New Update VoodooShield CyberLock 7.0

danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,691
Victor M said:
@danb

Hi, I just tried using WDAC Wizard, and it cannot create a publisher rule to allow CyberLock. I also tried creating an atttributes rule for CyberLock.exe and CyberLockService.exe and still no go. I had to create a Path rule in order for it to work. But path rules are not secure. Can you look into this?
Click to expand...
I am not sure, but my best guess is that you will also need to create a publisher rule for the dll's in the C:\Program Files\CyberLock folder, for example "Microsoft.ML.CpuMath.dll" is signed by ".NET", and "Newtonsoft.Json.dll" is signed by "Json.NET (.NET Foundation)" and "System.Numerics.Vectors.dll" is signed by "Microsoft Corporation", and "System.Threading.Channels.dll" is signed by "Microsoft Corporation" with a different signature. I noticed that "SQLite.Interop.dll" is not signed, so I will make sure it is signed for the next version. Thank you!
 
  • Like
  • +Reputation
Reactions: simmerskool, oldschool, ForgottenSeer 100397 and 3 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,691
Thank you guys for your feedback, it is always appreciated! Can you please let me know specifically what new features you feel should not have been implemented?

We have only implemented 2 new features in the last year or two...

1) Attack Chains: Most end users will never even realize this new feature has been implemented. The only thing they will experience is a drastic reduction in unnecessary user prompts.

2) Windows Sandbox: This is going to be an amazing feature, I am getting close to being able to release a better beta version. And actually, if you do not enable Windows Sandbox on your computer, you will never know CyberLock has this capability, it will be exactly the way it was before. Also, there are less than 200 lines of new code for the Windows Sandbox integration, so it is not adding bloat to CyberLock at all, it is very clean and streamlines. In the new version of CyberLock, it will default to the old Local and Cuckoo Sandboxes, so you will not see any changes at all. And actually, we will probably remove the Local and Cuckoo sandboxes at some point because almost no one uses them.
 
  • Like
  • +Reputation
Reactions: Zartarra, scorpionv, Gandalf_The_Grey and 4 others
Oldie1950

Oldie1950

Level 5
Verified
Well-known
Mar 30, 2022
236
Hello Dan, the attack chains are a feature whose benefit I have not yet understood. If the benefit is mainly to reduce unnecessary user prompts, then it would have been better to integrate the function invisibly. The visible function only confuses non-experts.
They themselves point out that the Local and Cuckoo Sandbox have hardly been used so far. Then why add the Windows sandbox, which will probably have little meaning for users? In my opinion, CyberLock should be a simple and clear whitelisting program. However, the current development seems rather intimidating to non-experts because the many options are not really understood and are confusing.
 
  • Like
  • Wow
  • Hundred Points
Reactions: scorpionv, simmerskool, oldschool and 3 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,098
UPDATE & "CORRECTION": above I made a reference to Explorer option "Run sandboxed" in relation to CL 7.64 & its new Windows Sandbox feature. The Explorer "Run sandboxed" is NOT related to CL -- it is a Sandboxie-Plus remnant. I had installed Sandboxie 12 months ago, and shortly thereafter uninstalled, but it failed to fully uninstall. Don't you just hate that! Seems like poor coding by Sandboxie folks...
 
  • Like
Reactions: ForgottenSeer 100397 and danb
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,691
In all fairness, I have worked directly with thousands of end users for 20+ years, and I can tell you in no uncertain terms, 99.99 - 100% never touched or opened their cybersecurity software settings, or made any adjustments to the settings. We can implement a simple mode that hides the advanced settings, but it is probably not necessary.

If you do not want to use the WIndows Sandbox integration with CyberLock, you will see zero difference in the new version.

This happens every single time I introduce a new feature that is novel to the industry. There is always A LOT of push back. Then 1-2 months later, people are super happy with the new features.

If I am wrong about the Windows Sandbox integration, and no one likes or uses it, it will take all of 2 minutes to remove from the CyberLock code, and I will happily do so. But I can tell you, I am 100% certain this is going to be an amazing new feature, especially for extreme novices and average users.

But please wait and see the final implementation before you make up your mind. I never hardly used the Local or Cuckoo Sandboxes, but I use the Windows Sandbox integration ALL the time.

Edit: Actually, I take that back... there was once a doctor who was a client, and he had his son bring his laptop to the office so I could fix it. His son was running Comodo Firewall, and this was like at least 7 or so years ago, maybe longer. Anyway, I am sure he tweaked the settings. Probably used CS's settings ;).
 
  • Like
  • +Reputation
Reactions: scorpionv, Gandalf_The_Grey, simmerskool and 4 others
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,691
simmerskool said:
UPDATE & "CORRECTION": above I made a reference to Explorer option "Run sandboxed" in relation to CL 7.64 & its new Windows Sandbox feature. The Explorer "Run sandboxed" is NOT related to CL -- it is a Sandboxie-Plus remnant. I had installed Sandboxie 12 months ago, and shortly thereafter uninstalled, but it failed to fully uninstall. Don't you just hate that! Seems like poor coding by Sandboxie folks...
Click to expand...
Thank you for letting me know, I was super confused about that ;).
 
  • Like
  • +Reputation
Reactions: scorpionv, Gandalf_The_Grey, simmerskool and 1 other person
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,098
danb said:
Thank you for letting me know, I was super confused about that ;).
Click to expand...
:ROFLMAO: you're not the only one
Oldie1950 said:
I increasingly have the feeling that CyberLock is developing into a playground for technology freaks. This is no longer for me. I say goodbye to this program.
Click to expand...
perhaps, but IMO you can totally use CL with default settings, and ignore the rest with little or no popup annoyances... (my 2 cents)
 
  • Like
Reactions: Oldie1950 and ForgottenSeer 100397
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,098
oldschool said:
@jerzy601 @Antarctica @Acadia @Oldie1950 I don't want to badmouth VS but I've been voicing the same argument for a while now and I will only use it for testing purposes, not for daily driving. Dan is like a mad scientist that can't stop tinkering, not necessarily a Dr. Frankenstein. ;)
Click to expand...
fwiw, I disagree, at least in the sense that you can run CL out of box at default, get great protection, and never deal with the more techie stuff he is adding if you don't want to. If Windows Sandbox is a resourse hog on some pc (I did not see that here) then CL either has or perhaps could have a feature to enable / disable. :unsure:
 
  • Like
Reactions: ForgottenSeer 100397
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,098
Oldie1950 said:
Hello Dan, the attack chains are a feature whose benefit I have not yet understood. If the benefit is mainly to reduce unnecessary user prompts, then it would have been better to integrate the function invisibly. The visible function only confuses non-experts.
They themselves point out that the Local and Cuckoo Sandbox have hardly been used so far. Then why add the Windows sandbox, which will probably have little meaning for users? In my opinion, CyberLock should be a simple and clear whitelisting program. However, the current development seems rather intimidating to non-experts because the many options are not really understood and are confusing.
Click to expand...
No offense intended, but... just don't look at settings and leave CL at default. I think the "too many features" comments can be true with some apps, but I think misplaced with CL (fwiw...)
 
  • Like
Reactions: ForgottenSeer 100397
Digmor Crusher

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,278
simmerskool said:
fwiw, I disagree, at least in the sense that you can run CL out of box at default, get great protection, and never deal with the more techie stuff he is adding if you don't want to. If Windows Sandbox is a resourse hog on some pc (I did not see that here) then CL either has or perhaps could have a feature to enable / disable. :unsure:
Click to expand...
You can absolutely do that, but who doesn't start looking thru the options after awhile, either out of curiosity or to try to understand the program a bit better? I believe that all the options/settings could be overwhelming for many if they start scrolling thru them.
 
  • Hundred Points
  • Like
Reactions: simmerskool and Oldie1950
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,098
danb said:
In all fairness, I have worked directly with thousands of end users for 20+ years, and I can tell you in no uncertain terms, 99.99 - 100% never touched or opened their cybersecurity software settings, or made any adjustments to the settings. I never hardly used the Local or Cuckoo Sandboxes, but I use the Windows Sandbox integration ALL the time.
Click to expand...
confession: I used the VS Cuckoo sandbox regularly when I would download a new app. I would often compare Cuckoo score with Hybrid analysis score :geek: why it was easy enough. Over time there were some connection issues with VS Cuckoo and I drifted away from it. I tried new Windows Sandbox day1. What's not to like, implementing a built-in Windows OS feature. If it sucks up resources, perhaps better for folks to complain to MS... or as you say, just don't use that feature.
 
  • Like
Reactions: ForgottenSeer 100397

Similar threads

danb
    • Like
    • +Reputation
Serious Discussion Smarter App Control?
Replies
10
Views
431
General Security Discussions
pxxb1
P
oldschool
    • Like
    • +Reputation
New Update Brave Unveils New Privacy-Focused AI Answer Engine, Set to Handle Nearly 10 Billion Annual Queries
Replies
1
Views
253
Brave
oldschool
oldschool
enaph
    • Like
    • Thanks
    • Applause
Privacy News Tuta Mail adds new quantum-resistant encryption to protect email
Replies
0
Views
848
Security News
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top