Hi Darren Can I check something? How does BlackFog Privacy handles legit program which has been compromised and turns into an APT? The recent CCleaner software was a good example. You can read the issue from the net. I'm talking of compromised legit software here. This must have taken surprise on many systems which have been 100% locked down as claimed by their users.
That Web site error can happen when you are either rate limited or coming in from russia, ukraine or china.
Regarding NiteRangers' question. Thats a very difficult problem to handle, especially in the case of CCleaner because the bad actors got into the build process itself and was signed with a legitimate certificate. This is precisely what certificates are suppose to stop... The only way you can detect this sort of activity is through behavioral analysis. So if they start mimicking bad actors then they can be stopped. We have not tested exactly what they were actually doing in that instance so cannot tell you if we would have detected it. This is the sort of scenario where Machine Learning will do much better, because we can train it against such scenarios and add it into the mix. Right now difficult.
We haven't seen any problems with Heimdal yet. Sometimes there are options that need to be changed such as with Trend Micro, but others work as is. If there are incompatibilities we will always fix them where possible.
See PM. On the side I tried installing it in VM. I think the install failed, based on the log file. Couldn't down load rules. On a side note, I got an alert with it trying to run Powershell which I blocked.
Yes it needs to have Internet access to function. The application downloads the rules routinely (and on first startup) so you have the latest protection. So you will need to allow the installer to do its thing to verify the dependencies are installed.
The Powershell is a script that runs to ensure the built-in firewall allows BlackFog to connect to the Internet to get its rules. This prevents issues with people that have a locked down machine.
Okay, since I feel comfortable with you I will try it again and allow powershell. I would hope you can find another way to do that, as a lot of people today are leary of powershell, myself included.
Okay. I had to turn off NVT's OSarmor to stop the block on Powershell. But Emsisoft alerted on the .ps1 file. Darren, EAM updates thru the firewall no problem. So does HMPA and several other progams I have. I have read lots of articles on Powershell attactks and they all describe something similiar to what you are doing, but to a malicious end. I simply can't believe you guys can't do better
We will update the installer using a better technique to avoid this Peter. Thanks for your input. Will let you know when its updated with the next minor release later this week.
If you hit it again an give me the timestamp of when you try we can make sure your domain is unblocked.
Hi Darren Will there be support for more browsers like Cent, SlimJet, Waterfox, Palemoon, Iridium, Chromium etc? How about protecting the privacy of users from browsers like Chrome and Firefox? Even if I disable the settings in Chrome/Firefox I know Google/Mozilla is still collecting my data through their browsers. Is the predictive threat protection behavioral-based especially when offline? Any timeline for v4? Thanks
I also have powershell locked down, either with AppGuard or OSA, and I have EAM ... I also look forward to trial with next minor release then. Will you let us know here Darren?
