Pumpernickel (FIDES)

it is just a demo. and does not explain what that means.

 

Pete, are you protecting the LOG or is it open?

 

• The trial version can be tested for private non-commercial use without any limitation.
• In the logfile you'll see before each line: *** excubits.com beta ***
• After 1 year you have to download a new version from the website.
• The size of the .ini-file is limited to 3KB.

 

Is [INSTALLMODE] enabled? That would show a yellow-ish icon.

 

@Peter2150 Glad to see that you've troubleshooted and resolved the issue.
AppGuard and FIDES should play nicely together now.

EDIT: This makes sense to me now as well, since the protection of the driver itself was working and protecting your drives, yet the tray icon was not reflecting the correct status since it was being blocked from retrieving status. I should have realized that sooner as well, but very glad it is resolved either way.

 

You're welcome, my pleasure. Shooting ourselves in the foot is often one of the ways in which we learn and I've certainly done so many times over the years.

I'm glad to see that you've embraced some non-GUI security protection with open arms and seems that you are fully able to realize the strength of these kernel-mode drivers (when implemented correctly with less attack surface, etc.). Often times in this day and age, users seem to need visual representation of security via a fancy UI to ensure that they "feel" protected, but as we have seen over the years some security companies can rely too heavily on these fancy and new UI changes year after to year to give the impression of security. When really what is most important is under-the-hood, so to speak.

Is MemProtect the one which specifically did not work well with your system? If I remember correctly. That would be unfortunate because it compliments FIDES so well. Particularly in this modern age of security where attackers are utilizing built-in digitally signed Windows binaries to bypass many security mitigations. Although as I understand it, you do use AppGuard so there would be no need for using both AppGuard and MemProtect since there are many similarities there.

 

WEll I was going to try this out today. first thing cylance quarantined tray.exe and admin tool.exe. I waved those two. then I was reading the readme file and it shows this.
"The driver is for demo and educational and test purposes only. Use at your own risk. Demo version's .ini file is limited to 3KB. Demo driver will stop working on system time's year value > 2016."

 

Ah ok, I only have one drive so most likely don't need it.

 

I think all we need just a rule editor to make making rules easier. Missing Malware Defender's UI @ https://www.wilderssecurity.com/threads/malware-defender-setup-tips.226940/

 

I'm using FIDES to lock down my external backup drive. This works fine, but now whenever I reboot, I get a message that the recycle bin on drive E: is corrupt. I've tried giving read/write access to $Recycle.Bin, but still get the message. Does anyone know what else needs to be allowed to make the recycle bin function properly?
Here's my config file if needed:

Spoiler: FIDES Config

[#INSTALLMODE]
[LETHAL]
[LOGGING]
[WHITELISTMODIFY]
!C:\Program Files\Macrium\Reflect\reflectbin.exe>E:*
!*$Recycle.Bin
[BLACKLISTMODIFY]
$!*explorer.exe>E:*
$!*SearchIndexer.exe>E:*
$!*svchost.exe>E:*
$!*dllhost.exe>E:*
$!*WmiPrvSE.exe>E:*
$!*chrome.exe>E:*
*>E:*
[WHITELISTREAD]
!C:\Program Files\Macrium\Reflect\reflectbin.exe>E:*
!C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe>E:*
!C:\Program Files (x86)\Blue Ridge Networks\AppGuard\*>E:*
!C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe>E:*
!*$Recycle.Bin
[BLACKLISTREAD]
$!*explorer.exe>E:*
$!*SearchIndexer.exe>E:*
$!*svchost.exe>E:*
$!*smss.exe>E:*
$!*WmiPrvSE.exe>E:*
$!*sdiagnhost.exe>E:*
$!*id_service.exe>E:*
$!*dllhost.exe>E:*
$!*chrome.exe>E:*
*>E:*
[EOF]

 

I can see:
!*$Recycle.Bin
But > is missing.

You can try this:
!*>E:\$Recycle.Bin*

 

@Kid Shamrock As mood pointed out, ensure that you add !*>E:\$Recycle.Bin* to both your [WHITELISTMODIFY] and [WHITELISTREAD] sections. Also, I don't think that the priority ! rules are necessary within your silenced [BLACKLISTMODIFY] and [BLACKLISTREAD] rules. Although if I am wrong on that, someone correct me please. You could always trial certain scenarios in non-lethal [#LETHAL] and see if anything shows up in the logs.

So I would try something like the following:

Spoiler: pumpernickel.ini

Code:

[#INSTALLMODE]
[LETHAL]
[LOGGING]
[WHITELISTMODIFY]
!C:\Program Files\Macrium\Reflect\reflectbin.exe>E:*
!*>E:\$Recycle.Bin*
[BLACKLISTMODIFY]
$*explorer.exe>E:*
$*SearchIndexer.exe>E:*
$*svchost.exe>E:*
$*dllhost.exe>E:*
$*WmiPrvSE.exe>E:*
$*chrome.exe>E:*
*>E:*
[WHITELISTREAD]
!C:\Program Files\Macrium\Reflect\reflectbin.exe>E:*
!C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe>E:*
!C:\Program Files (x86)\Blue Ridge Networks\AppGuard\*>E:*
!C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe>E:*
!*>E:\$Recycle.Bin*
[BLACKLISTREAD]
$*explorer.exe>E:*
$*SearchIndexer.exe>E:*
$*svchost.exe>E:*
$*smss.exe>E:*
$*WmiPrvSE.exe>E:*
$*sdiagnhost.exe>E:*
$*id_service.exe>E:*
$*dllhost.exe>E:*
$*chrome.exe>E:*
*>E:*
[EOF]

 

I am

 

Could be possible. Someone will write a GUI FrontEnd for editing rules, not necessarily by Pumpernickel's author.

New ERP is going to have a rule editor.

 

I finally got it working. I had to specifically allow explorer.exe access to the recycle bin since it is also on the blacklist. Following line did the trick: !*explorer.exe>E:\$Recycle.Bin*

Thanks @mood and @WildByDesign for pointing me in the right direction.

 

I see there is new demo version on the website dated 1st April.

But I have the paid version, and my original order email reply has a link for downloading 'further versions and updates'.

Is the full (paid) version also updated?

 

Yes, use the link and password from your email. You'll get the update, it worked for me anyway...