@paulderdash The simplest way to solve that is to add "syncthing.exe" to the whitelist in the Enterprise console under Settings > Windows, since it is only relevant for Windows. Global works across all devices.
Thanks Darren, but how exactly, the Allow List is for Domain or IP? Unless you mean the IP address in my message? Apologies if I'm missing something really obvious! Edit: The only place I can see to enter a path is at Global>Windows Applications Allow>PowerShell Scripts? But that doesn't seem right ...
I just installed WiseVector StopX and did an update in order to test with Blackfog No geolocation block for China ... What do you think about it Daren ? These 2 softwares can cohabit together or it will be necessary to deactivate the geolocalization for china one day?!
@paulderdash It's actually a hidden feature that it will accept and executable name when whitelisting. It autodetects this within the app so it basically is able to whitelist all direct addresses from that app. We don't document it as it should be used with care. In the app itself you can just click on "Allow" and app "yourapp.exe". In the Enterprise console. Settings > Windows > Allow list > yourapp.exe.
@acidking I don't see why it wouldn't coexist except if it is exfiltrating data it shouldn't. Seems like a lot of feature overlap thats all. But we are using different techniques based on exfiltration so really depends on what they are doing under the hood. At least you can keep the app honest by watching what it is doing.
Thank you for your quick response Daren regarding WSX. It was just a test because I knew it was a Chinese application I'm using Malwarebytes Premium + BlackFog + GlassWire right now and that's more than enough ^^ I tried to add "ARK Desktop Wallet.exe" under "allow - allowed sites" to exclude suspicious addresses from this application... but it says: "Invalid domain entered" ... Maybe I misunderstood your discussion with paulderdash! and I continue to disable "suspicious addresses" while using this application for a few minutes... br.
@acidking No you are correct, but we caught it as invalid because the exe contains spaces...We are validating IP's Domains generally, and since this is a hidden feature no-one has used it with an exe like that. If you are using the enterprise console we can fix that without an update but if just the standard we will change the validation on exe name's in the next patch.
Yes i use the Personal Edition. so i ll be waiting for the next patch. Thank you a lot for your great support. I hope the entire BlackFog team and your loved ones are doing well during this pandemic. best regards.
@Darren Williams It works when i allow "ark desktop wallet.exe" Thanks. the real name of the .exe is "ARK Desktop Wallet.exe" with some capital letters and it didn't work on the first try for your information br.
I just tried to right click, then open BF from the sys tray icon but nothing happens. I shall restart the machine and try again.
@acidking Nice pickup yes it has to be lower case because of the parsing we do here. Probably should allow both options but as a hidden feature we will add that in the future.
Interesting. I have one Firefox profile with only password manager extension, for extra security. Started getting this threat detection: 'Egress to restricted geography' every time I opened that profile ... Unsafe connection to ocsp.dcocsp.cn (47.246.7.227). Blocking. Region: China. Process -> firefox.exe Port -> 80 PID -> 41468 which is definitely not what I would want there. Thought maybe I had visited some dodgy site - seems to be something to do with alibaba.com - though I don't recall knowingly visiting any site connected to that entity on this profile ... so cleared cookies and site data, but no difference. Deleted profile, recreated. Problem is gone. But at least BFP let me know!
Yes this was part of the extension itself @paulderdash. We have seen this before. They are getting rather sneaky at embedding profilers. We are always careful not to delete the extension itself. We will track down where it stores that info for a future update. At least it couldn't do anything nasty...
