Pumpernickel (FIDES)

If there ever is a turn of events it would be a decent one certainly.

So much for empty babble over expectations of it from me, but do you still use FIDES and which combo, (MemProtect I use) is an ideal addition to round out granular security control from your standpoint.

Really doesn't impact system energy any longer going back to the Layered Approach given much better suited coding and hardware these days.

 

Because the current version is expired, the developer uploaded a new version today.
("Demo driver will stop working in 2019. A follow up demo version will be available then which will work for another year.")
Website
pumpernickel_demo.exe (Digital signature of the driver: April 2, 2018)

 

Paid users are unaffected?

 

Only users of the demo version. It has several "limitations" and this is one of them.

 

Did refresh FIDES files. I'm back in the game again.

 

How do you enable balloons?
Or is this only for the beta version?
I am currently using FIDES stable demo.

 

A beta-version is not needed. Launch Tray.exe with the additional parameter -showballoon ("Tray.exe -showballoon") and a balloon/notification will appear on the desktop (and it will be mentioned in the Notification Center)

 

Got it. I made a bat file so it can run that way at startup.

 

@shmu26 For reference, if there is ever a time when you want to silence any alerts (no balloons or toasts), there is also a parameter "nopopups" which alternatively you would place where "showballoon" was placed.

 

If an item is under [BLACKLISTREAD] does that automatically stop it from modifying, or does it also need to be put under [BLACKLISTMODIFY] ?

 

It depends on the rule.

Code:

[BLACKLISTREAD]
*>C:\Protected\*

= Applications can't read files in this directory, but they are able to "see" them and are even able to delete them.
If you have such rules they should be put in both categories [BLACKLISTREAD] + [BLACKLISTMODIFY]

Code:

[BLACKLISTREAD]
*>C:\Protected*

= If it is written like this, files (and the directory) are now protected and placing the rule in [BLACKLISTREAD] should be enough. But it shouldn't harm to place it in both

 

Thanks, @mood. That's an interesting difference between rules.

 

Can you make a block rule for recycle bin with the path
?:\$Recycle.Bin\*
And is this useful, or are processes blocked by default from reading recycle bin data?

 

Or maybe FIDES does not support the character $ since it has a different meaning in Excubits?

 

use this in black list
!C:\Windows\explorer.exe>C:\$Recycle.Bin*

 

That was a good idea. I tried your rule, and when I access recycle bin by explorer, I get Windows error messages, and FIDES shows in the log:

R: C:\Windows\explorer.exe > C:\$Recycle.Bin

But the strange thing is that despite all this, Recycle bin opens anyways, and I can see files and restore them.

 

put rule in [BLACKLISTMODIFY]
i think then you unable empty it

post edited

 

It seems to me that processes cannot read the content of files in recycle bin. They can only get basic info about the file, such as name and size. Correct? If this is so, the security risk is much smaller.

 

with below rule just explorer can not delete move rename file other exe can
but explorer.exe can read it if no block in block read section like na me size location
[BLACKLISTMODIFY]
!C:\Windows\explorer.exe>C:\$Recycle.Bin*

 

Here's my config for caging chrome, been running this for 3-4 days now and no popups, .ini size is exactly the maximum for the demo version: 3070 bytes (won't work with longer username, one can always rename)

Spoiler

I've added C:\Windows\System32\CatRoot*\* and C:\Program Files (x86)\Google\Chrome Beta\Application\Dictionaries\* to Bouncer's blacklist, since they're writable by chrome

[LETHAL]
[LOGGING]
[#INSTALLMODE]
[WHITELISTMODIFY]
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Temp\*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Microsoft*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Packages\chrome.sandbox.gpu*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Google\Chrome Beta\User Data\*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\LocalLow\Microsoft\CryptnetUrlCache\*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\Appdata\Roaming\Microsoft\Windows\Recent\*Destinations*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\Dictionaries
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\ProgramData\NVIDIA Corporation\Drs\*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\catroot*
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Downloads*
[BLACKLISTMODIFY]
*chrome.exe>*
[WHITELISTREAD]
!C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:*
[BLACKLISTREAD]
*chrome.exe>*
[EOF]

Chrome is the only software on my PC that I deem worthy of protecting with pumpernickel. I don't use photo editing software other than Paint, I don't use video/audio players, I don't use office or anything like that, I don't use anything adobe or java related etc. 7zip and skype are the only software I use which would be popular enough, but then if you check cvedetails.com, you'll see that these programs have barely any vulnerabilities if at all, and they're usually patched ASAP (fun fact, compare intel and amd vulnerabilities) Now if I know the NSA or russian hackers are determined to hack me, I'd define very strict rules for every program, on the edge of crippling them, but for general use I think only chrome is enough, on my system anyway

One can also go here https://www.cvedetails.com/top-50-products.php and check every year starting from like 2010 onward if he has any of those targeted software installed on their pc, in my case the only software there asides from chrome is Edge which is completely removed from the system and IE which is completely blocked from running

I store my backups on a partition which is constantly being shadowed by Shadow Defender, and only unshadowed when macrium writes to it, so no need to protect it with pumpernickel (it's also better this way anyway, raw access is powerless, in case something gets exploited to run as admin for example)

 

Everyone has their own uses

It's a flexible software (not so much with 3KB), it can be used for many purposes

What's your config pete? What do you use pumpernickel for?