New Update WDAC Lockdown

[danb]

For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.

 

[Bot]

Thanks for sharing this! It's indeed a great tool for those who don't use Microsoft Defender as their primary AV. Please remember not to run CyberLock, DefenderUI Pro, or WDAC Lockdown simultaneously due to the same kernel mode driver. Always verify the SHA-256 checksum for safety.

 

[n8chavez]

BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

Can I run Cyberlock with DefunderUI, non Pro version?

 

[Duotone]

For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.

Looks great, want to try this but already have Cyberlock..

 

[ForgottenSeer 94738]

Can I run Cyberlock with DefunderUI, non Pro version?

Yes, CyberLock can be combined with DefenderUI. Only a combination with DefenderUI Pro is not possible because DefenderUI Pro contains a limited version of CyberLock.

 

[NormanF]

Before, you ran the risk of bricking your PC with incorrect configuration of Microsoft WDAC policies.

The defaults here are perfectly safe.

 

[danb]

Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22

https://defenderui.com/Download/InstallDefenderUIPro.exe

SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan

 

[NormanF]

Hey Guys,

We are getting super close to being pretty much bug free in DefenderUI Pro and WDAC Lockdown. There was a bug in both products when they updated themselves, but it is fixed now.

Just to be sure, please manually download the following versions and make sure WDAC is not in Enforced / On mode, then manually upgrade to 1.22, you can install over the top.

After this version, everything should be handled automatically with the automatic update, even if you are in Enforced Mode.

DefenderUIPro 1.22

https://defenderui.com/Download/InstallDefenderUIPro.exe

SHA-256: 4606f658f3e40dd19bd834359ef6bdedc5e861302f8c19ef75bcf45d88031af9

WDAC Lockdown 1.22

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 9960333b3e4fa657e7abbd02fcf56646576cc2221abf1fe40e31f615de425137

Thank you guys!


Dan

I think the ON level should be removed if it hasn't already been modified because the problem with it is its almost too good! The kernel driver should ALWAYS be whitelisted and allowed to run because if EVERYTHING is blocked by default, you will find you can't boot into Windows. A known issue with SAC turned on. Microsoft should exclude it along with critical OS files needed to run Windows. A blocklist can't be 100% secure for obvious reasons! Just wanted to bring that to everyone's attention.

 

[pxxb1]

For people who do not utilize Microsoft Defender as their main AV, but want an easy way to configure WDAC, you might want to try WDAC Lockdown. BTW, you can only run either CyberLock OR DefenderUI Pro OR WDAC Lockdown at a time since they all have the same kernel mode driver.

WDAC Lockdown 1.20

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 1b5d119f6becf828ea095365a76371fe7801ad4cda1cade53f7e8841645e0479

WDAC Lockdown

wdaclockdown.com

Overall WDAC Lockdown is in great shape, but I am sure we will need to tweak a couple of things, so if you guys find anything please let me know.

Is the ability to scan in Windows sandbox a right click alternative in the context meny?
I installed it on a Home version, is that why i could not see anything about this sandbox scanning at all in WDAC-L.

 

[NormanF]

Your site was registered in the past 30 days so its blocked in Microsoft Defender for Business as a parked as or newly registered domain.

Removed the policy but the effect will take some time to populate Windows.

 

[Mops21]

Hi all

WDAC Lockdown 1.27

https://wdaclockdown.com/Download/InstallWDACLockdown127.exe

SHA-256: 7cd7b5cba6672d16b7c338592bfff493aede7597b30f43616a4734be4a502473

Mops21

 

[ForgottenSeer 94738]

I have a question about WDAC Lockdown. What does the setting: WDAC Lockdown (Audit) do?

 

[Gandalf_The_Grey]

WDAC Lockdown 1.32

https://wdaclockdown.com/Download/InstallWDACLockdown132.exe

SHA-256: d7cd9bf22ab6f513bb97088152577cba1fa20924b42eab62ed1f562825e07d8d

New Update - VoodooShield CyberLock 7.0

This would be a great addition if @danb could swing it. I can't quite make out the technical details of what's possible for free vs. premium. There is a piracy software that is clean but because of its behavior is detected by almost every av on virus total yet Kaspersky correctly catagorized it...

malwaretips.com

 

[Victor M]

Can WDAC Lockdown iterate thru Program Files and x86 to create Hashes? I consider that as whitelisting. I currently do it thru WDAC Wizard and it takes a long time. Would be great if your tool can automate that task. I prefer not to use certs because I don't know the legal name of the software suppliers and attackers can hide. Damned this way or the other way, but I think certs are preferred by attackers.

 

[BulletKnowledge]

It's only for me that WDAC Lockdown 1.32 link return an error 404?
I wanted to try it on my "Windows built-in security only" computer but can't because of the error

 

[Mops21]

Hi all

Hey Guys!

Merry Christmas and Happy New Year everyone!

Here are the latest, they should be ready for public release, but if you find anything please let me know.

WDAC Lockdown 1.33

https://wdaclockdown.com/Download/InstallWDACLockdown133.exe

SHA-256: e16f49a0a9a6454c31631a30843e9ab01eee4264aceb17ab1c68fd4aafe496be

Thank you,

Dan

Mops21

 

[Victor M]

@danb , Your WDAC LockDown password feature is NOT Working !! Any user can Disable the policy AT WILL.

 

[danb]

Thank you for reporting these bugs. The bug that you mentioned in the PM where WDAC Lockdown does not go into Enforced Mode immediately after the initial training is fixed, and it is fixed for DefenderUI Pro as well for the next release. As I was saying, Enforced works after the first attempt, but this needed to be fixed either way.

But I am not able to reproduce the password bug, it seems to be working for me. Can you please post the steps to reproduce the password bug?

Here is a version with the first bug fixed, thank you!

WDAC Lockdown 1.33 Test

https://wdaclockdown.com/Download/InstallWDACLockdownTest.exe

SHA-256: 21bfe251523eab814d8e3d09365c2e48413cb1536e6b266fcefd060b0755af06

Edit: BTW, I noticed a couple of other recent bugs, one is with training mode and one is with the WLC and VoodooAi results. I will fix those over the next few days, so if you can let me know about the password bug, I will include that fix as well and we will be good to go, thank you!

 

[danb]

Hey guys, here is the latest version of WDAC Lockdown. The training mode and file insight bugs are fixed and it seems to be running super smooth. I am still not able to reproduce the password bug... he must have been talking about the WDAC User Prompt. It does not require a password simply because then the standard user would have to know the password in order to allow a new item, since there is not a web management console.

WDAC Lockdown 1.34

https://wdaclockdown.com/Download/InstallWDACLockdown.exe

SHA-256: 25150f45e83a778318f83a0bd24820f0bc8d606cea628e509b5704c3f64ec0bd

 

[Victor M]

@danb

Cannot uninstall 1.33
Updated to version 1.34

Here are the steps I took:

Kernel LockDown enable
Anti-Malware and Anti-Exploit ... Enable
WDAC lockdown ON Enforced -- doesnt work
AutoBuild C Drive
Close the App
Open the app, put into Enforce mode - fail
Close the App
Open the app, put into Enforce mode - fail
Close the App
Open the App, use WDAC Wizard, edit Audit policy, turn off Audit, Then the app changes to Enforced
Set Password
Close the app
Open the app - does not ask for password
Change policy to Lockdown disabled - does not ask for password
Close the app
Log out admin account
Log in standard account
Start WDAC lockdown - does not ask for password
Set lockdown to Enforced - does not ask for password
Therefore Pasword is not working

What Windows Service does your app rely on. I disabled some on my machine.