Looks like on Windows 10 we startup so early that we are able to detect changes in the processes before they have settled down. So we are going to dial that back a little in this next build. We are trying to detect latent code injectors. We will just delay it slightly.
We also have a toggle called "Execution" under settings which will allow you to bypass any possible execution blocks.
v4.2 b410 got a threat detection opening Explorer! After putting it install mode, it opened - but doesn't look good. BFP may have to come off.
If you update Paul you will find that this should not happen again. You can also turn off Execution option as well. But I would update to 4.2.1 to remove that warning.
Upgraded manually this morning to 4.2.1 build 425, but same still happens (see last two entries attached). Don't see 'Execution' toggle in client, I have Enterprise. 1. Will first try reboot, alternatively 2. Look for that option on the Console. Edit: 1. No difference. 2. See that toggle under Console>Preferences>Notifications, but makes no difference either. Only way I can get Explorer to open, is to put BFP in Install mode! So ... maybe this change should have been publicly beta-tested. Hope a fix can be found soon, else I will uninstall.
Hi, I got the following threat detection on BlackFog Privacy 4.2.1 build 420 (If I press the update button i got that the software is up to date and it doesn't download the update to build 425) ""Attempted illegal process execution: svchost.exe (PID:560 Parent: root (PID:1452)"" It prevented me to create a restore point so I had to disable Execution in settings.
@paulderdash It looks like something is hijacking your explorer process. There are few reasons that it should have a parent of anything except root, or svchost when it is spawning additional windows. (If you would like to permit this, goto settings and click execution option to turn it OFF). I would be interested in seeing the actual detail of those entries so we can tell what parent is being reported, as it looks suspicious. @Serphis you need build 425, so you can just uninstall and get the version from the web site, it will preserve all the license and settings as before. The only change in 420 to 425 builds was exactly that message you saw.
@Darren Williams Blackfog updated to version 4.2.1 (b420) shortly before I shut my machine down last night. Today I was only able to boot as far as the log in screen with no option to actually log in. After several attempts I was going to try to boot up in Safe mode and as I held the shift key down the log in box appeared and although I was able to log in there were no icons in the task bar except the clock and the start button. Managed to open BlackFog by clicking on the start button and clicking on BlackFog in the start menu. As soon as I opened it I got several messages as shown in the attached picture. Went to settings and unticked the 'execution' tab which was ticked by default and can now reboot / start up without problems. Perhaps the 'execution' tab should be off by default. there were a total of 25 threat detections, the only difference is PID: numbers.
Dark Star, we updated it to build 425 to resolve that issue. If you uninstall and reinstall from the main web site it should be fine again.
What is the key that is supposed to be cut and pasted for the desktop license..... Contact the developer by personal message for this type question.
As already mentioned toggling 'Execution' made no difference. Darren reached out, and it seems at my Explorer start via an old launcher I use , I suspiciously have explorer.exe as parent also ... sent a Process Hacker screenshot, and it looks otherwise OK. Awaiting a trial build.
@Darren, I'm still not entirely clear re Android version, could you run BFP and AdGuard together (I think they have a slightly different focus), or would one need to ditch AdGuard (because of VPN)?
I tried that a few weeks ago and when i started BFP it took the VPN away from AdGuard, so i had to stop using AdGuard.
Re: Android. It only allows 1 VPN to work at a time, so unfortunately you cant have both running at once. Re the launch bar, we have a test version out to @paulderdash to verify it works ok before release next week. We were able to replicate it using the launch bar he was using.
