VoodooShield CyberLock 7.0
- Thread starter danb
- Start date
CL seems to block things without warning. I noticed two blocked entries (startupscan.dll and staterepositoryclient.dll) in the Command Line section, but there were no alerts. Although I initially liked CL, I uninstalled it. I don't like it when security software blocks things without asking, especially if it affects system functions.
- Oct 3, 2022
- 402
@rhythm . CyberLock sometimes 'silently block' items. You can go into the menu and go to User Log to see those items in red.
- May 31, 2017
- 1,682
If you did not see an alert, they were probably blocked when you stepped away from the computer, so you did not see the alerts. You can always right click on a blocked item in the Command Lines tab and click Allow.
Thanks for confirming that CL blocks items silently. I also came across @danb's post, where he mentioned that CL intelligently blocks vulnerable items.
CL didn't issue any alerts, and I still have it installed. Is it possible to check if CL alerted for those items?
I like CL. The concept is innovative, and everything about it is great. CL blocks vulnerable items intelligently, right? I understand the intelligent blocking in AutoPilot mode, but it’s better to avoid silently blocking items in advanced modes, Smart or ON.
Did you run CL as SUA (Standard User Account) by chance? I also had these silent blocks when I looked at my "Command lines".
I am using an Admin account.
Azazel
Level 5
- Jun 15, 2023
- 249
Is it possible to do something like this? also block exes from program files.
- May 31, 2017
- 1,682
Yes, CL blocks vulnerable items intelligently, but you should see an alert.
All events, including blocks are logged in the DeveloperLog.log, located here: C:\ProgramData\CyberLock\DeveloperLog.log
- May 31, 2017
- 1,682
Yes, that is pretty much how CL works, but there is a lot more to it than that. For example, only a handful of Windows directories are auto allowed, and they are still analyzed to see if a vulnerable process is being exploited.
Are you asking if it is possible for the user to adjust which directories are auto allowed? There is no way to adjust this, but you can always create a rule that should fit your needs. If the rule feature does not fit your needs, then let me know and I will see what we can do to change that.
- May 31, 2017
- 1,682
That's a good idea... we should probably hide the Sandbox options unless the user activates them. No one uses CL's sandboxes, so we should probably just remove them completely. Although ever once in a great while, I like to run a file in Cuckoo and watch it via RDP.
- Apr 16, 2017
- 2,095
hmmm, I use or have used VS's cuckoo sandbox, although admittedly not in a few months, occasionally finding it offline. fwiw imo I see no reason to hide Sandbox...
cartaphilus
Level 5
- Mar 17, 2023
- 202
@danb I require some adult supervision. I have attempted to whitelist the cmd line event of Checkpoint Horemoney; But the cmd line event keeps popping up regardless of what rules I set.
- Mar 29, 2018
- 7,142
I was curious so installed VS set at Autopilot Agressive and then MS Defender updates were silently blocked. This is not my first experience like this with VS and Defender updates. Unfortunately I had reset the whitelist and deleted the logs so I can't back up this claim. Uninstalled since I don't need it anyway.
- Jan 27, 2018
- 1,270
Strange. Its been a couple years since I used VS and Defender but I never had any updates blocked that I can remember.
Have you done any tweaks to your OS?
- Mar 30, 2022
- 235
Could it possibly have been third-party software or drivers that are offered with Windows updates? I seem to remember that the installation of CL was then stopped with a notification.
- Apr 16, 2017
- 2,095
@oldschool, agree with @Digmor Crusher on this one. I would think that @danb would have a big interest in reviewing your VS logs to see what is happening and fix if VS issue.
- Mar 29, 2018
- 7,142
I re-installed simply to test it for this again. I'll give it a couple of days.
Similar threads
