New Update VoodooShield CyberLock 7.0

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hi Dan,
Do Cyberlock block files (scripts) with the Mark of the Web?
CyberLock is able to read the MOTW feature, but it is my opinion that MOTW is a much better fit with allow-by-default products, as opposed to deny-by-default products.

Think of it this way... it is not like CyberLock is going to say "since you do not have MOTW, you are automatically allowed". That, and MOTW is not always preserved, so we can never be 100% certain if the file came from the web or not.
 
  • +Reputation
  • Like
Reactions: ErzCrz and Azazel
A

Azazel

CyberLock is able to read the MOTW feature, but it is my opinion that MOTW is a much better fit with allow-by-default products, as opposed to deny-by-default products.

Think of it this way... it is not like CyberLock is going to say "since you do not have MOTW, you are automatically allowed". That, and MOTW is not always preserved, so we can never be 100% certain if the file came from the web or not.
The idea is not to allow scripts or files that do not have MOTW but be stricter for scripts or files that have it.
To be used as a signal or heuristic to increase the likelihood of blockage.
 
  • Like
Reactions: danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
The idea is not to allow scripts or files that do not have MOTW but be stricter for scripts or files that have it.
To be used as a signal or heuristic to increase the likelihood of blockage.
But CyberLock is going to block it either way if it is not explicitly whitelisted / previously allowed. So we really do not care where the script came from, we are going to block it either way.
 
  • +Reputation
  • Like
Reactions: ErzCrz and Azazel

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hey guys,

Here is the latest version. The new File Type feature is a lot better refined now, and includes close to 100 different file types.

It should be perfectly stable, but please let me know if there are any issues or unwanted blocks.

CyberLock 7.73
SHA-256: d846a3b3f7e0cbfc6a2fae7ff3f710de15eeaacd6cfeab682ae5ff2fc0c66dcc


Thank you,

Dan
 
A

Azazel

Hi @danb
Is it possible for cyberlock to block malicious drivers from running or executing like WDAC does.
There is a rise of exploitation of vulnerable drivers lately.
 
  • Like
Reactions: danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hi @danb
Is it possible for cyberlock to block malicious drivers from running or executing like WDAC does.
There is a rise of exploitation of vulnerable drivers lately.
We could add a similar capability, but I kind of like the way CyberLock already blocks drivers from even being installed in the first place. It would be very difficult to install a driver without CyberLock blocking the install.

Then again, we might be adding a WDAC mode to CyberLock, and if that is the case, it would be easy to include the WDAC drivers option. I am just waiting to see if people think it is a good idea or not to add a WDAC mode to CyberLock. Or we could have a separate WDAC version of CyberLock. Or maybe even add WDAC to DefenderUI, along with other Microsoft Defender components.

 
  • +Reputation
Reactions: Azazel and ErzCrz
A

Azazel

We could add a similar capability, but I kind of like the way CyberLock already blocks drivers from even being installed in the first place. It would be very difficult to install a driver without CyberLock blocking the install.

Then again, we might be adding a WDAC mode to CyberLock, and if that is the case, it would be easy to include the WDAC drivers option. I am just waiting to see if people think it is a good idea or not to add a WDAC mode to CyberLock. Or we could have a separate WDAC version of CyberLock. Or maybe even add WDAC to DefenderUI, along with other Microsoft Defender components.

The question for me is what's better to block high privilege sophisticated attacks using exploitation or Vulnerable drivers. Does a kernel mode driver like Cyberlock block as effectively as WDAC. Assuming the attack have admin and above privileges.
 
  • Like
Reactions: danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
The question for me is what's better to block high privilege sophisticated attacks using exploitation or Vulnerable drivers. Does a kernel mode driver like Cyberlock block as effectively as WDAC. Assuming the attack have admin and above privileges.
You could argue either way on this topic, but one thing is for certain, a kernel mode driver like CyberLock's has tons of advantages over WDAC, and very few, if any, disadvantages. Don't get me wrong, WDAC is pretty cool and it has its place, but in terms of properly protecting a computer, there is simply no comparison.

Also keep in mind, most of CyberLock's driver was written by Microsoft... we just customized it a little to fit our needs.
 
  • +Reputation
Reactions: ErzCrz

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Isn't everything lost already if the attacker has admin and above privileges? As an admin can't you just stop/install/whitelist whatever you please?
I would suggest that everything is lost already if an attacker can execute any code on your machine ;).
 
  • Like
Reactions: Freki123 and ErzCrz

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hi where can I follow or keep updated on the latest stable versions of Cyberlock please?
This is probably the best place, or we can add you to the beta test group if you like, that way you will receive updates.
 
  • +Reputation
Reactions: ErzCrz

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
What's this product like compared to KTS?
CyberLock is not a security suite, so KTS has a lot more components that a full security suite would have. Whereas CyberLock's zero-trust / application whitelisting component is much more advanced, automated and user-friendly.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Magika could help identify file types without the file extension at the end of file.
Thank you, we looked into this, and while it is a very cool project, it does not cover most of the file types that we are interested in.
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hey Guys,

Here is CyberLock 7.44! There were a few small changes, and one big unexpected change. CyberLock has a loop that runs on its own thread that performs tasks like checking to see if it should toggle or not, hide in full screen, etc. Anyway, to make a long story short, we have been adding tasks to that loop for years, and I recently realized that it was overloaded with tasks, and it was starting to cause some issues. So we created a new loop that runs on its own thread, so now CyberLock should be super responsive.

Also, DefenderUI is starting to do pretty well, so we recently registered the domain name Defender.Tools and have started developing apps to further enhance Microsoft Defender.

There should not be any issues, but please let me know if you guys find anything!

CyberLock 7.74
SHA-256: 2e8ac6f85a48024bf6a8082509c039bb20f21e742d86e4296d684811329702e2


Thank you guys!


Dan
 

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,699
Hey Guys,

Here is the latest stable version of CyberLock. There were only minor changes, but it should be ready for public release.

CyberLock 7.75
SHA-256: 1baff54dee6d981762f51703e8500d58ced1a45365b2274e531853f7ce89c6db

We added a “Download the latest stable beta CyberLock” link to the download section of our website under the main Download button, so the latest stable version will always be listed there.


Thank you,

Dan
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top