New Update WDAC Lockdown

danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,826
For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20
SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.
 
  • Like
  • +Reputation
  • Applause
Reactions: Sunshine-boy, silversurfer, Gandalf_The_Grey and 5 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,915
Thanks for sharing this! It's indeed a great tool for those who don't use Microsoft Defender as their primary AV. Please remember not to run CyberLock, DefenderUI Pro, or WDAC Lockdown simultaneously due to the same kernel mode driver. Always verify the SHA-256 checksum for safety.
 
Duotone

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
474
danb said:
For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20
SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.
Click to expand...
Looks great, want to try this but already have Cyberlock..
 
  • Like
Reactions: danb and simmerskool
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,826
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan
 
  • Like
  • +Reputation
Reactions: simmerskool, Gandalf_The_Grey, silversurfer and 1 other person
N

NormanF

Level 9
Verified
Jan 11, 2018
404
danb said:
Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22
SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22
SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan
Click to expand...

I think the ON level should be removed if it hasn't already been modified because the problem with it is its almost too good! The kernel driver should ALWAYS be whitelisted and allowed to run because if EVERYTHING is blocked by default, you will find you can't boot into Windows. A known issue with SAC turned on. Microsoft should exclude it along with critical OS files needed to run Windows. A blocklist can't be 100% secure for obvious reasons! Just wanted to bring that to everyone's attention.
 
Last edited:
P

pxxb1

Level 11
Verified
Well-known
Jan 17, 2018
514
danb said:
For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20
SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.
Click to expand...

Is the ability to scan in Windows sandbox a right click alternative in the context meny?
I installed it on a Home version, is that why i could not see anything about this sandbox scanning at all in WDAC-L.
 
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,844
WDAC Lockdown 1.32
https://wdaclockdown.com/Download/InstallWDACLockdown132.exe

SHA-256: d7cd9bf22ab6f513bb97088152577cba1fa20924b42eab62ed1f562825e07d8d
Click to expand...
malwaretips.com

New Update - VoodooShield CyberLock 7.0

This would be a great addition if @danb could swing it. I can't quite make out the technical details of what's possible for free vs. premium. There is a piracy software that is clean but because of its behavior is detected by almost every av on virus total yet Kaspersky correctly catagorized it...
malwaretips.com malwaretips.com
 
  • Like
Reactions: simmerskool, Back3 and harlan4096
Victor M

Victor M

Level 17
Verified
Top Poster
Well-known
Oct 3, 2022
836
Can WDAC Lockdown iterate thru Program Files and x86 to create Hashes? I consider that as whitelisting. I currently do it thru WDAC Wizard and it takes a long time. Would be great if your tool can automate that task. I prefer not to use certs because I don't know the legal name of the software suppliers and attackers can hide. Damned this way or the other way, but I think certs are preferred by attackers.
 
Last edited:
  • Like
Reactions: simmerskool and Gandalf_The_Grey
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,826
Thank you for reporting these bugs. The bug that you mentioned in the PM where WDAC Lockdown does not go into Enforced Mode immediately after the initial training is fixed, and it is fixed for DefenderUI Pro as well for the next release. As I was saying, Enforced works after the first attempt, but this needed to be fixed either way.

But I am not able to reproduce the password bug, it seems to be working for me. Can you please post the steps to reproduce the password bug?

Here is a version with the first bug fixed, thank you!

WDAC Lockdown 1.33 Test
SHA-256: 21bfe251523eab814d8e3d09365c2e48413cb1536e6b266fcefd060b0755af06

Edit: BTW, I noticed a couple of other recent bugs, one is with training mode and one is with the WLC and VoodooAi results. I will fix those over the next few days, so if you can let me know about the password bug, I will include that fix as well and we will be good to go, thank you!
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool, harlan4096, ErzCrz and 1 other person
danb

danb

From VoodooShield
Thread author
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,826
Hey guys, here is the latest version of WDAC Lockdown. The training mode and file insight bugs are fixed and it seems to be running super smooth. I am still not able to reproduce the password bug... he must have been talking about the WDAC User Prompt. It does not require a password simply because then the standard user would have to know the password in order to allow a new item, since there is not a web management console.

WDAC Lockdown 1.34
SHA-256: 25150f45e83a778318f83a0bd24820f0bc8d606cea628e509b5704c3f64ec0bd
 
  • Like
  • +Reputation
Reactions: silversurfer, simmerskool and Gandalf_The_Grey
Victor M

Victor M

Level 17
Verified
Top Poster
Well-known
Oct 3, 2022
836
@danb

Cannot uninstall 1.33
Updated to version 1.34

Here are the steps I took:

Kernel LockDown enable
Anti-Malware and Anti-Exploit ... Enable
WDAC lockdown ON Enforced -- doesnt work
AutoBuild C Drive
Close the App
Open the app, put into Enforce mode - fail
Close the App
Open the app, put into Enforce mode - fail
Close the App
Open the App, use WDAC Wizard, edit Audit policy, turn off Audit, Then the app changes to Enforced
Set Password
Close the app
Open the app - does not ask for password
Change policy to Lockdown disabled - does not ask for password
Close the app
Log out admin account
Log in standard account
Start WDAC lockdown - does not ask for password
Set lockdown to Enforced - does not ask for password
Therefore Pasword is not working

What Windows Service does your app rely on. I disabled some on my machine.
 
Last edited:
  • Like
Reactions: simmerskool and danb

Similar threads

danb
    • Like
    • +Reputation
    • Applause
  • Sticky
New Update CyberLock 8.0
Replies
82
Views
4,357
VoodooShield
danb
danb
oldschool
    • Like
    • +Reputation
    • Thanks
New Update Enhanced Phishing Protection in Microsoft Defender SmartScreen
Replies
11
Views
1,589
Windows 11
simmerskool
simmerskool
danb
    • Like
    • Thanks
  • Sticky
New Update VoodooShield CyberLock 7.0
Replies
1,418
Views
213,540
VoodooShield
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top