New Update VoodooShield CyberLock 7.0

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb

Hi, I just tried using WDAC Wizard, and it cannot create a publisher rule to allow CyberLock. I also tried creating an atttributes rule for CyberLock.exe and CyberLockService.exe and still no go. I had to create a Path rule in order for it to work. But path rules are not secure. Can you look into this?
I am not sure, but my best guess is that you will also need to create a publisher rule for the dll's in the C:\Program Files\CyberLock folder, for example "Microsoft.ML.CpuMath.dll" is signed by ".NET", and "Newtonsoft.Json.dll" is signed by "Json.NET (.NET Foundation)" and "System.Numerics.Vectors.dll" is signed by "Microsoft Corporation", and "System.Threading.Channels.dll" is signed by "Microsoft Corporation" with a different signature. I noticed that "SQLite.Interop.dll" is not signed, so I will make sure it is signed for the next version. Thank you!
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Thank you guys for your feedback, it is always appreciated! Can you please let me know specifically what new features you feel should not have been implemented?

We have only implemented 2 new features in the last year or two...

1) Attack Chains: Most end users will never even realize this new feature has been implemented. The only thing they will experience is a drastic reduction in unnecessary user prompts.

2) Windows Sandbox: This is going to be an amazing feature, I am getting close to being able to release a better beta version. And actually, if you do not enable Windows Sandbox on your computer, you will never know CyberLock has this capability, it will be exactly the way it was before. Also, there are less than 200 lines of new code for the Windows Sandbox integration, so it is not adding bloat to CyberLock at all, it is very clean and streamlines. In the new version of CyberLock, it will default to the old Local and Cuckoo Sandboxes, so you will not see any changes at all. And actually, we will probably remove the Local and Cuckoo sandboxes at some point because almost no one uses them.
 

Oldie1950

Level 7
Verified
Well-known
Mar 30, 2022
306
Hello Dan, the attack chains are a feature whose benefit I have not yet understood. If the benefit is mainly to reduce unnecessary user prompts, then it would have been better to integrate the function invisibly. The visible function only confuses non-experts.
They themselves point out that the Local and Cuckoo Sandbox have hardly been used so far. Then why add the Windows sandbox, which will probably have little meaning for users? In my opinion, CyberLock should be a simple and clear whitelisting program. However, the current development seems rather intimidating to non-experts because the many options are not really understood and are confusing.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
UPDATE & "CORRECTION": above I made a reference to Explorer option "Run sandboxed" in relation to CL 7.64 & its new Windows Sandbox feature. The Explorer "Run sandboxed" is NOT related to CL -- it is a Sandboxie-Plus remnant. I had installed Sandboxie 12 months ago, and shortly thereafter uninstalled, but it failed to fully uninstall. Don't you just hate that! Seems like poor coding by Sandboxie folks...
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
In all fairness, I have worked directly with thousands of end users for 20+ years, and I can tell you in no uncertain terms, 99.99 - 100% never touched or opened their cybersecurity software settings, or made any adjustments to the settings. We can implement a simple mode that hides the advanced settings, but it is probably not necessary.

If you do not want to use the WIndows Sandbox integration with CyberLock, you will see zero difference in the new version.

This happens every single time I introduce a new feature that is novel to the industry. There is always A LOT of push back. Then 1-2 months later, people are super happy with the new features.

If I am wrong about the Windows Sandbox integration, and no one likes or uses it, it will take all of 2 minutes to remove from the CyberLock code, and I will happily do so. But I can tell you, I am 100% certain this is going to be an amazing new feature, especially for extreme novices and average users.

But please wait and see the final implementation before you make up your mind. I never hardly used the Local or Cuckoo Sandboxes, but I use the Windows Sandbox integration ALL the time.

Edit: Actually, I take that back... there was once a doctor who was a client, and he had his son bring his laptop to the office so I could fix it. His son was running Comodo Firewall, and this was like at least 7 or so years ago, maybe longer. Anyway, I am sure he tweaked the settings. Probably used CS's settings ;).
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
UPDATE & "CORRECTION": above I made a reference to Explorer option "Run sandboxed" in relation to CL 7.64 & its new Windows Sandbox feature. The Explorer "Run sandboxed" is NOT related to CL -- it is a Sandboxie-Plus remnant. I had installed Sandboxie 12 months ago, and shortly thereafter uninstalled, but it failed to fully uninstall. Don't you just hate that! Seems like poor coding by Sandboxie folks...
Thank you for letting me know, I was super confused about that ;).
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Thank you for letting me know, I was super confused about that ;).
:ROFLMAO: you're not the only one
I increasingly have the feeling that CyberLock is developing into a playground for technology freaks. This is no longer for me. I say goodbye to this program.
perhaps, but IMO you can totally use CL with default settings, and ignore the rest with little or no popup annoyances... (my 2 cents)
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
@jerzy601 @Antarctica @Acadia @Oldie1950 I don't want to badmouth VS but I've been voicing the same argument for a while now and I will only use it for testing purposes, not for daily driving. Dan is like a mad scientist that can't stop tinkering, not necessarily a Dr. Frankenstein. ;)
fwiw, I disagree, at least in the sense that you can run CL out of box at default, get great protection, and never deal with the more techie stuff he is adding if you don't want to. If Windows Sandbox is a resourse hog on some pc (I did not see that here) then CL either has or perhaps could have a feature to enable / disable. :unsure:
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Hello Dan, the attack chains are a feature whose benefit I have not yet understood. If the benefit is mainly to reduce unnecessary user prompts, then it would have been better to integrate the function invisibly. The visible function only confuses non-experts.
They themselves point out that the Local and Cuckoo Sandbox have hardly been used so far. Then why add the Windows sandbox, which will probably have little meaning for users? In my opinion, CyberLock should be a simple and clear whitelisting program. However, the current development seems rather intimidating to non-experts because the many options are not really understood and are confusing.
No offense intended, but... just don't look at settings and leave CL at default. I think the "too many features" comments can be true with some apps, but I think misplaced with CL (fwiw...)
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
fwiw, I disagree, at least in the sense that you can run CL out of box at default, get great protection, and never deal with the more techie stuff he is adding if you don't want to. If Windows Sandbox is a resourse hog on some pc (I did not see that here) then CL either has or perhaps could have a feature to enable / disable. :unsure:
You can absolutely do that, but who doesn't start looking thru the options after awhile, either out of curiosity or to try to understand the program a bit better? I believe that all the options/settings could be overwhelming for many if they start scrolling thru them.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
In all fairness, I have worked directly with thousands of end users for 20+ years, and I can tell you in no uncertain terms, 99.99 - 100% never touched or opened their cybersecurity software settings, or made any adjustments to the settings. I never hardly used the Local or Cuckoo Sandboxes, but I use the Windows Sandbox integration ALL the time.
confession: I used the VS Cuckoo sandbox regularly when I would download a new app. I would often compare Cuckoo score with Hybrid analysis score :geek: why it was easy enough. Over time there were some connection issues with VS Cuckoo and I drifted away from it. I tried new Windows Sandbox day1. What's not to like, implementing a built-in Windows OS feature. If it sucks up resources, perhaps better for folks to complain to MS... or as you say, just don't use that feature.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top