New Update VoodooShield CyberLock 7.0

[Avethil]

Cleanup is done automatically, as you can see in settings. Can't remember where exactly and don't have it installed ATM so I can't post screenshot.

I'm sorry but I've checked Cyberlock settings and I haven't found the setting you mention (there is only a option to "automatically clean temporary folders" that's already checked) neither the orphaned whitelist entries are automatically deleted. In fact from time to time I have to manually delete them one by one.

 

[oldschool]

I'm sorry but I've checked Cyberlock settings and I haven't found the setting you mention (there is only a option to "automatically clean temporary folders" that's already checked) neither the orphaned whitelist entries are automatically deleted. In fact from time to time I have to manually delete them one by one.

Then maybe whitelist cleaning is related to WLC scanning.

 

[1chaoticadult]

No.

No.

Cleanup is done automatically. You can see there is a specific setting enabled by default. Can't remember where exactly and don't have it installed ATM so I can't post screenshot.

You are talking about the Perform Snapshot Scan every xx minutes. That setting is on the WhitelistCloud page.

 

[Avethil]

Then maybe whitelist cleaning is related to WLC scanning.

Yep, but I don't use it so for me and maybe other users a command that scans whitelist entries without performing a snapshot scan would be preferable in my opinion.

 

[Avethil]

You are talking about the Perform Snapshot Scan every xx minutes. Also, that setting is on the WhitelistCloud page.

Hello, as I don't use WLC can I ask you if WhitelistCloud Snapshot scan keeps in the Whitelist the already whitelisted processes or replace the Whitelist with the processes currently active at the time of the scan only?
I'm referring to the whitelist shown in the attached screenshot

 

[oldschool]

But if I reset the whitelist the new Snapshot Scan would whitelist only the processes currently running at the moment of the scan so all other files should be whitelisted again

Correct. Maybe @danb's above answer was incomplete in this respect.

 

[simmerskool]

my limited understanding: settings | Whitelist (number) | then at the bottom "reset whiltelist" predates Dan adding WhitelistCloud to VS.
The posts about this seem somewhat apples & oranges to me. I'm sure Dan can explain if and how these 2 features may be interrelated (if they are).

 

[1chaoticadult]

Hello, as I don't use WLC can I ask you if WhitelistCloud Snapshot scan keeps in the Whitelist the already whitelisted processes or replace the Whitelist with the processes currently active at the time of the scan only?
I'm referring to the whitelist shown in the attached screenshot

As far as I know it keeps the whitelisted processes and only adds processes if not in the whitelist, which can include child processes.

 

[Avethil]

As far as I know it keeps the whitelisted processes and only adds processes if not in the whitelist, which can include child processes.

Thank you for the answer. So now I must choose if enable WhitelistCloud or continue to delete orphaned whitelist rules one by one. I have to think about this.

 

[danb]

To make a long story short... if the WLC Realtime Scan is disabled, then CyberLock will automatically cleanup the whitelist every hour, which removes any whitelisted item where the file no longer exists. If the WLC Realtime Scan is enabled, CyberLock will automatically cleanup the whitelist during the WLC scan.

BTW, the automatic cleanup also ensures that any pre-existing malware is not whitelisted, because once any pre-existing malware is removed by the AV or CyberLock, it is also removed from the whitelist.

 

[Avethil]

To make a long story short... if the WLC Realtime Scan is disabled, then CyberLock will automatically cleanup the whitelist every hour, which removes any whitelisted item where the file no longer exists. If the WLC Realtime Scan is enabled, CyberLock will automatically cleanup the whitelist during the WLC scan.

BTW, the automatic cleanup also ensures that any pre-existing malware is not whitelisted, because once any pre-existing malware is removed by the AV or CyberLock, it is also removed from the whitelist.

Hello Dan, my WLC Realtime Scan is disabled but the whitelist isn't automatically cleaned every hour and I've to manually delete the items that refers to files not anymore on the disk. Is there some setting that I haven't found and that I should activate or am I the only one who has this problem?
My Cyberlock version is 7.70, Cyberlock Mode: Always ON, Security Posture: Aggressive
Just as example I've checked now my whitelist and a the rule that should refer to Windows Defender update, which was allowed yesterday, is still there, even if the file isn't anymore on the disk.


Thanks in advance

 

[l0rdraiden]

If I have it in autopilot, which of the modes work together with the rules section?
I mean if I build a rule to auto allow something, with which settings this rule is effective. The help balloon for the autopilot modes doesn't help to understand this, in fact I think the explanations are contradictory

 

[Avethil]

Just to confirm that automatic whitelist cleanup isn't working for me: today my PC has been ON for more than two hours, I've checked now the whitelist and the same rule is still there.

 

[Azazel]

Just to confirm that automatic whitelist cleanup isn't working for me: today my PC has been ON for more than two hours, I've checked now the whitelist and the same rule is still there.

Same with me.

 

[danb]

That is odd, please look for the following log entry in your developer log, located here: C:\ProgramData\CyberLock\DeveloperLog.log

Cleanup Whitelist: (and date / time)

Please let me know if your developer log contains entries like this, and please confirm that it is firing every hour.

 

[vaccineboy]

That is odd, please look for the following log entry in your developer log, located here: C:\ProgramData\CyberLock\DeveloperLog.log

Cleanup Whitelist: (and date / time)

Please let me know if your developer log contains entries like this, and please confirm that it is firing every hour.

I've just checked mine. The log goes back to Sep 2023 and no cleanup whitelist entry is found.

 

[Avethil]

Please let me know if your developer log contains entries like this, and please confirm that it is firing every hour.

Yep, C:\ProgramData\CyberLock\DeveloperLog.log contains multiple entries firing every hour but for some reason that command never worked for me.

The first entry is [12-20-2023 13:17:15] [INFO ] - Cleanup Whitelist: 12/20/2023 1:17:15 PM

The most recent entry is [03-04-2024 12:05:47] [INFO ] - Cleanup Whitelist: 3/4/2024 12:05:47 PM

Also I've checked now the whitelist and the rule I mentioned in my previous post is still there.

 

[Oldie1950]

I looked for “cleanup” in my log and didn’t find anything.

 

[simmerskool]

That is odd, please look for the following log entry in your developer log, located here: C:\ProgramData\CyberLock\DeveloperLog.log

Cleanup Whitelist: (and date / time)

Please let me know if your developer log contains entries like this, and please confirm that it is firing every hour.

just searched my developerlog.log and I'm not seeing Cleanup Whitelist.
running 7.70. Is this a header for a string of code? I did find cleanuptemporary something or other (paraphrase not an exact copy)?

 

[Avethil]

I did find cleanuptemporary something or other

Hello, I also have multiple entries like [02-26-2024 12:36:11] [INFO ] - RuleID: 23 | True | c:\windows\system32\rundll32.exe | "c:\windows\system32\rundll32.exe" windows.storage.applicationdata.dll,cleanuptemporarystate | c:\windows\system32\svchost.exe | 2 but I think it's a different thing from Cyberlock Whitelist Cleanup . It refers to windows.storage.applicationdata.dll - Should I Block It? (Windows Application Data API Server)

I don't know what it means btw