Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield CyberLock 7.0
Message
<blockquote data-quote="danb" data-source="post: 1081941" data-attributes="member: 62850"><p>Actually, if you can parse the command line and also determine the primary parent process, there are some really cool things you can do, so that you do not have to block these file types globally, and you can allow what needs to be allowed, whether the script is in the user or system space.</p><p></p><p>I can go in to further detail at some point, but here is a quick overview.</p><p></p><p>When I run a .bat script from my desktop, here is the command line: c:\windows\system32\cxd.exe /c ""c:\users\user\desktop\test.bat" " (the cxd is actually cmd, but I could not post that.)</p><p></p><p>The way CyberLock has always worked in this scenario (well, for at least 10 years), is that it parses the command line and "c:\users\user\desktop\test.bat" becomes the executable path, and from that path is where it determines whether it should block it or not... for example, if it has already been allowed / is whitelisted, then the file will allowed, otherwise it will be blocked. This is overly simplified explanation, but you get the point. But ultimately, instead of simply blocking globally by file type, CyberLock figures out the path of the script / file, then either blocks or allows it after it is evaluated by many different checks.</p><p></p><p>The new File Type feature works pretty much the same way, and it also made it super easy to add or remove file types / extensions from the list.</p></blockquote><p></p>
[QUOTE="danb, post: 1081941, member: 62850"] Actually, if you can parse the command line and also determine the primary parent process, there are some really cool things you can do, so that you do not have to block these file types globally, and you can allow what needs to be allowed, whether the script is in the user or system space. I can go in to further detail at some point, but here is a quick overview. When I run a .bat script from my desktop, here is the command line: c:\windows\system32\cxd.exe /c ""c:\users\user\desktop\test.bat" " (the cxd is actually cmd, but I could not post that.) The way CyberLock has always worked in this scenario (well, for at least 10 years), is that it parses the command line and "c:\users\user\desktop\test.bat" becomes the executable path, and from that path is where it determines whether it should block it or not... for example, if it has already been allowed / is whitelisted, then the file will allowed, otherwise it will be blocked. This is overly simplified explanation, but you get the point. But ultimately, instead of simply blocking globally by file type, CyberLock figures out the path of the script / file, then either blocks or allows it after it is evaluated by many different checks. The new File Type feature works pretty much the same way, and it also made it super easy to add or remove file types / extensions from the list. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
