BlackFog Privacy

Discussion in 'other anti-malware software' started by liba, Feb 2, 2018.

  1. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Query to BlackFog Support and Wilderssecurity experts: I have been reviewing posts for some time now on this site and feel privileged to see such a wealth of information on computer and internet security, and have decided to join and participate, as I have a pertinent question pertaining to the new anti-ransom software BlackFog that was recently introduced and that already has drawn substantial comment and useful and informative technical advice from both the developer and from Wilders technical expert readership.

    As an attorney, in solo practice, I have to be my own IT Department and have become adept at least with the basics of keeping my computer humming and, hopefully, secure. I have, through the years, tried many different security software solutions, keeping some and dispensing with others as time and circumstance and progress and change both with my computer needs and with software development continue.

    I downloaded and installed BlackFog "trial" a few days ago. The installation proceeded without a hitch and seemed to be working well on my computer although I am informed that, with the trial version, some features (I don't know which) are not functional. My problem is getting BF to recognize the ADOBE suite of applications. I attempted to create a universal whitelist for ADOBE, but find that ADOBE CREATIVE won't sync and some fonts won't load, with BF installed so I received warnings from ADOBE.

    I know the issue I am having rests with BF because the problem started when I installed BF and the problem resolved itself upon uninstallation of the product. I would like to use BF, though, as part of my security arsenal as it seems, from what I am reading, to promise very good protection from Phishing and Ransomware.

    Now that ADOBE and many other internet software companies are moving more and more frequently toward CLOUD computing, and, as ADOBE has several services that are constantly calling home from my computer, how do I configure BF (if it is possible) to recognize that ADOBE is a "friendly" (as much as any major information technology company can be) so that I don't have BF, behind the scenes, blocking what I am sure is incessant ADOBE communication traffick back and forth from my computer to home?

    There is obviously some convenience in not having to bother with a continuous and complex hands-on approach to the configuration of security software as was the case with many early HIPS programs, and may still be with some, but the downside is that I don't know what BF is doing that is creating a glitch in obviously massive chatter between my computer and ADOBE home.

    By the way, I do use ADOBE ACROBAT extensively and find its word processing PDF features extremely useful and a great complement to MS OFFICE. So my Love/Hate relationship with ADOBE, as with MS, must continue. Advice would be sincerely appreciated. Thank you.
     
  2. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    you can add the target programme to the allow list, see what exe phones home (in the event list and view lists) and add to whitelist, you can add domain manually 2 , not sure if the programme allows to allow multiple domains in 1 go or you have to input them manually one by one, but to save time I would allow the whole programme: adobe.exe or whatever it's called (I don't use adobe), best regards
     
    Last edited: Apr 14, 2021
  3. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Thank you for your reply lucd. I figured I would have to locate all executables phoning home to Adobe. Adobe has so many executables, it would be a formidable and difficult task to find and isolate them all. I think BlackFog has created a "catch-all" using an asterisk. I tried that, but it didn't work. It is in the nature of the product to essentially block all outgoing communications. That is the software's singular strength but also an immense stumbling block since so many legitimate applications are constantly calling home. I suppose a program like Wireshark could help, but there is a substantial learning curve, along with understanding internet communication protocols. I just wish Blackfog would have a simple process that would find and exclude all executables for specific programs in bulk. I don't think the program truly allows for that.
     
  4. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    If you are using Adobe apps like us, it should be ok, unless they are doing something they shouldn't be. I am not sure where you are located, but by default we block traffic to China and Russia, which can be a problem depending on where you are. If you can let us know what country you are in we can do soem profiling for you and simulate that country and tell you exactly what it might be as these should be allowed by default on pretty much all common apps.

    BlackFog is about keeping the vendors honest. They should not be sending data to servers in Chine or Russia if you don't live there and may in fact be illegal if you are in Europe, so be interested in helping you just to see what they are doing. We have customers all over the world and haven't heard of this before and its a pretty common set of apps you have running.
     
  5. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren, thank you for responding. I am neither in Russia nor Communist China. As my location on my Wilderssecurity Registered Member panel mentions, I am located in Cleveland, Ohio, USA, and I am a citizen of the United States.

    I had uninstalled the program once I encountered a serious conflict with Adobe as I do have need of Adobe. I would like to start using BlackFog again, but I would like to have some assurance I can avoid the original problem or otherwise resolve it if I again run into it. Perhaps, I should give the software another go, and if I do have the same issue, perhaps I can provide you with specifics about my computer's hardware and software if that would help.

    Since I am located in the U.S., a simulation by location isn't going to help you to isolate my problem. But, as you have responded to my query here and are obviously as interested in assisting me as I am in obtaining assistance from you, as no one would have a better understanding of your program than you, as the developer of it, I will take another chance on it. I will notify you both on this Forum and in private email, and we can proceed from there if I do run into the same problem or another one.

    If everything works out fine, I will let you know that to be the case as well. Thank you very much for your response.
     
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    is blackfog monitoring UPD traffic in an out, I have to allow it otherwise I don't have Internet, it's happening from today, any apps wants UDP in a out with random listening ports
    I wonder if blackfog captures anything if UDP is on, sry maybe I ask stupid question but never seen this spyshleter pop up before, so I was wondering what that is
     

    Attached Files:

    Last edited: Apr 18, 2021
  7. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @lucd, no we only care about OUT on any protocol or port. So I think it might be something else doing that.
     
  8. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @fantazius We will double check Adobe for you. But I use it myself every day and it seems to be working fine for me. I will check some other machines in the lab tomorrow and confirm it for you.
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    @Darren Williams , please add option for export allow/deny rules, not only its practical but I could try help forum member, best
     
  10. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @FANTAZIUS_MALLARE Just tested on a Windows 10 machine and BlackFog 4.8.2 and installed Adobe Creative Cloud and deployed Photoshop, made a few images and saved them to the cloud without any issues. So I suggest you try again. It could have been if you were using a 3.x edition before you saw these issues, which is why we re-engineered it for version 4.0 to be more seamless and not require any black or white listing by default.
     
  11. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren,
    I haven't reinstalled yet. Been tied up with work. I plan on reinstalling BlackFog tomorrow, and will let you know if I run into a problem. But, further to the original issue, if to reiterate, Adobe Creative Cloud flagged with a synchronization problem on my machine and an error message came up pertaining to fonts that could not be deployed that Adobe Creative Cloud utilizes which resulted in the main Creative Cloud screen displaying in a diminished way, missing color and menu options. Again, I will reinstall the program, and let you know what transpires. Thank you again for your effort to attempt to ascertain, in your lab, whether you could replicate the problem I was having.
     
  12. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    No problems it seems to work fine on my machine, syncs and fonts all installed fine here.
     
  13. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren, Just to let you know, I did reinstall BlackFog this evening, after all, just a little while ago in fact. The installation went smoothly, and the Adobe Creative interface, along with Acrobat, seems to be working fine. I rebooted, and Adobe Creative loaded without a hitch. I do note though that, on reboot, BlackFog didn't start automatically. I had to open it manually. There doesn't appear to be a setting in BlackFog that allows for start on bootup, although I can enable startup through Windows TaskManager. So, this raises another question. Where are the settings for start on bootup and for autoprotect? Secondly, I wonder now if I autostart BlackFog and if BlackFog services start up before Adobe Creative, if that will cause a problem that I had initially. I note that when I first installed BlackFog, I had not set Adobe Creative for autostart. I had been disabling several programs from auto start to allow for a faster bootup and Adobe Creative was one of them. I am leery to have BlackFog autostart on bootup if that will cause problems with Adobe Creative. I won't know for sure, unless I give it a go. I suppose it is best to have security software autostart unless it is the sort of security best used for on-demand checks. I do have other security software, namely, Norton 360 and SpyShelter. But, that security software seems to get along well with BlackFog. I have six days to go with my trial, but I feel confident that BlackFog is designed very well and specifically to mate well with Windows and with other major security software and I will purchase a license before the trial ends. I will then rely on BlackFog to do what it was specifically designed to do and what, I assume, it does better than any other security software to date: to guard against "data exfiltration breaches." I am told the trial version doesn't unlock all the features. What more would I obtain once I purchase a license? Would that include autostart and selfprotect settings? Thanks again for your prompt and kind assistance.
     
  14. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @FANTAZIUS_MALLARE Glad it's working ok for you. We actually do autostart BlackFog BTW so something must be blocking our insertion into the scheduling system on your end. As you discovered you can make ti startup yourself. You will also note there are 2 parts. The Service (the one that does all the work) and the UI. The Service will always start no matter what, so its just the UI I suspect that has been stopped by Norton i expect.
     
  15. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren, I just set the BlackFog executable file for "allow" in Norton. And, I have Startup set for "enabled" in Windows Task Manager. So, BlackFog should start automatically. The question for me now is whether having autostart for both BlackFog and Adobe, that will cause Adobe Creative to throw a fit. I will see and let you know.
     
  16. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    Shouldn't have any effect at all actually unless Adobe decides to start sending data to Russia or China....
     
  17. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Further, to my previous email, I set both BlackFog and Adobe Creative to autostart and rebooted my computer. Both programs started up, and curiously, they both did so about the same time. All executables for Adobe apparently ramped up without a problem and BlackFog is doing just fine as well. Accordingly, I don't feel a need to await the expiration of the trial period. I purchased a BlackFog license and registered it a little while ago. I will let you know if I encounter any issues in the future or if I have a question concerning the functioning of the program. I understand that you have designed it for minimal user interaction, unlike older HIPS-type programs which are usually hands-on affairs. Basically, BlackFog is designed to be just "set and forget," which is a good thing, as I have enough on my own plate as it is. It is refreshing to see no incessant popups, which is somewhat of a nuisance with SpyShelter, or over-zealous, cranky behavior from Norton 365 that I occasionally have to contend with, along with rather intrusive adverts. But I see that BlackFog does demonstrate through its "events" reports what it is BlackFog blocks and through its exfiltration numerical notations report what it happens to come across. So, I will assume it is working well as it is designed to do, which is a good thing, as I would find myself very upset one day to have to come to grips with the fact that it is not, which I would be compelled to infer were I to find my computer frozen due to a ransomware attack. Still, regular backups of critical content in the Cloud and on external hard drives, and installation of imaging software such as Macrium would, I am well aware, serve as the ultimate failsafe in case of critical failure of my computer from whatever cause. Thanks again for your prompt attention to my questions and concerns and for the development of a sophisticated security program to tackle the criminal element head-on. Whatever the environment--outside in the public sphere, or in the virtual world of the Internet--"Here, There Be Tygers" (to quote a title of an old short science-fantasy story of Ray Bradbury), is very much a contemporary, cautious word of warning for today.
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I believe that an easier implementation of managing lists (allow/deny), especially importing custom lists (more than 1 entry) must be part of the programme. It just "begs" to add that option
     
    Last edited: Apr 21, 2021
  19. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @lucd we will review as part of 5.0 planning, but from a high level you really shouldn't need to manage large lists of allows and denies. They are more about exceptions, for edge cases, which we eventually include in the product itself. If you have more than a 3 or 4 then it's not working correctly.
     
  20. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren, in response to your reply to lucd, I would not wish to be in a position to have to constantly be compelled "to manage large lists of allows and denies," so it is a good thing to be able to avoid creating white lists and/or blacklists constantly, as that serves to defeat the utilitarian benefits of BlackFog.

    But, I do have a question. The other day, I sought to add, as "on-demand" security software only, the program, "Malwarebytes," that I happen to have a license for. I found that I could not install it. I received an error message. I placed BlackFog in "install mode" and tried to reinstall Malwarebytes once again but again I couldn't do so. I then shut down BlackFog, tried once more to reinstall the program, but still couldn't do so. I then rebooted my computer but disabled BlackFog from auto-starting before rebooting, which, I assume, prevents BlackFog's core service from starting. I then found I could install Malwarebytes without a problem.

    The issue I had cannot be traced to SpyShelter or Norton, as I haven't had a problem running those programs before when subsequently installing Malwarebytes. I don't have a problem now after the fact, with Malwarebytes and BlackFog running together. So, all is good. But, this would suggest that Malwarebytes apparently calls out to its servers, during installation, and BlackFog may be viewing this as an imminent danger and, so, blocks installation of the program even when set to "install mode."

    Note: I haven't attempted to reinstall, at this moment, a few other programs I have used in the past but intend to do so: useful word-processing programs and other applications that do not fall into the domain of security software. I will let you know if I run into a similar problem when attempting to install these other applications, and with BlackFog running, but set to "install mode."
     
  21. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    @FANTAZIUS_MALLARE This is what BlackFog's install mode is for actually. I will make sure the team reviews this, but "install mode" effectively switches off BlackFog and normally it does not interfere with these things. We will have a look at what Malwarebytes is doing and let you know.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I've never had to disable BF while installing or updating Malwarebytes.
     
  23. Darren Williams

    Darren Williams Developer

    Joined:
    Feb 4, 2018
    Posts:
    418
    Location:
    California
    Actually just tried it myself on a Windows 10 machine and it installed without any problems. No install mode even needed. So i suspect it must be something else getting in the way. We do extensive testing to make sure it is pretty seamless. While we aren't perfect there are not too many exceptions we know of. Anyway glad it's working fine for you.
     
  24. FANTAZIUS_MALLARE

    FANTAZIUS_MALLARE Registered Member

    Joined:
    Apr 12, 2021
    Posts:
    21
    Location:
    CLEVELAND OHIO
    Darren, thank you for attempting to ascertain if you could replicate the issue I faced, on your Windows 10 machine. My guess what I had to contend with is a quirk with my particular machine. There are so many variables, as you would know better than me; each machine is different, with its own software and hardware; different configurations and so forth. You would have to actually look at my machine to isolate the problem. In any event, the workaround for me was simply to disable BlackFog at bootup and then reenable it. I will let you know if I run into a similar issue when attempting install of some non-security software, but keeping BlackFog enabled. In any event, BlackFog is operating well, getting along well with every other program I have. No stops, or hesitations or "glitches" of any kind that I can see. All is good.
     
  25. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    Imagine I format pc or re-install blackfog, I have to input stuff manually again from scratch, because I can't even export/import my settings? Geofence again and all that stuff? Coman, most programs allow it, the programme feels gimped without it, it seriously feels like something that has to be made and not what I want personally

    longer rant list:
    1) it would be easier to add programs/domain to allow/deny with lists entries but nobody is forcing you to use it, but somebody might need it. For rapid deployment on host. Also the allow/ deny is not very smart, you can't add domain on the fly by right clicking from event log, you can't even copy paste the domain. You have to input stuff manually.
    Secondly the programne can't be added if it contains spaces, example: ms word.exe it must be msword.exe
    2) Now less important: recognize UDP, incoming/outbound traffic like spy shelter 12.5 does, I think if they added it there must be some security issue or flaw that could be exploited, best regards
     
    Last edited: Apr 22, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.