New Update VoodooShield CyberLock 7.0

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@simmerskool The nice thing about Dan is that he is more a techie than a marketeer, "the new and improved cyber lock, now without unnecessary blocks" :)
Yeah, marketing is not my greatest strength ;). I try to be brutally honest and just explain VS and how it is different from the other products. If anyone ever has any suggestions on the marketing, please let me know, thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
The "Watchdog Violation" BSOD occurred when I attempted to use CyberLock on Windows 11. I booted into Windows after a couple of tries. The solution to the BSOD problem was to uninstall CyberLock.
Hmmm, this is very, very odd. I am not seeing ANY exceptions / errors for any CyberLock version in our logs. The only errors I see are from a few users still running VS 7.36, for errors that have already been fixed.

If you could provide more info, I would certainly appreciate it. Either a screenshot or a C:\ProgramData\CyberLock\DeveloperLog.log file.

No other user has reported this error. What other security software are you running? Thank you!
 
  • Like
Reactions: [correlate]
F

ForgottenSeer 100397

Hmmm, this is very, very odd. I am not seeing ANY exceptions / errors for any CyberLock version in our logs. The only errors I see are from a few users still running VS 7.36, for errors that have already been fixed.

If you could provide more info, I would certainly appreciate it. Either a screenshot or a C:\ProgramData\CyberLock\DeveloperLog.log file.

No other user has reported this error. What other security software are you running? Thank you!
I'm testing security software with no other installations. The next time I attempt to use CyberLock, I'll report any error information.
 

n8chavez

Level 20
Well-known
Feb 26, 2021
972
Here's something interesting, Cyberlock allows apps to run knowing they are not safe. As you can see from the screenshot below, Cyberlock's whitecloud does not see Handbrake as safe. Yet Handbrake is able to run just fine. Now, and I know I must be missing something, but isn't the entire point of Cyberlock to prevent things from running that are not deemed safe. Again, I assume this is user error and that my settings are wrong. How can I prevent this?

2023-06-18_22h46_41.png


Also, as always, cute doggo @danb.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Here's something interesting, Cyberlock allows apps to run knowing they are not safe. As you can see from the screenshot below, Cyberlock's whitecloud does not see Handbrake as safe. Yet Handbrake is able to run just fine. Now, and I know I must be missing something, but isn't the entire point of Cyberlock to prevent things from running that are not deemed safe. Again, I assume this is user error and that my settings are wrong. How can I prevent this?

View attachment 276292


Also, as always, cute doggo @danb.
Thank you, I just tested Handbrake. FYI, the installable version of Handbrake is considered safe, but the portable version is not.

If Handbrake is not on the whitelist and VS is ON, VS will block it, whether it is the Safe installable or Not Safe portable version of Handbrake.

After the user allows the file, WLC will give you a Not Safe Items Detected warning for the portable version of Handbrake, so that you can manually verify to VS that the file is safe. It is just an extra security precaution. Also, VS's Web Management Console has a new feature / tab called Unknowns. It is working, but there are a few things we need to refine. It essentially does the same thing as above, but the Unknown feature allows admins to quickly and easily evaluate any questionable items the user allowed, for example, if there is an Unsafe verdict in VoodooAi, or Not Safe verdict in WLC.

I hope this makes sense, if not, please let me know! Oh, and thank you, yeah, dogs are the best, huh? ;)
 
Last edited:

n8chavez

Level 20
Well-known
Feb 26, 2021
972
Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."
Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.
 

n8chavez

Level 20
Well-known
Feb 26, 2021
972
Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.

Right. But that's my point. If something is not signed, if it's seen as "not safe" shouldn't it be blocked by default? Or, are you saying that the WC designation is not correct, according to Cyberlock's AI used by the rules wizard? If that's the case, I should be able to override the AI via rule and have things deemed "not safe" blocked. Right? But that doesn't happen. Even if I create a rule to block everything unsafe or unknown, bypassing signatures or AI, the file can still execute.

2023-06-19_11h18_02.png
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
I'm not sure how it all works together, hopefully @danb can comment on that.
The only blocks I have seen in my personal system are from WC indicating that a file is not signed.
Blocks is not the right word, because the file can still execute because it is safe according to rest of CyberLock.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
I am not so sure WLC blocks exe, but it does provide notice of running apps that might not be safe. then up to user to dig deeper to figure out if the maybe "not safe" is really not safe. One example that comes to mind, mullvad vpn installer is signed and safe, but when you install it, and then run the vpn exe which is not signed WLC turns red and gives "not safe" warning. Then you have the option of closing that app, or researching it & adding it to your whitelist (and to the cloud database gets updated too I think), but yes Dan can explain better.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Well then I'm confused. The version of handbrake I'm using, 1.61. is not portable. So you're saying it should be seen as safe, but WC doesn't? Also, this happens with a lot of applications after I update them, like Librewolf, Poppeeper, Sabnzbd, etc. All of those are not listed as "safe", and yet are able to execute just fine. I always keep Cyberlock set to "Always On."
Sorry, I was talking about the Handbrake installer... it is considered Safe by WLC and VoodooAi. After reading this post I was thinking, hmmmm, maybe the Handbrake executable that is installed is what WLC is flagging as Not Safe. And sure enough, that is the case. There are tons of different scenarios that could have happened in your case, but my best guess is that Handbrake was already installed, so VS auto allowed it because it matched a digital signature that was already on your whitelist, but then out of an abundance of caution, WLC is telling you that it is not safe. There could have been other things at play, but this is my best guess. You can always look in the C:\ProgramData\CyberLock\DeveloperLog.log, and it will tell you why a certain item was allowed. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Are those applications not signed?
With most of those, CyberLock / VoodooShield considers them safe (correct), but WhitelistCloud complains of the missing signature.
Yes, both VoodooAi and WLC are influenced by Digital Signatures. Sometimes the signature affects the verdict a lot and sometimes it does not, it all depends on the file and 400 or so other features in the machine learning model ;).

Either way, I hope everyone understands that VS does not auto allow by Digital Signature alone, unless there is a match in your tiny, customized whitelist.

Speaking of Ai... some people of suggested that Ai is is misnomer because machines are not intelligent. I was thinking the other day... VoodooAi's training set contains a million or so files with 400 or so features / parameters, which the machines hold simultaneously in memory. If you ask me, that is pretty intelligent... it is just a different kind of intelligence. But I am quite sure even Rain Man could not perform the same task.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Right. But that's my point. If something is not signed, if it's seen as "not safe" shouldn't it be blocked by default? Or, are you saying that the WC designation is not correct, according to Cyberlock's AI used by the rules wizard? If that's the case, I should be able to override the AI via rule and have things deemed "not safe" blocked. Right? But that doesn't happen. Even if I create a rule to block everything unsafe or unknown, bypassing signatures or AI, the file can still execute.

View attachment 276331
If you send me the exact steps to reproduce, I can take a look at this. Please keep in mind that the Rules feature will never be able to behave exactly the way every single person expects them to behave, although I try to structure them so they make the most sense to the most amount of people. Either way, I would be happy to look into this if you send me the steps to reproduce.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I am not so sure WLC blocks exe, but it does provide notice of running apps that might not be safe. then up to user to dig deeper to figure out if the maybe "not safe" is really not safe. One example that comes to mind, mullvad vpn installer is signed and safe, but when you install it, and then run the vpn exe which is not signed WLC turns red and gives "not safe" warning. Then you have the option of closing that app, or researching it & adding it to your whitelist (and to the cloud database gets updated too I think), but yes Dan can explain better.
Yeah, this is what I think is happening to @n8chavez, but it is hard to say for sure without knowing every single detail, thank you!
 
F

ForgottenSeer 100397

Sounds great, thank you! If there is an error, maybe there is an entry in the Windows Event Viewer, or maybe a bug check / dump.
There were no CL errors in Event Viewer upon my inspection. I had a smooth reinstall of CL this time with no problems. I'm enjoying CL. Should I combine it with a firewall, or is the Windows Firewall enough?
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
There were no CL errors in Event Viewer upon my inspection. I had a smooth reinstall of CL this time with no problems. I'm enjoying CL. Should I combine it with a firewall, or is the Windows Firewall enough?
Sounds great, thank you for letting me know! If there are ever any issues, please let me know.

VS/CL lets you create inbound and outbound rules in Windows Defender Firewall, but if you are needing more functionality, you can always use another firewall. And actually, if you find some firewall features / functionality you think should be added to VS/CL, please let me know and we might add them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top