New Update VoodooShield CyberLock 7.0

lyldz

Level 2
Verified
Jun 4, 2016
92
I joined you today by buying a subscription.I know about the application but I think I am very weak in using it.I don't know what I changed in the application but at the first startup the mouse and keyboard never started.the power comes on and then turns off.I somehow saved the system with a restore.I don't know what is the reason for this mouse and keyboard failure.what do you think I should turn off.

when i plug it into different usb ports the result is the same.power comes on and starts and then the power is cut off from the usb.
 
F

ForgottenSeer 103564

I joined you today by buying a subscription.I know about the application but I think I am very weak in using it.I don't know what I changed in the application but at the first startup the mouse and keyboard never started.the power comes on and then turns off.I somehow saved the system with a restore.I don't know what is the reason for this mouse and keyboard failure.what do you think I should turn off.

when i plug it into different usb ports the result is the same.power comes on and starts and then the power is cut off from the usb.
It would help to know your system and other security products and settings to determine. I would start by making a post in the thread below.

 
F

ForgottenSeer 103564

my bad.i got this error after i installed cyberlock.i installed a few more apps.when i rebooted the mouse and keyboard were not working.i question what to do about it
Posting your configuration as I mentioned would help, either way the developer will need more information to help.

-what all apps did you download during that time before reboot.

-what version of OS are you on.

-what changes did you make in the app?
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
I joined you today by buying a subscription.I know about the application but I think I am very weak in using it.I don't know what I changed in the application but at the first startup the mouse and keyboard never started.the power comes on and then turns off.I somehow saved the system with a restore.I don't know what is the reason for this mouse and keyboard failure.what do you think I should turn off.

when i plug it into different usb ports the result is the same.power comes on and starts and then the power is cut off from the usb.
Hmmm, something seems odd. Can you please send me your C:\ProgramData\CyberLock\DeveloperLog.log to support at cyberlock.global? Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
Hey Guys,

Here is the latest 7.61. I added the countdown timer for mini prompts like rhythm suggested, (thank you rhythm!). There were several prompts where it did not make sense to include the countdown timer, but I included it wherever it made sense, I think you guys will understand what I mean once you see.

There were several other small changes and tweaks, so if you find anything that does not seem quite right, please let me know.

We still have not released 7.60 to the public, but assuming everything goes well with this version, we will be releasing it soon.

CyberLock 7.61
SHA-256: ac8f7acf1246a350b3dd5f3ccbe95f411b308a06ce7a886b0d01e5923f0aa234

Have a great weekend!

Thank you guys!
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
now installed 7.61 thanks.
@danb I had an odd block yesterday with 7.60
IIRC I opened Edge (win10_vm) and I got a CL block popup that it blocked "something" I was trying to run, block or allow... (paraphrase) I tracked it down to
mpcmdrun.exe and it looked like parent was svchost, and looks like this exe is part of windows defender, although AV on this VM is Norton, but know Defender does some things in background.
It might be helpful if these block popups listed the app or exe that it was blocking, because eg at the time, I was not aware that I was running anything other than edge. Sure, I dug into CL and found it, but only by looking for something that was blocked, rather than the specific exe. (just feature thinking out loud :whistle:). I don't get many blocks that's why I never considered this before.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
now installed 7.61 thanks.
@danb I had an odd block yesterday with 7.60
IIRC I opened Edge (win10_vm) and I got a CL block popup that it blocked "something" I was trying to run, block or allow... (paraphrase) I tracked it down to
mpcmdrun.exe and it looked like parent was svchost, and looks like this exe is part of windows defender, although AV on this VM is Norton, but know Defender does some things in background.
It might be helpful if these block popups listed the app or exe that it was blocking, because eg at the time, I was not aware that I was running anything other than edge. Sure, I dug into CL and found it, but only by looking for something that was blocked, rather than the specific exe. (just feature thinking out loud :whistle:). I don't get many blocks that's why I never considered this before.
Sure, can you please provide the details of the block? Was it a standard block or a command line block? You probably do not want to spend too much time on it though because this is something that is going to be covered in the next phase of the attack chains feature, which we are starting on soon.

Essentially, every attack chain will be assigned a primary parent, and whenever a child of the primary parent is blocked, it will be part of the user prompt as well. Ultimately, we are moving away from a decouple whitelist of various items, to an app based product. If things go right, we will not even have a whitelist tab anymore, it will just be called Apps (or something). it will be similar to the way the current Advanced and Web Apps tab list apps. So any app listed under this new tab will auto allow any child item or command line. So we will basically have Whitelist Apps, Web Apps, Vulnerable Apps, and possibly System Apps. And for example, Web or Vulnerable Apps will not be able to auto allow child items. I am not sure if these will be 3-4 different tabs, or if we will have one tab where you can filter them by type. So this is what I mean by CyberLock is soon going to be app based, It is difficult to explain, but I think it is going to be pretty cool.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Sure, can you please provide the details of the block? Was it a standard block or a command line block? You probably do not want to spend too much time on it though because this is something that is going to be covered in the next phase of the attack chains feature, which we are starting on soon.

Essentially, every attack chain will be assigned a primary parent...but I think it is going to be pretty cool.
@danb I think it was standard... :unsure: I found it yesterday & today in settings | user log | (copy / paste follows)

2023-11-16 15:36 Auto Blocked mpcmdrun.exe c:\programdata\microsoft\windows defender\platform\4.18.2303.8-0\mpcmdrun.exe 226FACBDC52C7A6F7E4E140CBA0E2EF4AC5E60DC d710e889bee3b1ddae3c7cb15effa2964a5821c19a437e99553749d3740840eb "c:\programdata\microsoft\windows defender\platform\4.18.2303.8-0\mpcmdrun.exe" -wdenable 1645864 svchost.exe (user name changed *** to protect the innocent)

perhaps MORE interesting under Whitelist, mpcmdrun.exe is auto allowed and is listed 3 times: 2 have same hash, 1 has different hash, and none of those 3 match the blocked hash above, although VT says the above blocked hash is safe MS file,
Original Name MpCmdRun.exe
File Version 4.18.2303.8 (WinBuild.160101.0800)
perhaps different sha256 is windows update to this exe (I assume) :unsure:
This CL auto block was caused by "the chain"...:unsure:
EDIT by the chain, I mean mpcmdrun.exe was triggered not in the usual manner? :unsure::unsure:

On this VM, CL 7.60 was installed over 7.44 (now 7.61 over 7.60)
 
Last edited:
F

ForgottenSeer 100397

Here is the latest 7.61. I added the countdown timer for mini prompts like rhythm suggested, (thank you rhythm!). There were several prompts where it did not make sense to include the countdown timer, but I included it wherever it made sense, I think you guys will understand what I mean once you see.
I also meant to provide an "option" similar to CL, a countdown timer option for WC prompts to display them for a certain number of seconds. Is it workable? Consider adding a "Seconds" drop-down to WC's "Show alerts..." option.
 
Last edited by a moderator:

Azazel

Level 5
Jun 15, 2023
215
I've got false positive command line blocks when installing and uninstalling Adguard and Kaspersky Free.
Example: "sc" query adgnetworktdidrv
 
  • Like
Reactions: danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
I also meant to provide an "option" similar to CL, a countdown timer option for WC prompts to display them for a certain number of seconds. Is it workable? Consider adding a "Seconds" drop-down to WC's "Show alerts..." option.
Yeah, for now it is using the same value as the user prompt countdown timer. I was going to add a special one just for these prompts, but we are trying to remove unnecessary features as much as possible ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
I've got false positive command line blocks when installing and uninstalling Adguard and Kaspersky Free.
Example: "sc" query adgnetworktdidrv
Yeah, there are going to be some blocks during installs and uninstalls. The best thing to do is to put CyberLock into Training mode when you are installing or uninstalling an app.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,648
Hey Guys!

Happy Thanksgiving! We have released 7.62 to the public and will enable the auto update soon. There were only slight optimizations in this version. Also, you will now see an * for each attack chain that tab in settings. This is the primary parent application, which is the main parent application that CyberLock will use for this feature. For example, C:\Windows\explorer.exe and C:\Windows\System32\svchost.exe should not be considered the primary parent application. I hope this makes sense, if not, please let me know. Anyway, if you find an * that you believe is not assigned correctly, please let me know. BTW, I tried different text colors and styles for the primary parent application, but they all looked really bad, so we are using an * for now. If anyone has any idea what else we could use to indicate the primary parent application in the Attack Chains tab, please let me know.

CyberLock 7.62
SHA-256: 89e6080f38767621b95cb9eb0e3e79390599b7d064b9034e985939f7d1e68364

Thank you guys!
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
746
@danb
Hi Dan, thanks for the new version it is so far running good.

After looking through the settings I found some things I like to mention:
Could you please add an explanation which color means exactly what in the "attack chain" menu. Maybe like an info button "Meaning of colors here"? I know it is written somewhere in this thread but since your manual is still on 7.50 it would be nice to get the info with just one click on the "info button".

For my eysight the colors for the text (in general) all seem washed out (not dark enough e.g. for black).
When I look at the "Whitelist" the color used for the whole VoodooAi and the Whitelistcloud column are quite bright which makes it hard to read.
For the black part of the rest of the text there just look at the screenshot with the default win 11 notepad black letters and the CL black. For me CL looks washed out and are way worse to read. I hope you understand what I mean my English skills to explain it are a bit limited :D

For me the whole "black" letter colors of CL are not as good to read as even the default win 11 notepad letters.
Win 11pro 22H2, Screen resolution 1920*1080 with 125% scaling.


2.png
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Is Voodooshield(CL) at this point compatible with Eset nod32 since eset has HIPS and BB?
I understand the answer to be YES!, IIRC @Shadowra posted this is one of the "strongest" combos. I've been using this combo in VM for about 2 weeks no issues, and had used it in recent past for a number of years. My VM NOD32 is basically at default settings so default is not necessarily optimal, but might be fine running with VS/CL.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top