New Update VoodooShield CyberLock 7.0

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
536
Thank you for reporting this. This is super uncommon... VS / CL has reduced unwanted command line blocks to a minimum.

I am guessing that most of the command lines that are being blocked are extremely similar to each other, but maybe only vary by a few characters. If so, you can create a wildcard in the Command Lines tab of VoodooShield Settings.

If this is not the case, can you please email me a list of the command lines that are being blocked? Please send it to support at voodooshield.com, thank you!
How do I add rules to the command lines tab? I don't see an option to add (see picture)

I also created rules to whitelist the folder but it's not working.
 

Attachments

  • snip3.png
    snip3.png
    55.3 KB · Views: 123
  • snip 3.png
    snip 3.png
    21 KB · Views: 117
  • snip 2.png
    snip 2.png
    24 KB · Views: 120
  • sniup1.png
    sniup1.png
    18.4 KB · Views: 119

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
How do I add rules to the command lines tab? I don't see an option to add (see picture)

I also created rules to whitelist the folder but it's not working.
If you right click on the Command Line tab grid, there will be a menu with an option to Add a command line. I just test this feature and it does not seem to be working... I think we added the feature then never finished the code behind it, simply because almost no one would ever use this feature. The other right click options should be working though.

The Rules feature is not able to add or edit command lines because this is all performed on the Command Lines tab. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb I can't remember I ever had a prompt (with block/allow) for ejecting a bitlocker protected usbdrive.
I clicked "block" and report false positive for giggles but wanted to let you know.
View attachment 277631

View attachment 277630
Interesting, thank you for letting me know! It must be different from the standard one. If you get a chance, can you please send me the entry in the DeveloperLog.log for this block? Especially the command line? Or just send me your DeveloperLog.log? Thank you!
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
536
@danb I added the rules to cmd tab for Harmony AV but it's not showing up in the list of rules. When I attempt to add again it states that the rule exists. However the cmd line alert still pops up each time Harmony phones home so the rules don't work.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Does Turning OFF these settings provide stronger security?
View attachment 277655
View attachment 277656
@oldschool is correct, it would be annoying. And it really is not going to make the system much more secure at all, simply because of the way the anti-exploit, vulnerable process and anti-malware contextual engine features work. You can disable the auto deactivation if you want, especially after VS has been running on the system for a week or so, this might make the system slightly more secure. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
[Feature Request] Add an option to remove missing or deleted fiiles from the Whitelist Snapshot.
This is already part of the snapshot scan ;). The first thing the snapshot scan does is cleanup the whitelist, which includes removing any entry where the file no longer exists. But great suggestion though, thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb I added the rules to cmd tab for Harmony AV but it's not showing up in the list of rules. When I attempt to add again it states that the rule exists. However the cmd line alert still pops up each time Harmony phones home so the rules don't work.
Yeah, I was having the same issue when trying to add a command line from scratch. I will take a look at this the next day or so and hopefully have a fix soon, thank you!
 
A

Azazel

How "Automatically allow items that match a digital signature in the whitelist snapshot" works?
Isn't better to check each file when in Autopilot?
 
  • Like
Reactions: danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
How "Automatically allow items that match a digital signature in the whitelist snapshot" works?
Isn't better to check each file when in Autopilot?
Here is an example. Say you have two different softwares from the same vendor, both signed with the same signature. One software you had installed a week earlier, and now you want to install a different software from that vendor as well, because you like their software. Well, VS will auto allow the file because there already exists an item in the whitelist that matches that vendor. There are other checks in place, and it is a little more complicated than that, but that is the general idea.

AutoPilot kinda does some similar stuff as well, obviously with checks in place. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb I added the rules to cmd tab for Harmony AV but it's not showing up in the list of rules. When I attempt to add again it states that the rule exists. However the cmd line alert still pops up each time Harmony phones home so the rules don't work.
I isolated the issue and it was an easy fix. Hopefully we are both on the same page and talking about the Command Lines tab in VoodooShield / CyberLock Settings... if not please let me know.

Either way, the Right Click - Add Command Line feature should now be working, please let me know if there are any other issues you encounter.

CyberLock 7.45
SHA-256: 8b782f63d5a74a7c6dced9884e0a8681c1cff3c55f77815141c1d44d22e6d78d

There were only a couple of other slight changes, so most users do not need to upgrade to 7.45 yet, but when you do, you can just install over the top. Thank you!
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Yeah, I was having the same issue when trying to add a command line from scratch. I will take a look at this the next day or so and hopefully have a fix soon, thank you!
...& if the issue is some interaction with enterprise Harmony endpoint, to the extent that DeepInstinct works like Harmony (endpoint to cloud management), the suspicion was VS was blocking communication between Di endpoint and cloud but we could not find it in either app logs, and both had mutual exclusions for each other. I ended up disabling VS on win10 with Di.
 
  • Thanks
Reactions: cartaphilus

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
...& if the issue is some interaction with enterprise Harmony endpoint, to the extent that DeepInstinct works like Harmony (endpoint to cloud management), the suspicion was VS was blocking communication between Di endpoint and cloud but we could not find it in either app logs, and both had mutual exclusions for each other. I ended up disabling VS on win10 with Di.
Maybe you could run VS in Training mode for a little while... it will whitelist anything that would normally be blocked.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
536
I isolated the issue and it was an easy fix. Hopefully we are both on the same page and talking about the Command Lines tab in VoodooShield / CyberLock Settings... if not please let me know.

Either way, the Right Click - Add Command Line feature should now be working, please let me know if there are any other issues you encounter.

CyberLock 7.45
SHA-256: 8b782f63d5a74a7c6dced9884e0a8681c1cff3c55f77815141c1d44d22e6d78d

There were only a couple of other slight changes, so most users do not need to upgrade to 7.45 yet, but when you do, you can just install over the top. Thank you!
We are. Ok I will test it out once I knock my toddler out... Errr I mean put him to bed.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
536
...& if the issue is some interaction with enterprise Harmony endpoint, to the extent that DeepInstinct works like Harmony (endpoint to cloud management), the suspicion was VS was blocking communication between Di endpoint and cloud but we could not find it in either app logs, and both had mutual exclusions for each other. I ended up disabling VS on win10 with Di.
I also have deep instinct but the PC I have it on doesn't have VS since I don't have a 4th lic.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top