Pumpernickel (FIDES)

I think you're asking a FileSystem level driver to do too much as far as equivalencing wild cards at the directory level then files at the multiple sub-directory level. Something like this is better handled by an intelligent UI that would create the INI that the driver would use. The FIDES developer has already mentioned that, at this time, they're not in an intelligent UI development game.

 

If this is true, how was Peter able to create an image while in shadow mode and when he exited shadow mode and rebooted the image was still there?

 

yep they are in kernal level not interested user-mode
but hope see this feature all can handle with hand

 

Because FIDES prevented SD from reverting that particular change (the created image).

 

If not already done, try to put the executables of Shadow Defender to your Whitelist, and let them access your protected partitions.

 

You can rely on FIDES for protection of these partitions, and let SD only protect your system partition.
Or protect them with SD, but not with FIDES.
In both cases you'll get "expected" results.

Select one product to protect them, or use both but only after adding additional whitelist-rules (which might be needed for SD) in FIDES.
But nevertheless they might conflict with each other.

You have already dropped malware on your system and i guess both products successfully protected your partitions, so...
The choice is yours.

 

Not to mention literally zero footprint as well. I have to admit, the recent conversation here has got me thinking about getting back into FIDES again. I've been using just Bouncer and MemProtect combination for months now. But I am starting to see the need for protecting directories and particularly, as you all point out, external backup drives and such.

 

What happens to all the installers that usually run out of "Users/<user>/AppData/local/temp"... looks like they won't be able to install anything with the above directives... and since it's all SILENT (no logging), you won't even know about it 'til the installers blow up.

I think I'm reading that INI right...

 

With the above configuration #87, all installed programs and Applications in the windows-directory have access to all data, all other programs are blocked.

Note #1:
Whitelisting of !C:\Windows\*>C:\* includes temporary files from C:\Windows\Temp\ (!)
It might be better to add C:\Windows\Temp as a priority Blacklist-rule:
[BLACKLISTMODIFY]
!$C:\Windows\Temp*>*
Now it overrules the whitelist-rule, and temporary files from this directory can't modify other data.

Note #2:
Blocks should be expected. Programs want to auto-update themselves automatically, Windows is doing its maintenance and is executing temporary files, etc.
There can also be executables in C:\ProgramData which need to be whitelisted.

Note #3:
Vulnerable applications like browsers, pdf-readers, etc. which are in C:\Program Files\ have access to all data.
It might be better to restrict at least these kind of applications from accessing other partitions or other important data.

 

peter

ok so if you have SD and FIDES on at same time and have SD set to all drives, and if you do your backup to just the c drive, does the image go away after exiting SD on reboot?

 

ok I think got it. If you have SD and FIDES on at same all drivers including C: are protected. I misunderstood. thinking your c: was not but your other two were and you had your image on one of the other drives ant not C:

Is there any advantage of using FIDES while using Voodoo and Appguard?

 

I only have on hard drive with the protection in my sig. 500 gigs is plenty since I don't save any music or videos. My images are on a 256 gig USB drive that only gets plugged in machine is turned off and then booting to Macurim from there.

 

With AppGuard you can also protect Folders (Read-Only / Deny-Access), but only for Guarded Apps.
The "File & Folder"-Protection with FIDES is very granular and is more powerful.

FIDES is not a replacement for AG or VS, but it can be seen as a good addition.
But if you don't like to edit .ini-files manually or don't like GUI-less applications it may not be a good choice, but who knows...
After you have found your ideal configuration you don't have to change anymore.

 

mood

I think I understand it only installs a driver that uses an ini file for the config. So it must install an ini file plus driver? I have not had to edit ini files since 1995.
does it come with a default ini file?

I also took a look at their site and see they have either a demo or a paid version. and doesn't seem to explain a lot.

 

Download the executable from their website, doubleclick it and the content is extracted (it's a SFX Rar Archive). Then you can see a readme.txt with some more information.

The driver has to be installed from the user, there is no installer which is doing all required steps. The user must rightclick on the .inf-file + "install".
Additionally the "default" .ini-file has to be copied to the WIndows-directory.