Privacy Fence

Discussion in 'other anti-malware software' started by paulderdash, Apr 29, 2016.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    Last edited: Apr 29, 2016
  2. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    54
    Hello.
    You can try it on a virtual machine.
    Best regards.
     
  3. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    893
    It looks at your installed apps and what filetypes are registered with them.
    If example.docx is opened with Office, you get no prompt but if (for example) "unknown.exe" wants to open it, the program asks for permission.
    But if you have recently opened it with "unknown.exe" (before installation of PF), it doesn't ask for permission now.
    It depends on:
    a) registered filetypes
    b) installed applications
    c) recently used list
    d) digital signatures
    I see, that it installs a kernel-driver.
    I don't know if it injects a dll into programs, or how does it exactly protects the files.
    You have to try it out in a VM :)
     
  4. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,083
    Location:
    Netherlands
    @paulderdash Good find :thumb:

    Novel Effective Approach to Privacy Protection
    Simple setup
    The gui has some bugs and it does not find all the files extensions. So I would suggest to auto trust signed applications also. It is like MemProtect with a GUI and auto-allow function. When you auto allow signed programs.
    upload_2016-4-29_15-2-0.png


    Privacyfence in action
    I changed my Chrome settings. These are saved in a text file. Chrome is not specified as the program which is allowed to handle files with the TXT file extensions. As promised it intercepts the save and asks me to trust the program, allow this action or block it.

    upload_2016-4-29_15-4-44.png

    Bottem line
    This program is offered as a FREMIUM (first year free license). Should be effective against ransomware. Privacy Fence has the same limitation as Secure Folders: it won't protect you from ransomware which uses signed programs like Windows Explorer. Considering Secure Folders is not maintained anymore and Pumpernickel has no GUI, this is a nice fremium alternative.
     
    Last edited: Apr 29, 2016
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    To me it seems more as security related tool than privacy related.
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Unfortunately no...I've tested and installator does not work on Vista

    160429172844_1.jpg
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    893
    What about memory usage and CPU% ?
     
  8. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    According to the website requirements, Privacy Fence is supported only on Windows 7,8 and 10.

    If you have a legacy version of Windows, you're out of luck.
     
    Last edited: Apr 29, 2016
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    I also thought so.
    I saw it mentioned in two other posts in this forum (one mentioned it didn't work alongside VoodooShield), but could't find any third party info on it. Thanks for 'positioning' it vs. other Excubits tools.
    May give it a try on my Win 8.1 system, though it may be overkill alongside e.g. Appguard.
     
    Last edited: Apr 30, 2016
  10. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    I tried it for a short time and was not impressed. The "wizard" that finds vulnerable file types only found one thing. When I tried to uninstall, it kept popping up an error message. I finally just rolled back to a prior snapshot to get rid of it. It's worth what you pay for it, I guess (nothing)....
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Thanks for the heads up, it's still an interesting tool but it will probably fail against ransomware if Win Explorer is used by ransomware to do the encrypting.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Text was quoted from PF page so I could expect better result
    160505075603_1.jpg
     
  13. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    VoodooShield doesn't register itself in Windows as a program that's allowed to handle .dat and .log file extensions. If VS is manually registerd then it does actually work alongside Privacy Fence.

    On my machine:

    PF Memory_CPU_usage.jpg
     
  14. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    My experience has been different.

    Protected File Types.jpg

    I can add any registered file type to the list of protected files.

    Select File Type.jpg

    It can't be uninstalled unless you disable protection from within Privacy Fence GUI first. Additionally you might need to stop and delete the driver (fgcpac.sys)

    fgcpac.jpg

    That's the same method that you'd use for other software that installed a running driver that the uninstaller couldn't stop.
     
    Last edited: May 5, 2016
  15. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    893
    Under 50MB memory, that's ok.
    But i wouldn't add Windows Explorer as a Trusted Application. It's one of the big targets of malware.
     
  16. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Cheers. It's only trusted in order to view contents of zip files and that's all.

    Privacy Fence_Explorer.jpg
     
  17. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    Would this app be useful if the lists were populated as follows:
    Protected File Types - JSE,PS1,SCT,VBE,VBS,WS,WSF,WSH
    Trusted Applications - "Empty"
     
  18. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Interesting question. In theory it should work then you'd get a prompt if any files with those extensions attempted to launch. I haven't tested though.
     
  19. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    So, curiosity got the better of me, and after a image backup I installed PF.

    I was greeted with a long list of Registered File Types. I entered some of them into the Protected File Types section (JSE,SCT,WSF).
    I created a file with extension .JSE, then saved settings in the app.
    • Double clicking on the JSE file kicked up a prompt by PF asking if I wanted to allow access to the JSE file. I clicked on Block, and access was denied.
    • Double-clicked on the JSE file again, but this time I ticked the "Remember my choice" box, clicked on Block and again, access was denied. In PF, opening the app that tried to access the JSE file provided me with a screen of file extensions that this app could open up. So, it appears that PF can handle a list of vulnerable extensions, and keep a list of trusted applications, BUT ALSO restrict these apps from opening the vulnerable extensions.
    • Renaming the recently-created JSE file to SCT caused PF to kick up a fuss, asking if I wanted to allow this action. I blocked and access to extension change was denied.
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    For me the wizard also only found a few file types. I didn't really play around too much, so I have to confess I uninstalled.
    Auto-allowing signed applications may be a 'workaround' but does leave the Windows Explorer 'hole' mentioned above. And isn't signed malware an issue?
    Maybe I need to play around again, tick 'Trust Signed Applications' and then untick Windows Explorer?
    Essentially though I want to protect Documents, Pictures, Music and one or two others ... maybe best to pursue Appguard Private Folders, or Pumpernickel for this. Last time I tried WAR it was still a bit buggy.
     
  21. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    It only finds registered file types for applications that are registered to handle those file types.

    Example:

    PF installer must be "run as administrator." I also uninstalled PF twice after first testing as I wasn't impressed either but have since stuck with it. It takes a while to get used to configuration and understanding when it might be better to disable PF protection - before installing windows updates for example.

    Once configured you get virtually no pop ups after a few days.

    "Trust signed applications" should be fine. For signed malware I'd expect my on access AV or VoodooShield to pick that up.

    Not sure about "Windows Explorer" hole. Are you saying that explorer.exe can be exploited by malware to modify personal files?
     
  22. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    Question about Registered (Designated) File Extensions vs Unregistered/Deleted File Extensions...

    Halfway down this website, it informs the reader to remove LNK file extension. Others have taken this a little step further, and removed URL as well (cannot find post at the moment), and another one that recommends adding some.

    If the File Extensions are not registered/designated, then they cannot be added to Privacy Fence for protection. What would be the correct approach to this; re-introduce deleted/registered File Extensions so they can be monitored?
     
  23. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    Anyone know how to get a registered/designated file type into Privacy Fence, even though the PF Scan doesn't bring it up? I can't get WSH to show, even though it picks up WSC and WSF. Both Group Policy and Types (3rd party app) inform me that WSH is registered...
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    I believe so.

     
  25. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    I would rather wait... based on my experience today with PF... wait till you receive a prompt from PF that references Explorer. With this approach, you can define a granular and specific rule based on "how" Explorer will be trusted. This is the opposite effect of manually introducing Explorer as a Trusted Application. The added bonus of this approach is that common sense is required only when you click on Allow or Block; a pleasant PC user experience :)

    Also, don't do what I did and add regularly encountered file types like gif / jpg / bmp (and furthermore, all font-related file types <---- this is the one that borked me nicely!) without considering each and every app you have installed. In my case, it locked my system up and forced me to engage Safe Mode to remove entries from PF. It's one thing to see if an app is right for your setup; it is another to pretend to be e-Houdini *smacks himself*

    At this point in time, I decided it wasn't for me. I felt it was overkill, considering I don't keep valuable files on the PC. Also, still stuck in a to-and-fro game between Secure Folders and EXE Lock. PF is a nice app, however would be good if the user was allowed to add custom file types (eg: non-existent ones), instead of just relying on registered ones. Credit to author of OP for this find!

    EDIT: Add .js and .pbk (dial up passbook, something like that). I had some interesting requests for the 2nd one, and a couple of requests I didn't expect for the 1st, although legit apps... fun times ahead.
     
    Last edited: May 19, 2016