BlackFog Privacy

Discussion in 'other anti-malware software' started by liba, Feb 2, 2018.

  1. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    Note we have now updated Android to 3.1 which includes an auto update feature and some other minor changes. You can download the update and upgrade your existing version directly from the BlackFog Privacy Download page.
     
  2. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I guess that means we can update over the top and don't need to uninstall first.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I did over install without uninstalling. Just had to start BF after install.
     
  4. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
  5. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    When i go to click on pay nothing happens for the android 1 year license. I had to login on the phone and pay for the pin code.
     
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    Could you whitelist China, Ireland from Qihoo 360 Total Security AV it marks as suspicious the following addresses:

    180.163.222.138 qhactivedefence.exe (especially this one)
    54.76.29.49 qhsafetray
    36.99.30.90 qhactivedefence.exe
    3.124.58.30

    and so on on port 80
     
    Last edited: Nov 18, 2019
  7. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    Yes you can add these to the whitelist section of the app and it will allow them to go through.
     
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I will , but please whitelist known AV vendors by default if possible,
    best
     
  9. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    I'll send it over to the team to review if its possible. The problem I can see immediately is they vary by country and can also be dynamic.
     
  10. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    probably because sending encrypted traffic on port 80 that is not usually encrypted, that'd be suspicious
     
  11. guest

    guest Guest

    BlackFog Privacy v4.1.1 Released (November 21, 2019)
    Website
    Download
    Changelog
     
  12. acid king

    acid king Registered Member

    Joined:
    Jan 19, 2019
    Posts:
    101
    Location:
    europe
    New RIPlace bypass BlackFog for info :doubt:
    https://www.nyotron.com/collateral/RIPlace.rar
     
    Last edited by a moderator: Nov 24, 2019
  13. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Found these unidentified icons in the events tab last night just after midnight. Went to the Hosts and Processes tabs for a clue but they were cleared at 00:00 hours so nothing there. As these icons are not in the Settings / blocking lists I am curious what they represent. And if anyone is interested I would have been on the Racing Post.com site at the time. Capture.JPG
     
  14. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    They represent suspicious addresses, or direct IP accesses to port 80 in this case.
     
  15. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @acidking thanks for the info. I will send it to the team to review.
     
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    hi could you withelist ESET,
    its pretty bad eset addresses are tagged as suspicious (AV product doesn't get updates)
    here is the list see attachments (download updates.txt), the same is in spoiler if u don't want to download stuff
    all 38.90.226. variants are blocked as "suspiciuos"
    alternatively you can add an option to event (to whitelist with a button) as going to whitelist is tedious, or else some option for ask/deny suspicious connection (maybe in form of a pop-up?)
    and for the love of GOD please let the whitelist accept a list of connections, right now you have to enter one by one domain names/ip addresses.

    best

    # Domain Names
    um01.eset.com
    um02.eset.com
    um03.eset.com
    um04.eset.com
    um05.eset.com
    um06.eset.com
    um07.eset.com
    um08.eset.com
    um09.eset.com
    um10.eset.com
    um11.eset.com
    um12.eset.com
    um13.eset.com
    um21.eset.com
    um23.eset.com
    um01.ru.eset.com
    um01.cn.eset.com

    # IP Addresses
    91.228.166.13
    91.228.166.14
    91.228.166.15
    91.228.166.16
    91.228.167.132
    91.228.167.133
    38.90.226.36
    38.90.226.37
    38.90.226.38
    38.90.226.39
    91.228.166.88
    91.228.167.170
    38.90.226.40
    91.228.167.26
    91.228.167.21
    188.225.81.21
    119.29.72.159
     

    Attached Files:

    Last edited: Dec 5, 2019
  17. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @lucd we will shortly allow ip masks in the whitelisting to save you a lot of work.

    The domain names from ESET will be fine, it's the direct IP's they are using that are the problem, as this is against best practices. There is no good reason to use a direct IP inside your application it should be resolving through DNS. Naturally you can whitelist them yourself, and as mentioned above we will make this easier to do very soon.
     
  18. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    Today BlackFog just released BlackFog Privacy 4.2. This is a small increment, but should prove to be a major feature for most people as we have now eliminated the draconian whitelisting. We now employ process monitoring instead which is much more flexible, faster and generate a lot less false positives, if any at all. This will make BlackFog play much nicer with normal applications too and hopefully become a lot more seamless for users. Note we have not added the ip subnet whitelisting yet, but this was the first stage and we wanted to get this out to users before Christmas.

    4.2.0 – Dec 11, 2019

    • Applications now monitored dynamically, no whitelisting required
    • Removed application whitelisting buttons
    • Install mode disables all exfiltration for designated periods
    • Added Execution option to settings to selectively disable execution monitoring
    • Ensure all icons are visible on settings by default
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Um, not sure what's going on but after installing 4.2, then restarting my machine, after I enter my login password I get presented with a backlit but black screen. The only thing I can see is the pointer.
     
    Last edited: Dec 11, 2019
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I've finally managed to boot into Windows but my Task Bar is almost completely blank and most of my programs haven't started.

    Edit: And BF cannot be uninstalled in Safe Mode.
     
    Last edited: Dec 11, 2019
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I eventually managed to uninstall BF and after another system restart my machine seems to be back to normal.
     
  22. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    What OS are you running?
     
  23. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    We pulled the release until someone investigates it further just in case.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Darren,

    Win10 x64 1909 Home Premium.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Windows Live Mail isn't opening on my other machine. Haven't tried restarting it yet.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.