- May 31, 2017
- 1,682
There is currently no way to do this within the Rules feature, you can only block the entire folder for now. We probably should add a way to block a specific path. Thank you!
VoodooShield CyberLock 7.0
- Thread starter danb
- Start date
The VS interface appears outdated and requires an update. It looks like it belongs to the XP era.
Consider adding a section that lets you allow or block a file.
Hi Dan Thanks for the reply.I was at the computer to start the windows update troubleshooter ,the troubleshooter ran and was doind its scanning and that is when I seen CL popup with the auto BITS registry allow or deny ,so i allowed it but what would Cl do in this case when it is obvious that the popup was unneeded.
- May 31, 2017
- 1,682
Yeah, I am not quite sure what to do about that yet. I tried removing the line, but it looked funny, and we do not want it to be a prominent as the Block and Quarantine buttons for Suspicious and Unsafe prompts. We will figure something out, thank you!
- May 31, 2017
- 1,682
Hey Guys!
CyberLock 7.50 has been released to the public, thank you for your help! It is pretty much the same as 7.49.
CyberLock 7.50
SHA-256: e3ada4fc8fc6cffcf9dc302eef03db06249ac22495e8c474d328ae25e5cdeb90
Thank you guys!
CyberLock 7.50 has been released to the public, thank you for your help! It is pretty much the same as 7.49.
CyberLock 7.50
SHA-256: e3ada4fc8fc6cffcf9dc302eef03db06249ac22495e8c474d328ae25e5cdeb90
Thank you guys!
You can label Allow False Positive as "Caution" or something similar, just like how you label Block as "Recommended".
Azazel
Level 5
- Jun 15, 2023
- 249
How does Cyberlock block non-PE Files (Scripts).
Through Whitelist or Heuristic/Machine learning scanning.
Through Whitelist or Heuristic/Machine learning scanning.
- May 31, 2017
- 1,682
Interesting idea... thank you for the suggestion!
- May 31, 2017
- 1,682
They are currently whitelist only, we do not have enough samples to build a ML model for scripts yet, but hope to at some point. Thank you!
- May 31, 2017
- 1,682
Hey Guys!
Here is the latest version of CyberLock! There were some pretty serious changes under the hood, but it should be perfectly stable.
CyberLock has always been focused on preventing malware in the context of Web Apps (since that is where most malware originates), and keeping the user safe while engaging in risky activities. We are adding new security mechaanisms to further strengthen CyberLock’s efficacy, especially as it relates to attacks not associated with Web Apps (e.g. LOLBins, vulnerable processes, etc.). This will increase our efficacy, but should not produce too many unwanted blocks, simply because these types of attacks are not common. But if you experience any unwanted blocks, please let me know!
CyberLock 7.51
SHA-256: 1eb9ad548633bcfeb7e55d4e14c77cf6ce31e6a40b60900828376f59517fcffe
Have a great weekend, thank you guys!
Here is the latest version of CyberLock! There were some pretty serious changes under the hood, but it should be perfectly stable.
CyberLock has always been focused on preventing malware in the context of Web Apps (since that is where most malware originates), and keeping the user safe while engaging in risky activities. We are adding new security mechaanisms to further strengthen CyberLock’s efficacy, especially as it relates to attacks not associated with Web Apps (e.g. LOLBins, vulnerable processes, etc.). This will increase our efficacy, but should not produce too many unwanted blocks, simply because these types of attacks are not common. But if you experience any unwanted blocks, please let me know!
CyberLock 7.51
SHA-256: 1eb9ad548633bcfeb7e55d4e14c77cf6ce31e6a40b60900828376f59517fcffe
Have a great weekend, thank you guys!
- May 31, 2017
- 1,682
Hey Guys!
Here is CyberLock 7.52. There were a couple of minor bug fixes from the changes, and we also tweaked the way CyberLock starts up and shuts down. So if it starts up or shuts down funny, please let me know!
CyberLock 7.52
SHA-256: 1a206a565c2c4f75e26670ffcd7f68decd289fa85accce0d39575b1ee95e2029
Thank you guys!
Here is CyberLock 7.52. There were a couple of minor bug fixes from the changes, and we also tweaked the way CyberLock starts up and shuts down. So if it starts up or shuts down funny, please let me know!
CyberLock 7.52
SHA-256: 1a206a565c2c4f75e26670ffcd7f68decd289fa85accce0d39575b1ee95e2029
Thank you guys!
- Apr 24, 2016
- 6,635
Hi @danb With this new version I had 2 command line blocks that I did not have before:
No issues with the way CyberLock starts up and shuts down.
- May 31, 2017
- 1,682
Very cool, thank you for letting me know! Yeah, the only block that I have had was from sc.exe as well. We might end up excluding sc.exe from this new protection because it is protected in other ways.
I am also working on a mechanism that will detect great grandparents, and great, great grandparents, all the way to 7 or so levels. This might fix the issue with sc.exe as well because it might be a block that is a .bat script in the appdata folder, but CyberLock does not know that your legit app was the one that actually spawned it. Anyway, this should also make software installs even smoother. This feature should be ready in a few days. Thank you!
Azazel
Level 5
- Jun 15, 2023
- 249
Cyberlock blocks repeatedly Lenovo Vantage processes, commands and scripts.
- Aug 19, 2017
- 85
I am not having any issues with Lenovo Vantage. It loads and runs with no issues with Cyberlock.
- May 31, 2017
- 1,682
If you have been using CyberLock for a long time, it might help to reset your whitelist, especially if you have been through a lot of upgrades. You might see a few block the first day or two, but after that, CyberLock will run a lot better. Better yet, you can perform a clean install...
1) Exit out of CyberLock
2) Uninstall CyberLock and click Yes when asked if you want to delete the settings and logs
3) Restart the computer
4) Install the latest version of CyberLock and register the software
Moving forward this will not be that much of an issue because there are mainly small changes with each release. But long time CyberLock users who have been through tons of upgrades should perform a clean install.
Having said that, I am wrapping up a new feature called "Attack Chains" that will probably help with these blocks. I have believed for a very long time that one of the most important concepts in cybersecurity is the attack chain and parent processes, because this is what provides context to help determine if the process execution flow is malicious or not. For example, powershell can be used for good or bad, and it all depends on the attack chain. The hardwired rules in CyberLock have always done a pretty good job of tracking the attack chain and providing context, but the new Attack Chain feature tracks the entire attack chain, from the initial origin process, all the way to the final process, and there is no limit to the number of items in the attack chain.
As an example, one of the issues this new feature solves is when a script or binary is dropped into AppData from a legit whitelisted app, and the attack chain was lost, so CyberLock was not aware that it was the legit whitelisted app that actually spawned this new script or binary a couple of chains back. But with this new feature, CyberLock will know the entire attack chain from start to finish, and will be able to properly auto allow or block an item because it has the full context.
Here is an example of what one of the attack chains look like...
c:\windows\system32\svchost.exe >> c:\program files (x86)\microsoft visual studio\installer\resources\app\servicehub\services\microsoft.visualstudio.setup.service\vsixconfigurationupdater.exe >> c:\windows\system32\lsass.exe >> c:\windows\system32\efsui.exe >> 1632 >> 12780 >> 12876 >> 12876 >>
Another example of an issue that will be solved is when randomly named folders or files are used, CyberLock can still track the attack chain and auto allow the file because it is aware that the parent process id is a legit whitelisted app, in this case "c:\users\username\desktop\configuredefender.exe".
c:\windows\explorer.exe >> c:\users\username\desktop\configuredefender.exe >> c:\windows\temp\052009150559020213\2\configuredefender_x64.exe >> 9544 >> 2800 >> 6388 >>
Of course we have to be super careful to not let web or vulnerable apps auto allow something they shouldn't, but that is actually pretty simiple with the way CyberLock is coded.
This new feature is also pretty cool because it logs and describes in detail everything that is executing on your system, and I am sure there are tons of other things we can do with this new feature.
This new feature should be ready in a couple of days. Thank you guys!
Obsidian Ant
New Member
- Oct 22, 2023
- 5
Hey Dan
Keeping Cyberlock in "Auto Pilot" be just as affective as "Smart/Always on" mode?
Keeping Cyberlock in "Auto Pilot" be just as affective as "Smart/Always on" mode?
- Oct 3, 2022
- 402
Eagerly awaiting for that version.
- Mar 29, 2018
- 7,142
Almost as effective but still substantial protection with less alerts. Autopilot is what Dan recommends for tests because it is most like an AV (for testing purposes).
Similar threads
