@paulderdash Some application is leveraging msedge to tunnel to that IP address directly and not advertise where its going. Apps are not suppose to use direct ip's inside there apps either. But this message tells me they are using a Dark Web / TOR node.
Mysterious, hope I can get to the bottom of it. Glasswire doesn't show any outbound connection at that time.
dunno about China blocking as most of softwares come from China, I don't like the fact that you cannot add an ip to allowed if it comes from geofenced country , I want to block Cina but allow qihoo360 to connect to China for updates. I have several russian softwares that I need as well. unknown applications connecting and no name PID connecting is not fixed and I don't understand what is going on. If I check ip its the same app ip that was recognized previously, eg wisevector.exe and unknown exe with same ip. In the worst case some process is injecting into the legitimate app (but why if its using same legitimate ip, these ips from unknown are not malicious), best case scenario blackfog is unable to recognize some apps/PID behavior or it relies on some windows internals that I disabled Do blackfog interfere with gaming platforms and games? eg lag spikes and punkbuster blocking, it should be made compatible, from user side its complicated to make it work. It blocks alot from origin for instance, please check some common games, especially multiplayer
blackfog on android seams not to work at all, cant geofence anything (eg russia is blocked but I can visit government.ru) and zero stats on all blocked items lists (seams like foverever, I remember the first iteraction kinda worked), I am about to revoke licences from android to put it on stationary pc seats (possible?), at least on stationary it does something. EDIT: on Android you need to turn off private DNS
Can you at least give us a hint what new features and when it will be released for android? Sorry, but its so hard to wait for version 5. Thanks!
To be able to play videos at https://www.sbs.com.au/ondemand/ I need to disable Web Advertising, but once the video starts I can re-enable Web Advertising and watch the video. Is there any other workarounds? I have tried adding www.sbs.com.au as a trusted domain but that didn't work. The funny thing is in Firefox 93 I can have uBlock Origin (with all filters enabled except regional filters) and the videos will play without issue. Thanks.
I am testing the trial version, is there a way to clear the host list so see exactly what is being connected to on specific sites when they are opened? Like clear the list, open the site wait for a bit then check the host list to just what connections that particular site is making.
Another question; under hosts I am seeing a lot of unidentified IP connections when I try to look them up via the software or do a whois IP lookup to see who they are most are cloud fare addresses with no information or owner other than than cloud fare address, this does not seem normal? I have been adding the to the deny list to see what happens,
@JOHNoff We are still working on our final feature set as it depends if we can get some new projects working well. @Krusty Each site is a little different but we will look at what that site is up to more recently and tweak it a little. @X9X No monthly option on desktops yet. For the size of the transaction it becomes a bit of a problem internally which we need to solve. @lucd Yes you need to turn Off Private DNS for this to work. Android is continually trying to stop third parties from blocking their Ads, so its a game of cat and mouse here. We have better techniques coming, but for now this is the best way. Also re the post before you can block a country and then whitelist a domain as well as there is an order of precedent here. @Socio There is a hidden feature (which we use ourselves) CTRL + R (make sure the window is active first) and this will clear all the counters and domains for exactly this purpose. It's actually quite fun to see the difference. Re your last post, we haven't run into that before, so thats sounds rather unusual. Be interesting to know more about this and investigate it further. Apologize for the delay, we have a lot of releases going on right now, so bare with us as we get them out the door. You may have seen the ARM edition released recently. We have other platforms underway as well.
Thanks for the tip about clearing the counters, and the IPs are odd, when I checked the latitude and longitude of the IP locations from the software look up feature on a few, one is the middle of a bayou in Houston, one in a parking lot behind a candy store in Manhattan and one in the middle of the Cheney Reservoir outside Wichita. Not sure what to make of it but the deny list is getting a workout.
Hi Darren, I don't know if there's anything that can be done on this site: https://10play.com.au/ I need to disable Web Advertising in BF as well as below. They require me to disable all ad blocker extensions, including uBO, ClearURLs and depending on which I'm using in Firefox at the time, ad blocking in either MalwareBytes Browser Guard or Kaspersky Protection. Setting Firefox's Enhanced Tracking Protection to Standard is also required. Thanks, Dave Edit: As I also am required to disable my VPN, even when using Aussie servers, I suspect it would be hard to troubleshoot from the US.
I don't have "Fake News" check marked in settings but Black Fog is blocking a lot of news sites so far 100% of the ones I found being blocked are Right leaning sites, that is bordering on partisan censorship you might want to reevaluate your block lists.
@Darren Williams I supect that unknown connections happen when your AV is not registered in security centre, and there is nothing registered in security centre downloaded Kaspersky, it registered in security centre and no more unknown connections. I still think this scenario should be investigated I my humble opinion BF is terrible at stopping ads, maybe it is better for malware ads type? that module could use a lifting, but there are so many ad blockers that I don't care potentially it is a problem on android but you can use Brave and have no ads as well
this is a silent way of disabling BF without the user noticing it, there is one command in Windows too to do the same, the user can't notice BF is off, BF appears to work but there are no new stats it can be considered as a way of getting foothold without taskilling BF that's why a simple auto-diagnostic and the icon turning red would do fine
Email from BlackFog: "Mandatory MFA (Multi Factor Authorization) Notification At BlackFog we take pride in providing data protection and security for your organization and are constantly improving our service. To this end we are notifying all customers that effective Feb 1, 2022 all customers will be required to use MFA (Multi Factor Authorization) when accessing the Enterprise Console. Anyone who has access to this console will be forced to use MFA going forward. How to Prepare To avoid disruptions at the time of enforcement, Enterprise customers should perform the following actions in advance of this schedule: 1. Make sure the user has downloaded Google Authenticator to their mobile device. For iOS you can download it here For Android you can download it here 2. Login to the Enterprise console and navigate to Users. You will see an Auth column next to each user. Those with PW in that column will need to be upgraded. 3. You can click the edit ellipse to open the editor and check “Two Factor” to allow them to initiate the update themselves. 4. Upgraded users will first use their password and will then be presented with a “Setup Authenticator” button which will display a QRCode to scan into Google authenticator. Subsequent logins will not display the setup button. 5. Once this has been scanned you will use this app for future logins in combination with your password. We highly encourage every organization to migrate users in advance of this date to minimize any impact this might have on users. We appreciate your business and look forward to servicing your security needs in the future. Sincerely, BlackFog"
@Darren Williams small advertising campaign carried out on several Discord servers for your information.. Best regards.
Hi, i have RATtrap firewall set in extreme protection mode and it shows in the logs the outgoing attempts to this ip addresses --> 13.107.21.200, 35.186.224.25. The firewall shows red light indicating that something was blocked after i connect to wifi or with the ethernet. I put those two ip addresses into deny list of Blackfog and restarted the laptop. Then connect again and it was nothing logged in Blackfog events but RATtrap firewall still showing red lights that attempt happened. Why is this happening and who is behind those ip addresses? Thanks for any advice!
Hi, BF finally picked up this ip address (35.186.224.25) after several days being in deny list. Copied from event log --> Unsafe connection to 35.186.224.25 (35.186.224.25). Blocking. Process -> svchost.exe Port -> 443 PID -> 4248. Any hint? Thanks
35.186.224.25 is Google Cloud (GOOGLE - Kansas City, Missouri United States) any exogenous app or system app can use svchost, for instance to send logs, and svchost is required for automatic updates you can set a requirement so all binaries are loaded in these svchost processes and be signed by microsoft, as well as a policy disallowing dynamically-generated code. Check if HKEY_LOCAL_MACHINE\CurrentControlSet\Control\SCMConfigEnableSvchostMitigationPolicy is set to 1 svchost can be spawned with several flags, these flags mean something in the BF logs I can read they added some failsafe, a security measure for svchost, but dunno of what nature
We will be releasing a small update later this week with some minor tweaks before the New Year. Then v5 will be protecting from being disabled by users in future. Remember also that ultimately if you give users admin access they technically should have enough authority to do what they want, so its a bit of a slippery slope. Earlier editions were able to prevent this, but we were told by MS that this is against guidelines. Happy holidays to everyone and here is our Christmas video REvil the Reindeer. https://vimeo.com/656237095
