberLock\DeveloperLog.log file.

No other user has reported this error. What other security software are you running? Thank you!

 

[ForgottenSeer 100397]

Hmmm, this is very, very odd. I am not seeing ANY exceptions / errors for any CyberLock version in our logs. The only errors I see are from a few users still running VS 7.36, for errors that have already been fixed.

If you could provide more info, I would certainly appreciate it. Either a screenshot or a C:\ProgramData\CyberLock\DeveloperLog.log file.

No other user has reported this error. What other security software are you running? Thank you!

I'm testing security software with no other installations. The next time I attempt to use CyberLock, I'll report any error information.

 

[danb]

Sounds great, thank you! If there is an error, maybe there is an entry in the Windows Event Viewer, or maybe a bug check / dump.

 

[n8chavez]

Here's something interesting, Cyberlock allows apps to run knowing they are not safe. As you can see from the screenshot below, Cyberlock's whitecloud does not see Handbrake as safe. Yet Handbrake is able to run just fine. Now, and I know I must be missing something, but isn't the entire point of Cyberlock to prevent things from running that are not deemed safe. Again, I assume this is user error and that my settings are wrong. How can I prevent this?




Also, as always, cute doggo @danb.

 

[danb]

Here's something interesting, Cyberlock allows apps to run knowing they are not safe. As you can see from the screenshot below, Cyberlock's whitecloud does not see Handbrake as safe. Yet Handbrake is able to run just fine. Now, and I know I must be missing something, but isn't the entire point of Cyberlock to prevent things from running that are not deemed safe. Again, I assume this is user error and that my settings are wrong. How can I prevent this?

View attachment 276292


Also, as always, cute doggo @danb.

Thank you, I just tested Handbrake. FYI, the installable version of Handbrake is considered safe, but the portable version is not.

If Handbrake is not on the whitelist and VS is ON, VS will block it, whether it is the Safe installable or Not Safe portable version of Handbrake.

After the user allows the file, WLC will give you a Not Safe Items Detected warning for the portable version of Handbrake, so that you can manually verify to VS that the file is safe. It is just an extra security precaution. Also, VS's Web Management Console has a new feature / tab called Unknowns. It is working, but there are a few things we need to refine. It essentially does the same thing as above, but the Unknown feature allows admins to quickly and easily evaluate any questionable items the user allowed, for example, if there is an Unsafe verdict in VoodooAi, or Not Safe verdict in WLC.

I hope this makes sense, if not, please let me know! Oh, and thank you, yeah, dogs are the best, huh?

 

[n8chavez]

Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."

 

[Gandalf_The_Grey]

Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."

Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.

 

[n8chavez]

Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.

Right. But that's my point. If something is not signed, if it's seen as "not safe" shouldn't it be blocked by default? Or, are you saying that the WC designation is not correct, according to Cyberlock's AI used by the rules wizard? If that's the case, I should be able to override the AI via rule and have things deemed "not safe" blocked. Right? But that doesn't happen. Even if I create a rule to block everything unsafe or unknown, bypassing signatures or AI, the file can still execute.

 

[Gandalf_The_Grey]

I'm not sure how it all works together, hopefully @danb can comment on that.
The only blocks I have seen in my personal system are from WC indicating that a file is not signed.
Blocks is not the right word, because the file can still execute because it is safe according to rest of CyberLock.

 

[simmerskool]

I am not so sure WLC blocks exe, but it does provide notice of running apps that might not be safe. then up to user to dig deeper to figure out if the maybe "not safe" is really not safe. One example that comes to mind, mullvad vpn installer is signed and safe, but when you install it, and then run the vpn exe which is not signed WLC turns red and gives "not safe" warning. Then you have the option of closing that app, or researching it & adding it to your whitelist (and to the cloud database gets updated too I think), but yes Dan can explain better.

 

[danb]

Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."

Sorry, I was talking about the Handbrake installer... it is considered Safe by WLC and VoodooAi. After reading this post I was thinking, hmmmm, maybe the Handbrake executable that is installed is what WLC is flagging as Not Safe. And sure enough, that is the case. There are tons of different scenarios that could have happened in your case, but my best guess is that Handbrake was already installed, so VS auto allowed it because it matched a digital signature that was already on your whitelist, but then out of an abundance of caution, WLC is telling you that it is not safe. There could have been other things at play, but this is my best guess. You can always look in the C:\ProgramData\CyberLock\DeveloperLog.log, and it will tell you why a certain item was allowed. Thank you!

 

[danb]

Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.

Yes, both VoodooAi and WLC are influenced by Digital Signatures. Sometimes the signature affects the verdict a lot and sometimes it does not, it all depends on the file and 400 or so other features in the machine learning model .

Either way, I hope everyone understands that VS does not auto allow by Digital Signature alone, unless there is a match in your tiny, customized whitelist.

Speaking of Ai... some people of suggested that Ai is is misnomer because machines are not intelligent. I was thinking the other day... VoodooAi's training set contains a million or so files with 400 or so features / parameters, which the machines hold simultaneously in memory. If you ask me, that is pretty intelligent... it is just a different kind of intelligence. But I am quite sure even Rain Man could not perform the same task.

 

[danb]

Right. But that's my point. If something is not signed, if it's seen as "not safe" shouldn't it be blocked by default? Or, are you saying that the WC designation is not correct, according to Cyberlock's AI used by the rules wizard? If that's the case, I should be able to override the AI via rule and have things deemed "not safe" blocked. Right? But that doesn't happen. Even if I create a rule to block everything unsafe or unknown, bypassing signatures or AI, the file can still execute.

View attachment 276331

If you send me the exact steps to reproduce, I can take a look at this. Please keep in mind that the Rules feature will never be able to behave exactly the way every single person expects them to behave, although I try to structure them so they make the most sense to the most amount of people. Either way, I would be happy to look into this if you send me the steps to reproduce.

 

[danb]

I am not so sure WLC blocks exe, but it does provide notice of running apps that might not be safe. then up to user to dig deeper to figure out if the maybe "not safe" is really not safe. One example that comes to mind, mullvad vpn installer is signed and safe, but when you install it, and then run the vpn exe which is not signed WLC turns red and gives "not safe" warning. Then you have the option of closing that app, or researching it & adding it to your whitelist (and to the cloud database gets updated too I think), but yes Dan can explain better.

Yeah, this is what I think is happening to @n8chavez, but it is hard to say for sure without knowing every single detail, thank you!

 

[ForgottenSeer 100397]

Sounds great, thank you! If there is an error, maybe there is an entry in the Windows Event Viewer, or maybe a bug check / dump.

There were no CL errors in Event Viewer upon my inspection. I had a smooth reinstall of CL this time with no problems. I'm enjoying CL. Should I combine it with a firewall, or is the Windows Firewall enough?

 

[danb]

There were no CL errors in Event Viewer upon my inspection. I had a smooth reinstall of CL this time with no problems. I'm enjoying CL. Should I combine it with a firewall, or is the Windows Firewall enough?

Sounds great, thank you for letting me know! If there are ever any issues, please let me know.

VS/CL lets you create inbound and outbound rules in Windows Defender Firewall, but if you are needing more functionality, you can always use another firewall. And actually, if you find some firewall features / functionality you think should be added to VS/CL, please let me know and we might add them.

 

[Azazel]

Hello,
Will Cyberlock support in the latest version modern exploit mitigation like CFG, CET, ACG and run in appcontainer when ready?

@danb

 

[WhiteMouse]

It's security software, I don't think it even works properly when running in Appcontainer. However it's possible to have other security feature like you mentioned above.

 

[Azazel]

windows defender develop a sandbox around it so it could not be exploited. It is possible.