- Mar 29, 2018
- 7,158
I tested it recently and the first scan on a clean install was ~ 18s with hardly very few 3rd party software installed.
BTW: VS does not autostart with Smart App Control enabled on machine restart, one reason I don't use it.
VoodooShield CyberLock 7.0
- Thread starter danb
- Start date
BTW: VS does not autostart with Smart App Control enabled on machine restart, one reason I don't use it.
The "allow by parent process" works as intended, but disabling it does not have the desired effect. I turned off the settings that would automatically permit things such as digital sign matching, auto-scanning child processes, WhitelistCloud, and set CL in ON mode. Disabling the "allow by parent process" setting in CL does not trigger alerts for child processes. This setting seems to be ineffective or faulty.
CL is a security I really like. The stated issue may not be significant when you run CL alongside an antivirus. The setting's effectiveness is crucial for me, as I don't use any antivirus. Another reason to disable the "allow by parent process" setting is to avoid manual effort, which is adding a vulnerable app to the list.
I removed CL because of the issue mentioned and the WhitelistCloud problem discussed in the thread. I plan to install CL on my test system and give feedback.
- May 31, 2017
- 1,691
Here is another way to explain "allow by parent process" feature. The "allow by parent process" does not actively block child processes... it only auto allows items when it is able to do so safely. If another CyberLock feature auto allows a child process, the "allow by parent process" will not block the item if the "allow by parent process" feature is disabled.
In other words, you said "Disabling the "allow by parent process" setting in CL does not trigger alerts for child processes.", which is correct... disabling this feature will not automatically block all child processes. If CyberLock blocked all child processes, there would be WAY too many blocks, and honestly the system probably would not boot.
CyberLock is deny-by-default. So we lock down the system, and then have the features and rules decide what to allow. And in a deny-by-default system, you can easily create rules and features that allow items, but it is difficult or impossible to create useful rules that block items. The main reason is that all items are blocked by default... and then the features and rules decide what to allow.
A feature to block child processes might work for allow-by-default products, but honestly, that would not make a lot of sense either because the system would not function properly and probably would not even boot.
What WhitelistCloud issue are you referring to?
- Apr 16, 2017
- 2,098
18 seconds is more or less what I recall.
VS/CL not auto-starting w/SAC is above my "techie-license"
but seems like an issue @danb might be able to correct -- don't know...
- Mar 29, 2018
- 7,158
I've emailed him twice about it and his replies verged on indifference, "I'll have to look into it". Well, it's been a while now since the first one and ....VS/CL not auto-starting w/SAC is above my "techie-license"
- Apr 16, 2017
- 2,098
most likely deep problem he needs to research. In that vein, I was working with Settings | Advanced tab (anti-exploit list) and discovered that ESET NOD32 HIPS was blocking an aspect of VS/CL at first without a HIPS alert, but then finally got HIPS alert. I think I created Rules to fix that, ie, it is now working as expected for me. v7.62 No doubt VS/CL is complex under the hood.
- May 31, 2017
- 1,691
Hey OS, here is the email I sent you on September 16th, I don't believe you replied, so you must not have received my email, sorry about that.
- May 31, 2017
- 1,691
Hey Guys,
Here is the latest version of CyberLock, we have integrated Windows Sandbox into CyberLock!
I am thinking we can replace both the current Local Sandbox and Cuckoo with Windows Sandbox, and there are some really cool things we can do with it in the future. This version should be working great, but we will refine it even more over time, but let me know how it goes.
For the users who are running Windows 10 or 11 Home, I think you can enable Windows Sandbox with the following link, but I have not tested this yet. I will test it soon and possibly integrate it into CyberLock so that it all happens automatically.
Edit: I played around with enabling Windows Sandbox on Home versions of Windows, and I was not able to get it to work, and I do not think it is going to work reliably moving forward. So we are not going to support the new Windows Sandbox feature for Windows Home versions. And honestly, I would not even try installing Windows Sandbox on Home editions of Windows… it takes forever to install and does not seem to work.
CyberLock 7.64
SHA-256: 1962f50e54a2b62bc2867c524c60f2c134a7410162cc40994e7a0c03a6818920
Here is the latest version of CyberLock, we have integrated Windows Sandbox into CyberLock!
I am thinking we can replace both the current Local Sandbox and Cuckoo with Windows Sandbox, and there are some really cool things we can do with it in the future. This version should be working great, but we will refine it even more over time, but let me know how it goes.
Edit: I played around with enabling Windows Sandbox on Home versions of Windows, and I was not able to get it to work, and I do not think it is going to work reliably moving forward. So we are not going to support the new Windows Sandbox feature for Windows Home versions. And honestly, I would not even try installing Windows Sandbox on Home editions of Windows… it takes forever to install and does not seem to work.
CyberLock 7.64
SHA-256: 1962f50e54a2b62bc2867c524c60f2c134a7410162cc40994e7a0c03a6818920
Last edited:
- Apr 16, 2017
- 2,098
running win10 in VMware: any issue with Windows Sandbox with VM? I very vaguely recall looking at WinSandbox earlier this year, and IIRC seemed either it was not running or running correctly, but I have to find my notes. Just wondering if I'll need to spend a lot of time on this... or is it so easy peasy...Hey Guys,
Here is the latest version of CyberLock, we have integrated Windows Sandbox into CyberLock!
I am thinking we can replace both the current Local Sandbox and Cuckoo with Windows Sandbox, and there are some really cool things we can do with it in the future. This version should be working great, but we will refine it even more over time, but let me know how it goes.
For the users who are running Windows 10 or 11 Home, I think you can enable Windows Sandbox with the following link, but I have not tested this yet. I will test it soon and possibly integrate it into CyberLock so that it all happens automatically.
Download Enable Windows Sandbox in Windows 10 Home - MajorGeeks
Enable Windows Sandbox in Windows 10 Home contains the batch files required to install or uninstall use Windows Sandbox in Windows 10 Home Edition.www.majorgeeks.com
CyberLock 7.64
SHA-256: 1962f50e54a2b62bc2867c524c60f2c134a7410162cc40994e7a0c03a6818920
- Apr 16, 2017
- 2,098
update to last, installed 7.64, on win10pro_vm, then right clicked an exe to see what happens, CL screen said the exe was safe, and I clicked Sandbox, and got a popup advising to make sure everything was setup correctly for Sandbox, and Dan even has a link to a howto Sandbox webpage. Questions about Virtualization in BIOS, ok... I've looked at that before, but now forget how that interplays with VMware 16.2. Will update when I get Sandbox running or fail...
- Apr 16, 2017
- 2,098
- Apr 16, 2017
- 2,098
Acadia
Level 1
- Sep 25, 2020
- 28
Interesting. Windows Sandbox creates another partition on your c:drive. Perhaps that creation of another partition has something to do with it.Dan just confirmed Windows Sandbox feature will not work in VM.
Acadia
Reinstalling CL 7.63 seems to have resolved the WC issue. The initial WC scan lasted around 13 seconds, while subsequent scans took less than 13 seconds. I'll keep a close watch on WC scans being slow.
- Apr 16, 2017
- 2,098
installed 7.64 on hardware win10 also running DeepInstinct. So far so good... I tried the CL Windows Sandbox feature with a miscellaneous exe and CL said it was safe but I clicked Sandbox anyway, and WinSandbox opened ok wanting to run that exe. But still unclear how we'll use this for analysis. This was the first time I ran WinSandbox, so I'm sure there's stuff to learn...
If we install CL can we not use sandbox from windows meaning an option to disable on install or in app?
I believe the Windows Sandbox feature is only for running apps in an isolated environment, but I haven't installed 7.64. I hope the default state does not have the option enabled. Personally, I disliked connecting CL to an OS feature.
- Apr 16, 2017
- 2,098
@blueblackwow65 & @rhythm ... I've never run Windows Sandbox before yesterday and independently from CL 7.64, so I just tried to open an exe from explorer right click with "run sandboxed" option (ie not using CL) and I get a win10 popup: you'll need a new app (unnamed) to open this .exe.file Look for an app in the MS store...?? that seems like a snafu -- I'll ask Dan...
- Apr 16, 2017
- 2,098
@blueblackwow65 & @rhythm ... update. my Windows Sandbox does open from the win10 OS using the search feature, I can open WinSandbox as user or administrator... but right clicking an app from Explorer seems not to be working with Run Sandboxed; however, using CL 7.64 and getting an alert and selecting Sandbox the WinSandbox opens ok with the intended app. I have sent an email to Dan to see if this as expected (I have no experience with Windows Sandbox before yesterday)...
Similar threads
