Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield CyberLock 7.0
Message
<blockquote data-quote="gorblimey" data-source="post: 1074224" data-attributes="member: 65556"><p>Well, it does look as though Win 7 has reached the End-of-Life-Cycle... At least as far as Cyberlock is concerned.</p><p></p><p>There are two softs which must always be "Allowed": %Windows\surun.exe% and %Windows\System32\sc.exe%. SuRun is the Windows version of *nix "SUDO" and sc.exe "is a Windows process that allows administrative users to establish a program as a Windows service in the Service Control Manager (SCM) database and the Registry, either locally or remotely. It is a tool to assist the Service Control Manager but is not the same" (www,file.net). For context, SuRun is a permissions manager which grants elevated rights in a local (LUA) setting; sc.exe is used almost everywhere under instruction from services.exe, especially to construct command lines. sc.exe is one of many dozen (some hundreds?) unsigned M$ files in the %Windows% folder system. SuRun.exe is (of course) signed, but its helper files (SuRun32.bin, SuRunExt.dll and SuRunExt32.dll) are not.</p><p></p><p>I do confess to disallowing Whitelist Cloud and Custom Folders because I always treated VS/CL as something that disallowed everything that wasn't in the Whitelist as potentially or actually malicious. I have reinstated the Rules, deleting the provided sample and replacing it with the simple command "Allow all files in Windows". From the early days VS3.0++ onwards I have figured that that is all anyone needs: "VoodooShield is not based on signatures or behavioral analysis ..." (Adrian Ścibor, AVLab - March 2019) under News & Updates; "If you love VoodooShield just add Zemana Free and scan once a week and you are good." NullByte - malwaretips.com. FWIW, I scan monthly alternating EEK and MBAM free scanners, and yes, I do remember to update their signature files before the scan <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>Despite obtaining advice and simply fiddling with settings, I cannot persuade CL to simply leave these two alone. It is possible that Microsoft has managed to provide signatures for all the System files in the Win10++ series. So the fact that CL is almost certainly behaving just like any other real-time AV is somewhat discouraging. After all, I dropped that technology like a rancid tub of old milk when VS appeared on my screen, shortly after CryptoPrevent entered its bloatware days.</p><p></p><p>I have apologised for the attachment extravaganza, but I cannot say "sorry". VS/CL no longer does what the labels on the box say.</p><p></p><p>Dan, if you could see your way back to v3/v4/v5, there are many people like me running older OSs who would return in a shot. Many of us would still be happy to pay an annual even if we don't ever upgrade again. But if not, then perhaps take Win 7 and 8 off the OS compatibility lists on "Download" and "FAQ" pages.</p><p></p><p>I wish everone here all the best.</p><p></p><p>Edit: I did try to attach a mountain of evidence, but it seems there is a limit <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /> For those who care, I can fix up a dropbox solution, which always worked on the old K-M forums.</p></blockquote><p></p>
[QUOTE="gorblimey, post: 1074224, member: 65556"] Well, it does look as though Win 7 has reached the End-of-Life-Cycle... At least as far as Cyberlock is concerned. There are two softs which must always be "Allowed": %Windows\surun.exe% and %Windows\System32\sc.exe%. SuRun is the Windows version of *nix "SUDO" and sc.exe "is a Windows process that allows administrative users to establish a program as a Windows service in the Service Control Manager (SCM) database and the Registry, either locally or remotely. It is a tool to assist the Service Control Manager but is not the same" (www,file.net). For context, SuRun is a permissions manager which grants elevated rights in a local (LUA) setting; sc.exe is used almost everywhere under instruction from services.exe, especially to construct command lines. sc.exe is one of many dozen (some hundreds?) unsigned M$ files in the %Windows% folder system. SuRun.exe is (of course) signed, but its helper files (SuRun32.bin, SuRunExt.dll and SuRunExt32.dll) are not. I do confess to disallowing Whitelist Cloud and Custom Folders because I always treated VS/CL as something that disallowed everything that wasn't in the Whitelist as potentially or actually malicious. I have reinstated the Rules, deleting the provided sample and replacing it with the simple command "Allow all files in Windows". From the early days VS3.0++ onwards I have figured that that is all anyone needs: "VoodooShield is not based on signatures or behavioral analysis ..." (Adrian Ścibor, AVLab - March 2019) under News & Updates; "If you love VoodooShield just add Zemana Free and scan once a week and you are good." NullByte - malwaretips.com. FWIW, I scan monthly alternating EEK and MBAM free scanners, and yes, I do remember to update their signature files before the scan :) Despite obtaining advice and simply fiddling with settings, I cannot persuade CL to simply leave these two alone. It is possible that Microsoft has managed to provide signatures for all the System files in the Win10++ series. So the fact that CL is almost certainly behaving just like any other real-time AV is somewhat discouraging. After all, I dropped that technology like a rancid tub of old milk when VS appeared on my screen, shortly after CryptoPrevent entered its bloatware days. I have apologised for the attachment extravaganza, but I cannot say "sorry". VS/CL no longer does what the labels on the box say. Dan, if you could see your way back to v3/v4/v5, there are many people like me running older OSs who would return in a shot. Many of us would still be happy to pay an annual even if we don't ever upgrade again. But if not, then perhaps take Win 7 and 8 off the OS compatibility lists on "Download" and "FAQ" pages. I wish everone here all the best. Edit: I did try to attach a mountain of evidence, but it seems there is a limit :( For those who care, I can fix up a dropbox solution, which always worked on the old K-M forums. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
