Pumpernickel (FIDES)

Discussion in 'other anti-malware software' started by TheRollbackFrog, Dec 9, 2016.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Guy's you are missing a key point. Fides the way it set up WORKS. I've tested and beat on it and it works. Period
     
  2. guest

    guest Guest

    Your proposed change will have an effect on existing .ini rules and also lead to confusion (the priority of the whitelist is higher than the blacklist)
     
  3. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Am I correct in believing that a blacklist rule beats a whitelist rule, which is different from what I understood you to say?
     
  4. guest

    guest Guest

    In the "current" hierarchy a blacklist rule beats a whitelist rule which is not the case in your proposed change.

    And in addition to this .ini files wouldn't continue to work and need to be re-written. For example priority blacklist rules have no effect anymore if there are priority whitelist rules.
     
  5. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Yes, precisely - I am proposing a change. My proposal is not something I feel is necessary or even important, just something that might be an improvement. If deemed an improvement, then it's a question of whether the improvement would warrant the implementation costs. I'm asking the questions because I don't know.
     
  6. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Certainly a good point Pete.
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Well the excubits dev doesn't visit these forums. You can email him here https://excubits.com/content/en/company_contact.html , might take a few days for him to answer you, if he does
     
  8. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Thanks Floyd. I posted the idea here for vetting before submitting it to excubits. (First, do no harm.) It attracted no support. Others didn't like the idea. So, it was a bad idea. I'm just going to tremendously profit from the product as it is; with thanks to Frog and Pete for alerting me to it, and especially Pete for his extensive testing. And others like yourself for your comments.
     
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Make sure to keep us updated and tell us what happened! Just don't post screenshots cuz the mods don't like it :isay:
     
  10. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I'm not going to pursue the idea because it turned out to not be a good idea.
     
  11. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    A few hours working on my config file and things seem to be working just the way I want: Harden protection of my MR and FreeFileSync files on my two external hard drives; while not interfering with the normal operation of Windows, File Explorer, and Bitdefender.

    The tray icon is very useful. Note also that development of your config file is made easier with the insertion and deletion of the comment character # at the beginning of rules.

    A valuable and maybe best-of-breed tool, and my preference over MR Image Guardian.

    Thank you again Frog and Peter.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    You are most welcome
     
  13. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yep, pumpernickel is a valuable tool indeed, and extremely lightweight. And so are all of excubits' products, they make AVs look like some 50 year old outdated technology with their performance-draining processes, expensive yearly plans, and inferior default-allow security
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Totally agree.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Now if they could just be combined with decent GUIs, there would probably be quite a home market.
     
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    The dev doesn't seem interested in the home market

    When you look at software like Voodoo Shield and No Virus Thanks, do you think they have a home market? I doubt they have more than a few thousand paying home users. Compared to most AVs with millions upon millions of users. So it only makes sense they would pursue the enterprise market because that's where the money really comes from, if you don't have a ******* to spend on advertising to get many users like AVs do
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    No doubt you are right.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Florian's big market is custom applications. Real home market would be a disaster of support
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    The home market is already been summed up. The big wigs (Enterprise) is where the driving ambition keeps the development fully funded and rolling up the landscape.

    However, until i'm blue in the face still have to chomp at the bits for a GUI version that with hope against hope, expect might one day surface but as @Peter2150 always makes a point of, wouldn't hold my breath in expectations of that.

    But boy if they did attach one to it, the interest would increase a hundred fold for us peons who count it fortunate there's even a home user's part that's available in spite of the hapless notepad criteria of txt file applying rules.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Will it work if I add [ADMINBYPASS] to FIDES?
    (Could be useful when blocking read access to certain dlls)
     
  21. guest

    guest Guest

    FIDES doesn't support [ADMINBYPASS]
     
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    FIDES is almost the only way to effectively block system.management.automation.dll and system.management.automation.ni.dll, which are created on the fly and thus can't be blocked by Bouncer.
    However, since they are used by Windows management tasks, this involves making a lot of exceptions, not all of which are 100% secure. But I think that [ADMINBYPASS] would solve the whole problem.
    Could we ask Florian to add support for [ADMINBYPASS]?
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Shmu26

    Thanks for your suggestion on using FIDES to block that beast. I have it in appguard, but feel better also adding it into FIDES.

    Pete
     
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Appguard can't block it.
    You can test this yourself.
    1 Disable FIDES, and disable all block rules for Powershell.exe, but enable your AppGuard block for the dll.
    2 Launch Powershell.exe.
    3 If powershell works, the dll was not blocked. You are vulnerable to reflexive dll loading.

    Now do the same, but this time, enable FIDES with a no-read rule for the dll. Powershell should crash immediately.
     
    Last edited: May 21, 2019
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I'll take your word for it. Just appreciate your posting rules to block with FIDES. Any others
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.