Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield CyberLock 7.0
Message
<blockquote data-quote="gorblimey" data-source="post: 1074299" data-attributes="member: 65556"><p>Hokay. FIRST: CL was fully uninstalled on 2 February 2024, Western Australia time, Zulu plus 8 hours. I have found it necessary to go in with a shovel and pick axe because Windows is notoriously lax when it comes to uninstalling. After a full restart, CL was clean installed, and my standard mods performed: Disable Custom Folders, disable WLC. I deleted the preinstalled Rule and wrote a new Rule, "Allow all files in Windows folder".</p><p></p><p>Let's deal with <em>%Windows\System32\sc.exe%</em>, which is as described in my last post, an <u>unsigned</u> Microsoft tool to assist the Service Control Manager. After giving the new install time to play, I took some screen grabs (click to show):</p><p></p><p>CL-User-Log < <a href="https://www.dropbox.com/scl/fi/b04kl2gu1ck5sqtq483um/CL-User-Log.png?rlkey=2bv3shifowbw54odkci7d0qvr&dl=0" target="_blank">CL User Log.png</a> ></p><p></p><p>CL-Rules < <a href="https://www.dropbox.com/scl/fi/psmltmo1xdcfhapz1rf6a/CL-Rules.png?rlkey=ngntxrhm408kdnfpyh5510rol&dl=0" target="_blank">CL Rules.png</a> ></p><p></p><p>CL-Command-Lines < <a href="https://www.dropbox.com/scl/fi/rtpqx0fakqxlwy74zmmr1/CL-Command-Lines.png?rlkey=3swadig7kk2jce6na6iyzdlw7&dl=0" target="_blank">CL Command Lines.png</a> ></p><p></p><p>CL-Attack-Chains < <a href="https://www.dropbox.com/scl/fi/y28ss8fdibdcw0fo5ki56/CL-Attack-Chains.png?rlkey=hdmu0u1pbxf82yjnt74nm856h&dl=0" target="_blank">CL Attack Chains.png</a> ></p><p></p><p>CL-Basic-Settings < <a href="https://www.dropbox.com/scl/fi/p904h8db37jft3bmbdffn/CL-Basic-Settings.png?rlkey=80pwtmg7t945m5zzf1l5d5p7j&dl=0" target="_blank">CL Basic Settings.png</a> ></p><p></p><p>CL-DeveloperLog-last-2-days < <a href="https://www.dropbox.com/scl/fi/09dsndab1tthaunbbr93b/CL-DeveloperLog-last-2-days.log?rlkey=csex8npixqrwvmjexsb80pyro&dl=0" target="_blank">CL DeveloperLog last 2 days.log</a> ></p><p>(Look for the triple-asterisks)</p><p></p><p>In the Developer Log, note the entry <strong>"[02-04-2024 01:00:00] [INFO ] - RuleID: 23 | False | c:\windows\system32\sc.exe | c:\windows\system32\sc.exe start w32time task_started | c:\windows\system32\services.exe | 2"</strong>. In the screenshot <strong> "CL-Attack-Chains" </strong>you can see clearly that CL seems to not care about <em>sc.exe</em>. But in <strong>"CL-Command-Lines" </strong>CL <u>does</u> care. It is fairly obvious that CL wants to see a signature on ALL files, something that won't happen in Win 7, and probably won't happen even in Win 11. Yes I can easily reverse the Command Line indicator (Block --> Allow) but that's really a bit late in the day. A bit late in the week, really. Am I going to open CL settings every couple of hours? I don't think so.</p><p></p><p>SECOND: I have SuRun 1.2.1.2, a fairly old version now, but current for Win 7 at the time. Later versions should not behave very differently from mine. You may want to paste these settings into your edition.</p><p></p><p>SuRun Settings < <a href="https://www.dropbox.com/scl/fi/03qp9j1cv2arygkxl6m9i/SuRunSettings.txt?rlkey=xcmft6iz56101h4tiwbvvjjpn&dl=0" target="_blank">SuRunSettings.txt</a> ></p><p></p><p></p><p></p><p>SuRun-invocation < <a href="https://www.dropbox.com/scl/fi/aeh7i2go3vqsq02nt1rrt/SuRun-invocation.png?rlkey=68d7h5qlj2r08m87aww50b5cf&dl=0" target="_blank">SuRun invocation.png</a> ></p><p></p><p>SuRun is normally invoked by clicking on <strong>"Start as Administrator"</strong> from the "Run" Start Menu Command, or from Windows Explorer context menu on an executable; however, as SuRun is primarily concerned with permissions, it also has multitudinous system hooks so it can work on the fly more or less invisibly to elevate user permissions in selected tasks exactly as *nix does, in an LUA context. Kay Bruns wrote the program to do what he considered Microsoft SHOULD have done. Anybody familiar with *nix will understand what SuRun does in Windows, and will understand that SuRun actually BECOMES PART of Windows...</p><p></p><p>So, almost all the time, I do not see or hear SuRun doing its job. Occasionally I might see a glitch when CL has blocked SuRun. Rarely, SuRun might ask me. There is an icon in the System Tray, but I leave that hidden in my LUA. Of course my Admin account has the icon displayed <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> but I am almost always downstairs <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /></p><p></p><p>Technological progress is normally on the good side. Except when it isn't. As in (for example) putting LEDs on vehicle signalling lights, which have an unpleasant habit of fading right out to invisibility when the sunlight hits at just the perfect angle, which is far more often than you might think. Sometimes incandescent globes do a better job for less cost, especially when the "waste heat" can help solve a micro-climate problem caused by unwise use of the latest low-power globes.</p></blockquote><p></p>
[QUOTE="gorblimey, post: 1074299, member: 65556"] Hokay. FIRST: CL was fully uninstalled on 2 February 2024, Western Australia time, Zulu plus 8 hours. I have found it necessary to go in with a shovel and pick axe because Windows is notoriously lax when it comes to uninstalling. After a full restart, CL was clean installed, and my standard mods performed: Disable Custom Folders, disable WLC. I deleted the preinstalled Rule and wrote a new Rule, "Allow all files in Windows folder". Let's deal with [I]%Windows\System32\sc.exe%[/I], which is as described in my last post, an [U]unsigned[/U] Microsoft tool to assist the Service Control Manager. After giving the new install time to play, I took some screen grabs (click to show): CL-User-Log < [URL='https://www.dropbox.com/scl/fi/b04kl2gu1ck5sqtq483um/CL-User-Log.png?rlkey=2bv3shifowbw54odkci7d0qvr&dl=0']CL User Log.png[/URL] > CL-Rules < [URL='https://www.dropbox.com/scl/fi/psmltmo1xdcfhapz1rf6a/CL-Rules.png?rlkey=ngntxrhm408kdnfpyh5510rol&dl=0']CL Rules.png[/URL] > CL-Command-Lines < [URL='https://www.dropbox.com/scl/fi/rtpqx0fakqxlwy74zmmr1/CL-Command-Lines.png?rlkey=3swadig7kk2jce6na6iyzdlw7&dl=0']CL Command Lines.png[/URL] > CL-Attack-Chains < [URL='https://www.dropbox.com/scl/fi/y28ss8fdibdcw0fo5ki56/CL-Attack-Chains.png?rlkey=hdmu0u1pbxf82yjnt74nm856h&dl=0']CL Attack Chains.png[/URL] > CL-Basic-Settings < [URL='https://www.dropbox.com/scl/fi/p904h8db37jft3bmbdffn/CL-Basic-Settings.png?rlkey=80pwtmg7t945m5zzf1l5d5p7j&dl=0']CL Basic Settings.png[/URL] > CL-DeveloperLog-last-2-days < [URL='https://www.dropbox.com/scl/fi/09dsndab1tthaunbbr93b/CL-DeveloperLog-last-2-days.log?rlkey=csex8npixqrwvmjexsb80pyro&dl=0']CL DeveloperLog last 2 days.log[/URL] > (Look for the triple-asterisks) In the Developer Log, note the entry [B]"[02-04-2024 01:00:00] [INFO ] - RuleID: 23 | False | c:\windows\system32\sc.exe | c:\windows\system32\sc.exe start w32time task_started | c:\windows\system32\services.exe | 2"[/B]. In the screenshot [B] "CL-Attack-Chains" [/B]you can see clearly that CL seems to not care about [I]sc.exe[/I]. But in [B]"CL-Command-Lines" [/B]CL [U]does[/U] care. It is fairly obvious that CL wants to see a signature on ALL files, something that won't happen in Win 7, and probably won't happen even in Win 11. Yes I can easily reverse the Command Line indicator (Block --> Allow) but that's really a bit late in the day. A bit late in the week, really. Am I going to open CL settings every couple of hours? I don't think so. SECOND: I have SuRun 1.2.1.2, a fairly old version now, but current for Win 7 at the time. Later versions should not behave very differently from mine. You may want to paste these settings into your edition. SuRun Settings < [URL='https://www.dropbox.com/scl/fi/03qp9j1cv2arygkxl6m9i/SuRunSettings.txt?rlkey=xcmft6iz56101h4tiwbvvjjpn&dl=0']SuRunSettings.txt[/URL] > SuRun-invocation < [URL='https://www.dropbox.com/scl/fi/aeh7i2go3vqsq02nt1rrt/SuRun-invocation.png?rlkey=68d7h5qlj2r08m87aww50b5cf&dl=0']SuRun invocation.png[/URL] > SuRun is normally invoked by clicking on [B]"Start as Administrator"[/B] from the "Run" Start Menu Command, or from Windows Explorer context menu on an executable; however, as SuRun is primarily concerned with permissions, it also has multitudinous system hooks so it can work on the fly more or less invisibly to elevate user permissions in selected tasks exactly as *nix does, in an LUA context. Kay Bruns wrote the program to do what he considered Microsoft SHOULD have done. Anybody familiar with *nix will understand what SuRun does in Windows, and will understand that SuRun actually BECOMES PART of Windows... So, almost all the time, I do not see or hear SuRun doing its job. Occasionally I might see a glitch when CL has blocked SuRun. Rarely, SuRun might ask me. There is an icon in the System Tray, but I leave that hidden in my LUA. Of course my Admin account has the icon displayed :) but I am almost always downstairs :( Technological progress is normally on the good side. Except when it isn't. As in (for example) putting LEDs on vehicle signalling lights, which have an unpleasant habit of fading right out to invisibility when the sunlight hits at just the perfect angle, which is far more often than you might think. Sometimes incandescent globes do a better job for less cost, especially when the "waste heat" can help solve a micro-climate problem caused by unwise use of the latest low-power globes. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
