BlackFog Privacy

Discussion in 'other anti-malware software' started by liba, Feb 2, 2018.

  1. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,348
    Location:
    Paris
    Oh Yeah, one can stop the protection for a period of time. But when is such as that ever good?
     
  2. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    You guys are getting pretty skilled at this now. Yes the install mode allows you to install other products as mentioned. You can also whitelist individual items. If the system for example blocks an app you want. Just open the Threats window and click not he entry and you will see there is a whitelist option. That will then permit it in future.

    Paul, the scroll bar is locked on your device because you have the Enterprise edition which has "Network Lock" on. There are various options like this to stop users in corporations adjusting security settings. Just toggle the option on the console and it should be enabled again. Make sure you click update not he client to pull the setting immediately.

    Krusty, the advertising is not persisted on restart if you manually restart and miss the persist window. Hence the mismatch there.

    CruelSister, you are correct on the execution prevention part, but there are many other techniques employed on the network layer for ransomware. There will be more, but we have focused not he network activation of ransomware. As mentioned we will be introducing some new mechanisms for local execution shortly.

    Re there Miners can connect anywhere.... can you explain what you mean? We have inherent blocks to all miners in the system, so as long as its running they should able to connect to your machine.
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    OK, got it, pretty obvious really :thumb:.
     
  4. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    Krusty I will get them to save those stats more often in future so it doesn't go to zero on restart.

    Also note that the Install mode only stops the local execution rules, not anything else, so you are still protected. I totally agree with Cruel Sister on this... which is why it only stops the bare minimum to allow your installer to run.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,507
    Location:
    The Netherlands
    Why did you ignore my post? https://www.wilderssecurity.com/threads/blackfog-privacy-3-3-1.400343/page-5#post-2737460

    I'm just trying to figure out what BFP brings to the table. I'm not trying to be negative, but I can already block advertising with extensions, and don't see the point of data cleaning. Also, there are plenty of exploit blocking tools available. Not to forget about Google's Safe Browsing and Windows SmartScreen which are in fact URL filters. So the part that is mostly interesting to me is the outbound protection, how does it block the C2 communication? Also, this won't stop certain ransomware variants if they are already running, as mentioned by Cruelsister.

    http://www.blackfog.com/identity-theft/
     
  6. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    Sorry Rasheed missed that one. In answer to your questions. Everyone is going to have different needs and determine the value of the various pieces. We believe you need to approach this holistically. Sure you can have individual apps for everything you want. But a couple of points to consider. Plugins need to be installed in each browser and invariably use JavaScript to do it. So how much CPU do you want to sacrifice with all these plugins constantly executing. Really a personal choice. Also, what if the malware is not using your browser, but just the ports, plugins wont work. The same goes for the collection of forensic data, some users want to protect their privacy, others don't care too much. Again a personal choice.

    Another point is that these built-in systems are specific for individual apps, our system is less specific because we work at a lower level and therefore apply to all running apps.

    As for the outbound protection, this is our main focus and so we stop communication to C2 servers using a lot of different techniques, from standard blacklists through to communications techniques, based on what the various pieces of ransomware do. The paper I quoted from the University of Birmingham provides a more exhaustive list of ways they can do this. So there is not only one technique employed.

    One last point is that if the ransomware is already running, thats going to be more problematic. While we will still pickup some activity and disrupt them we prefer to be installed on a clean system to get the most benefit.
     
  7. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    474
    Location:
    Far East
    Hi Darren

    Can your software do what the below software does with alert i.e. blocking an email attachment from phoning home when its opened?

    https://www.youtube.com/watch?v=VltUSXyg8c0&feature=youtu.be
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    My Settings>Update & Security>Windows Update>View installed update history>Update history is blank.

    (Uninstall updates does show a list of updates but with no details, Date modified, Type and Size are blank.
    CP>Programs and Features>View installed updates shows complete list OK.)

    This is a recent development. A shot in the dark but could BFP be doing any cleaning in this area?

    Nothing much else has changed here, and only seen on machine with BFP installed. :cautious:
     
    Last edited: Feb 15, 2018
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,267
    Location:
    UK
    What about if you go to Control Panel ...Programs and Features..and select View Installed Updates from link at left side of page?
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    Just updated my post stapp. That looks fine.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,834
    Location:
    Among the gum trees
    Yes, BFP removed my Update History on my three machines too.
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    :thumb:.

    Darren?
     
  13. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    I will have someone review the rules and confirm shortly.
     
  14. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    Yes it could have been BF doing that according to the rules. The rules have been updated this morning to remove the offending rule as it offers no privacy benefits anyway. If you click Help > Update it will pull the rules immediately rather than waiting for a few hours.

    NiteRanger: Yes this is exactly what we do in terms of blocking activation. Now I don't know what that particular example does method wise but there are a few layers that would attack that problem.

    By the way we are releasing an additional layer to intercept PowerShell scripts this week too, which I think was what you and Paul were interested in. That will be version 3.4.
     
  15. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
    After watching that video again, looks like we stop it several ways. First we block the execution of the PDF before we need to even block the activation, so we pick that up even earlier. It uses the classic double extension trick.
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    Thanks Darren. Have done that - will check later to see if Update history is listed again (still blank now). In my experience there may be some delay ...
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,834
    Location:
    Among the gum trees
    I doubt the deleted history will show again. Any new updates going forward should not have the history deleted though.
     
  18. Darren Williams

    Darren Williams Registered Member

    Joined:
    Feb 4, 2018
    Posts:
    90
    Location:
    California
  19. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,267
    Location:
    UK
    Just wondering why the update history is still visible in the Control Panel ...Programs and Features.. View Installed Updates after it has been wiped from Settings. Was the wipe in Settings just a 'cosmetic' one? (just removed the text)
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,834
    Location:
    Among the gum trees
    Hi stapp,

    My understanding is that the updates themselves are not touched, just the date they were installed and any error messages about failed updates.
     
  21. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,267
    Location:
    UK
    So cosmetic.. thanks Krusty.
    Not a BF user myself, but following the thread and just wanted clarification on that situation.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    I can confirm this, I have had 3 Office updates since, and these are the only ones that show now.
    Was wondering the same. So 'update history' is not sourcing 'installed updates' list ... I notice also, on the latter, that most Office updates, though not all, are now dated yesterday o_O ...
     
    Last edited: Feb 16, 2018
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,834
    Location:
    Among the gum trees
    I've had the same thing happen on a Win7 machine years ago when I restored an image backup within Windows using Symantec System Recovery. The Update History was removed but the updates were still installed.
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    10,267
    Location:
    UK
    Do the installed updates for the 'wipe' period still get listed in Reliability History ?
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,027
    Location:
    At the door ...
    stapp, not sure where you mean, how do I navigate to that?

    Edit: OK, got it. I do see them ...
     
    Last edited: Feb 16, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.