New Update VoodooShield CyberLock 7.0

[simmerskool]

View attachment 279549

Probably FP ...?

VirusTotal

VirusTotal

www.virustotal.com

assume the above is Russian, (not fluent). sometimes a file is flagged due a missing digital signature, or not found in Whitelistcloud database. Personally, I do not consider a warning based on missing signature a true false positive, but that's me. So you have the option now of checking that file more deeply at VT and various sandboxes, so I welcome these VS alerts.

 

[ForgottenSeer 100397]

Probably FP ...?

Unlike antivirus programs, application whitelisting software doesn't produce false positives (FPs) because it doesn't rely on blacklisting. It warns about programs that are not on its safe lists or are determined unsafe by protection measures. From my experience, application whitelisting software or AI tech often alerts for cleaning, optimizing, or similar tools.

 

[Gandalf_The_Grey]

@danb I had a command line block for "c:\windows\system32\sc.exe" start inventorysvc again.
For the first time since installing 7.55 beta.

 

[danb]

I just installed it, and it still blocks the command lines.

Can you please send me the command lines that are being blocked, and the C:\ProgramData\CyberLock\DeveloperLog.log? Thank you!

 

[danb]

@danb I had a command line block for "c:\windows\system32\sc.exe" start inventorysvc again.
For the first time since installing 7.55 beta.

Yeah, that one was slightly different, so it is fixed now as well, thank you!

 

[danb]

Hey Guys,

Here is the latest beta. I still have not added any rules to the new Attack Chain feature, but the feature itself is much more refined and efficient. I also optimized the Command Lines even more.

You might want to clear your old attack chains by going to the Attack Chains tab and clicking the Clear Attack Chains button at the bottom.

CyberLock 7.56 beta

https://cyberlock.global/Download/InstallCyberLock756beta.exe

SHA-256: e3086919f60342c61688094b058d453f457494aaf46633a6c4451c323087b0bf


Have a great Sunday, thank you guys!

 

[Azazel]

Can you please send me the command lines that are being blocked, and the C:\ProgramData\CyberLock\DeveloperLog.log? Thank you!

I send them.

 

[danb]

Hey Guys,

Here is the latest CyberLock, I think it is ready for public release. We finished writing the rules for the arrow colors in the attack chain tab, so if there are any arrow colors that do not make sense, please let me know. We also adjusted the font on the Attack Chain tab, along with the other tabs in CyberLock Settings so they match.

CyberLock 7.57

https://cyberlock.global/Download/InstallCyberLock757.exe

SHA-256: 059d30dccd42af704ddc84ba56126b6c1e0cde8d9c32d322d84e2140dfe21717


Thank you guys!

 

[simmerskool]

Hey Guys,

Here is the latest CyberLock, I think it is ready for public release. We finished writing the rules for the arrow colors in the attack chain tab, so if there are any arrow colors that do not make sense, please let me know. We also adjusted the font on the Attack Chain tab, along with the other tabs in CyberLock Settings so they match.

CyberLock 7.57

https://cyberlock.global/Download/InstallCyberLock757.exe

SHA-256: 059d30dccd42af704ddc84ba56126b6c1e0cde8d9c32d322d84e2140dfe21717


Thank you guys!

Is there a way to copy the attack chain data into clipboard for review in text editor? It seems not, but wonder if there should be??

 

[danb]

Is there a way to copy the attack chain data into clipboard for review in text editor? It seems not, but wonder if there should be??

Sure, great idea, thank you, I just added it. In 7.58, just go to the Attack Chains tab and double click on the "Attack Chains: #" at the top of CyberLock settings, toward the right. This will create a text document on your desktop called " Attack Chain Events.txt". I might create a button for this if enough users like this feature.

I should be able to release 7.58 tonight or tomorrow.

 

[danb]

Hey Guys,

We are getting closer… here is a version with a few more refinements. I was going to wait a little while to integrate the command line items into the new Attack Chain feature, but I figured there is no time like the present . So now, any safe attack chain will be able to automatically allow command lines from a safe whitelisted app. This should reduce the command line blocks to almost zero.

CyberLock 7.58

https://cyberlock.global/Download/InstallCyberLock758.exe

SHA-256: 5e6dd9e5528061aa8ea8ddea59cb89591589110a5ed3c0f66e20bacabdd98642



Thank you guys!

Dan

 

[danb]

I forgot to mention, you should probably clear the Attack Chains, there were a few changes.

 

[danb]

Hey Guys,

Here is the CyberLock 7.60 public release. It will be available for download on our main download link, but we are going to wait a week or so before activating the auto update for this version.

There were some minor optimizations, and we also added a feature in the Attack Chains tab where if you left click on one of the arrows, it will display the color and action of the arrow. We are going to add more info in the future, but this will do for now. And actually, there are tons of really cool things I have in mind for the new attack chains feature that we will implement over the next few months. I have to say, I am shocked how much the attack chain feature reduced unnecessary user prompts. I thought it would reduce them quite a bit, but I had no idea that it would pretty much eliminate them. And since this is a brand new feature, it will only get better over time.

BTW, I noticed that when you first left click on one of the arrows, the balloon tip does not display. For some odd reason, you have to click the first arrow twice, then it works properly. I tried to fix this, but I think that is just the way tooltips in windows apps work. We could use a hover event instead of a click event for the tooltips, but that would drive everyone crazy, including me.

CyberLock 7.60

https://cyberlock.global/Download/InstallCyberLock760.exe

SHA-256: 21cfb79ebd35d25e014c956b7f6dd795d00dc2a2bce10688c5e8edf90a6f4e69

Have a great weekend, thank you guys!

 

[Azazel]

So far, so good.

 

[Zartarra]

No issues at the moment .

 

[simmerskool]

7.60 running aok here, but question or feature request: my systray WC icon has turned red. I think I know why without going into settings, but since WC icon is displayed in systray, shouldn't the user be able to right or left click directly on WC icon for WC to open and display the triggering event? Not a big deal, just wondering...

 

[scorpionv]

Impressed by the attack chains @danb. Purchased my second lifetime licence for my desktop PC.

Voodooshield will replace the forced folders feature from Sandboxie, which is sometimes more of a hassle than a good feature.

 

[danb]

7.60 running aok here, but question or feature request: my systray WC icon has turned red. I think I know why without going into settings, but since WC icon is displayed in systray, shouldn't the user be able to right or left click directly on WC icon for WC to open and display the triggering event? Not a big deal, just wondering...

Yeah, I see what you mean. You can double click the WLC icon and it will take you to CyberLock Settings / WhitelistCloud tab. I was going to add a right click menu, but decided against it at the time since CyberLock already has one, and I thought it would look a little funny. But if everyone thinks we should add a right click option, we certainly can, I just do not know what options would be in the menu. If you have any ideas, please let me know, thank you!

 

[danb]

Impressed by the attack chains @danb. Purchased my second lifetime licence for my desktop PC.

Voodooshield will replace the forced folders feature from Sandboxie, which is sometimes more of a hassle than a good feature.

Thank you, I certainly appreciate that!

 

[simmerskool]

Yeah, I see what you mean. You can double click the WLC icon and it will take you to CyberLock Settings / WhitelistCloud tab. I was going to add a right click menu, but decided against it

Well I had never double clicked the WLC icon! I withdraw my feature request.