New Update VoodooShield CyberLock 7.0

[danb]

Interesting... I am not sure how we missed adding librewolf as a default web app, thank you guys for letting me know. I will add it soon.

 

[Victor M]

@danb . So there is a chance that a malware signed and verifiable could slip past CL ?

 

[danb]

@danb . So there is a chance that a malware signed and verifiable could slip past CL ?

People are probably tired of me saying this, but CyberLock does not auto allow by Digital Signature alone when it is ON. I repeat this a lot because this is an important and unique feature of CyberLock. It would be a lot easier to auto allow by digital signature, but as you have seen, doing this is not secure.

So no, there is no chance that a malware signed and verifiable could slip past CyberLock when it is ON.

Now, if VS is on AutoPilot or OFF, there is an small chance that it could slip through, but it order to do so, it would have to also be verified by CyberLock's digital signature list, and also pass WhitelistCloud and VoodooAi analysis. In other words, CyberLock is very conservative and we do not take any chances.

 

[Victor M]

@danb That is what I wanted to hear. I don't want signed and verified malware to slip past.

 

[Victor M]

@danb Does CL check the signatures of DLL's too ?

 

[ForgottenSeer 100397]

Is it possible to use CL as ransomware protection by blocking program access to a folder except for specific programs?

 

[danb]

@danb Does CL check the signatures of DLL's too ?

All signable file types (.air, .airi, .cab, .cat, .ctl, .dll, .docm, .exe, .jar, .msi, .msu, .ocx, .pptm, .scr, .sys, .tmp, .vba, .xap, .xlsm, .xpi) are checked with the same digital signature feature.

 

[danb]

Is it possible to use CL as ransomware protection by blocking program access to a folder except for specific programs?

No... we were going to implement something like this until Controlled Folder Access was implemented into Windows. The main goal of CyberLock is to never let the malicious code ever run in the first place.

 

[Victor M]

by blocking program access to a folder except for specific programs?

Windows Defender does that.

 

[ForgottenSeer 100397]

No... we were going to implement something like this until Controlled Folder Access was implemented into Windows. The main goal of CyberLock is to never let the malicious code ever run in the first place.

I tried using Defender with CL, but my system slows down. The system runs smoothly now that Defender is off and CL is on Smart + Aggressive. Based on what I’ve seen, CL on its own is a reliable defense, particularly in combination with WhitelistCloud. I'm certain that many people rely on CL as their sole and primary protection.

 

[Lightning_Brian]

Great enhancements @danb !

~Brian

 

[Victor M]

@danb Hi, What will happen if a malware is inserted into Windows Update and tries to install during a Restart ? Because it is doing a Restart there will be no UI available for CL to prompt me, will it default to Not running that malware ?

 

[danb]

CyberLock will block the malware from being inserted. Do you want to send me that sample? Thank you!

 

[Xeno1234]

Does VoodooShield work with Kaspersky?

 

[Victor M]

Do you want to send me that sample?

I have already re-installed Windows . I hoped the same CL prompt would re-appear, but it didn't.

 

[Azazel]

Will Voodooshield add win32 app isolation and CFG, CET Exploit mitigations @danb ?

GitHub - microsoft/win32-app-isolation: Tools and documentation for Win32 app isolation

Tools and documentation for Win32 app isolation. Contribute to microsoft/win32-app-isolation development by creating an account on GitHub.

github.com

Customize exploit protection

You can enable or disable specific mitigations used by exploit protection using the Windows Security app or PowerShell. You can also audit mitigations and export configurations.

learn.microsoft.com

 

[oldschool]

Will Voodooshield add win32 app isolation and CFG, CET Exploit mitigations @danb ?

It protects everything in Windows. I'm not sure if the methods CL uses are the same as Exploit Protection.

BTW, you can configure Exploit Protection manually for any program you like, and rely on it as part of your security setup even without CL.

Keep it simple, stay safe and not paranoid!

 

[Freki123]

Isn't win32 app isolation only a public preview atm? I would better wait for a public release and then wait some more time (since a lot of new ms features need time to get any bugs ironed out)

 

[Victor M]

@danb What is the designed purpose of VoodooAI ? Is it a malware detection heuristic? There is very little description about it on your web site.

 

[Digmor Crusher]

This popped up twice this morning after starting computer, VS icon in taskbar has an X through it and disappears when you hover mouse over it. If I click on VS icon on desktop the icon in the taskbar comes back and then program seems to work again. After I did this the first time it was about 10 minutes before it happened again. I have a lifetime license. Thanks Dan.