New Update VoodooShield CyberLock 7.0

F

ForgottenSeer 100397

Can CL block something without giving an alert?
CL seems to block things without warning. I noticed two blocked entries (startupscan.dll and staterepositoryclient.dll) in the Command Line section, but there were no alerts. Although I initially liked CL, I uninstalled it. I don't like it when security software blocks things without asking, especially if it affects system functions.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
CL seems to block things without warning. I noticed two blocked entries (startupscan.dll and staterepositoryclient.dll) in the Command Line section, but there were no alerts. Although I initially liked CL, I uninstalled it. I don't like it when security software blocks things without asking, especially if it affects system functions.
If you did not see an alert, they were probably blocked when you stepped away from the computer, so you did not see the alerts. You can always right click on a blocked item in the Command Lines tab and click Allow.
 
F

ForgottenSeer 100397

@rhythm . CyberLock sometimes 'silently block' items. You can go into the menu and go to User Log to see those items in red.
Thanks for confirming that CL blocks items silently. I also came across @danb's post, where he mentioned that CL intelligently blocks vulnerable items.
If you did not see an alert, they were probably blocked when you stepped away from the computer, so you did not see the alerts. You can always right click on a blocked item in the Command Lines tab and click Allow.
CL didn't issue any alerts, and I still have it installed. Is it possible to check if CL alerted for those items?

I like CL. The concept is innovative, and everything about it is great. CL blocks vulnerable items intelligently, right? I understand the intelligent blocking in AutoPilot mode, but it’s better to avoid silently blocking items in advanced modes, Smart or ON.
 
A

Azazel

Is it possible to disable Action: Auto Allowed and have only Action: Rule Allowed from Autopilot.
For example, Auto allow only binaries of Windows System (C;//Windows) signed by Microsoft,
But everything else be subject of Autopilot checks?
Is it possible to do something like this? also block exes from program files.
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 100397

@danb, I noticed that disabling the Rules section removes the Rules option from CL alerts. Can we also have a setting to remove the Sandbox option from CL alerts?
 
  • Like
Reactions: vtqhtr413

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Thanks for confirming that CL blocks items silently. I also came across @danb's post, where he mentioned that CL intelligently blocks vulnerable items.

CL didn't issue any alerts, and I still have it installed. Is it possible to check if CL alerted for those items?

I like CL. The concept is innovative, and everything about it is great. CL blocks vulnerable items intelligently, right? I understand the intelligent blocking in AutoPilot mode, but it’s better to avoid silently blocking items in advanced modes, Smart or ON.
Yes, CL blocks vulnerable items intelligently, but you should see an alert.

All events, including blocks are logged in the DeveloperLog.log, located here: C:\ProgramData\CyberLock\DeveloperLog.log
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Is it possible to do something like this? also block exes from program files.
Yes, that is pretty much how CL works, but there is a lot more to it than that. For example, only a handful of Windows directories are auto allowed, and they are still analyzed to see if a vulnerable process is being exploited.

Are you asking if it is possible for the user to adjust which directories are auto allowed? There is no way to adjust this, but you can always create a rule that should fit your needs. If the rule feature does not fit your needs, then let me know and I will see what we can do to change that.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb, I noticed that disabling the Rules section removes the Rules option from CL alerts. Can we also have a setting to remove the Sandbox option from CL alerts?
That's a good idea... we should probably hide the Sandbox options unless the user activates them. No one uses CL's sandboxes, so we should probably just remove them completely. Although ever once in a great while, I like to run a file in Cuckoo and watch it via RDP.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
That's a good idea... we should probably hide the Sandbox options unless the user activates them. No one uses CL's sandboxes, so we should probably just remove them completely. Although ever once in a great while, I like to run a file in Cuckoo and watch it via RDP.
hmmm, I use or have used VS's cuckoo sandbox, although admittedly not in a few months, occasionally finding it offline. fwiw imo I see no reason to hide Sandbox...
 
  • Hundred Points
Reactions: vtqhtr413

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
536
@danb I require some adult supervision. I have attempted to whitelist the cmd line event of Checkpoint Horemoney; But the cmd line event keeps popping up regardless of what rules I set.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
@rhythm . CyberLock sometimes 'silently block' items. You can go into the menu and go to User Log to see those items in red.
I was curious so installed VS set at Autopilot Agressive and then MS Defender updates were silently blocked. This is not my first experience like this with VS and Defender updates. Unfortunately I had reset the whitelist and deleted the logs so I can't back up this claim. Uninstalled since I don't need it anyway.
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
I was curious so installed VS set at Autopilot Agressive and then MS Defender updates were silently blocked. This is not my first experience like this with VS and Defender updates. Unfortunately I had reset the whitelist and deleted the logs so I can't back up this claim. Uninstalled since I don't need it anyway.
Strange. Its been a couple years since I used VS and Defender but I never had any updates blocked that I can remember.
Have you done any tweaks to your OS?
 

Oldie1950

Level 7
Verified
Well-known
Mar 30, 2022
306
I was curious so installed VS set at Autopilot Agressive and then MS Defender updates were silently blocked. This is not my first experience like this with VS and Defender updates. Unfortunately I had reset the whitelist and deleted the logs so I can't back up this claim. Uninstalled since I don't need it anyway.
Could it possibly have been third-party software or drivers that are offered with Windows updates? I seem to remember that the installation of CL was then stopped with a notification.
 
  • Like
Reactions: vtqhtr413

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Strange. Its been a couple years since I used VS and Defender but I never had any updates blocked that I can remember.
Have you done any tweaks to your OS?
@oldschool, agree with @Digmor Crusher on this one. I would think that @danb would have a big interest in reviewing your VS logs to see what is happening and fix if VS issue.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top