New Update VoodooShield CyberLock 7.0

danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,678
Azazel said:
windows defender develop a sandbox around it so it could not be exploited. It is possible.
Click to expand...
It might be possible, but that would be a massive undertaking. I can see where an allow-by-default product would benefit from this, but there would not be as much of a benefit for a deny-by-default product, simply because the malicious code should never even run.

Out of curiosity, what other security software runs in a sandbox?
 
  • Like
Reactions: Dave Russo, simmerskool and Oldie1950
Victor M

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
401
Hey Danb,

Does CyberLock check the validity of an exe's signature, just like going to a file's properties > signature to see if the it gives the OK? The reason I ask is because I am using WDAC at the moment, and my hacker has crafted a malware that has an MS Signature inserted, but of course it is not valid. But WDAC did not detect it. So I need something that actually verifies that the signature is valid.
 
  • Like
Reactions: simmerskool, [correlate] and danb
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,678
Victor M said:
Hey Danb,

Does CyberLock check the validity of an exe's signature, just like going to a file's properties > signature to see if the it gives the OK? The reason I ask is because I am using WDAC at the moment, and my hacker has crafted a malware that has an MS Signature inserted, but of course it is not valid. But WDAC did not detect it. So I need something that actually verifies that the signature is valid.
Click to expand...
Yes, VoodooShield / CyberLock includes comprehensive and robust handling of digital signatures, and it will let you know if there is an issue with the signature. And if there is an issue with the signature, the user recommendation will be to block the file (please see the Block and Allow buttons).

It is actually quite a complex feature of VS/CL now. Here are a couple of examples, thank you!
 

Attachments

  • Bad.PNG
    Bad.PNG
    23.9 KB · Views: 76
  • Good.PNG
    Good.PNG
    22.7 KB · Views: 73
  • Like
  • Applause
Reactions: B-boy/StyLe/, Zartarra, simmerskool and 3 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,678
Victor M said:
Hi Danb,

Does it perform the signature check even with WIndows Update downloaded files? The hacker was able to insert his malware into Windows Update. Protocol mis-use I think.
Click to expand...
I am not familiar with this, do you have a link that I can check out? It is hard to say for sure, but my best guess is that VS/CL would block the malware before it could be inserted into the Windows Updates.
 
  • Like
Reactions: simmerskool and [correlate]
Victor M

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
401
The malware is not detected by Kaspersky. Could be modified malware/custom made. I was only able to detect this because of it's RAT like capabilities of interfering with what I do, like editing of WDAC rules.
What is VS/CL ?
 
  • Like
Reactions: danb and [correlate]
Victor M

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
401
I did a test with the hacker. I installed a fresh Windows 11, installed VoodooShield and while I was registering Voodoo , and Windows Update does it's preliminary update downloading some drivers as it always does for a new Windows install upon going online. Voodoo poped up a diaglog about a Realtek thing signed and verified. And so I OK'd that dialog. Imeadiately the malware RAT interfered with my keyboard, and I wasn't able to use some keys.

So, I had no choice but to reinstall Windows 11. Installed Voodoo and OSArmor. Went online to register Voodoo. And Windows Update was at it again as usual. Then the Realtek thing dialog by Voodoo poped up again. This time I Blocked it, even though Voodoo said it was Safe. Then I encountered no more trouble.

2 things I gathered out of this episode. Hackers have access to a Realtek cert and can sign apps using it.
The Windows Update protocol is broken. The attacker was inserting his ware into the downloads and making it run.
 
  • Like
  • Wow
Reactions: simmerskool, danb and [correlate]
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,678
Victor M said:
I did a test with the hacker. I installed a fresh Windows 11, installed VoodooShield and while I was registering Voodoo , and Windows Update does it's preliminary update downloading some drivers as it always does for a new Windows install upon going online. Voodoo poped up a diaglog about a Realtek thing signed and verified. And so I OK'd that dialog. Imeadiately the malware RAT interfered with my keyboard, and I wasn't able to use some keys.

So, I had no choice but to reinstall Windows 11. Installed Voodoo and OSArmor. Went online to register Voodoo. And Windows Update was at it again as usual. Then the Realtek thing dialog by Voodoo poped up again. This time I Blocked it, even though Voodoo said it was Safe. Then I encountered no more trouble.

2 things I gathered out of this episode. Hackers have access to a Realtek cert and can sign apps using it.
The Windows Update protocol is broken. The attacker was inserting his ware into the downloads and making it run.
Click to expand...
Hmmm, it is impossible to say what is happening here. Are you saying that after you reinstall Windows, the malware keeps coming back? If I can think of anything you can try I will let you know.
 
  • Like
Reactions: [correlate] and simmerskool
Victor M

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
401
danb said:
Hmmm, it is impossible to say what is happening here. Are you saying that after you reinstall Windows, the malware keeps coming back? If I can think of anything you can try I will let you know.
Click to expand...
That hacker is my 'friend'. We've been adversaries for a while. It's a long story.
 
  • Like
Reactions: [correlate] and danb
Victor M

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
401
@danb . I can't find the user block in CL's logs. So I re-installed Windows and CL and OSArmor again, hoping that I would get the same thing as before. But the Realtek prompt didn't reappear this time.

Question: In what circumstance would CL prompt me about a Signed and Verified file ?
 
  • Like
Reactions: [correlate], danb and simmerskool
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,678
Victor M said:
@danb . I can't find the user block in CL's logs. So I re-installed Windows and CL and OSArmor again, hoping that I would get the same thing as before. But the Realtek prompt didn't reappear this time.

Question: In what circumstance would CL prompt me about a Signed and Verified file ?
Click to expand...
The short answer is... When it is ON and the file is not on VS's tiny, customized whitelist. Although there are a few small caveats. For example, VS might be OFF, and the file might be signed and verified, but VS will still block it if there is an unsafe VoodooAi or WhitelistCloud verdict.
 
  • Like
  • Applause
Reactions: [correlate] and simmerskool
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,095
Rainwalker said:
Maybe I should not be changing the subject, but when I use LibreWolf CL does seem to be aware of it as it stays in the OFF position. Why?
Click to expand...
Could be LibreWolf is not seen as a default web app by CL. Try going to CL settings Web app, have LW online and hit the button about show web connected apps, and it should / may add it.
 
  • Like
Reactions: [correlate] and danb

Similar threads

oldschool
    • Like
    • +Reputation
New Update Brave Unveils New Privacy-Focused AI Answer Engine, Set to Handle Nearly 10 Billion Annual Queries
Replies
1
Views
212
Brave
oldschool
oldschool
enaph
    • Like
    • Thanks
    • Applause
Privacy News Tuta Mail adds new quantum-resistant encryption to protect email
Replies
0
Views
817
Security News
enaph
enaph
Shadowra
    • Like
    • +Reputation
    • Hundred Points
App Review CheckPoint Harmony vs DeepInstinct Endpoint
Replies
68
Views
6,957
Video Reviews - Security and Privacy
likeastar20
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top