Pumpernickel (FIDES)

Thanks, Pete. You know who to talk to about such issues, no need to take my word for it.

The discovery that FIDES can block Powershell dlls was made by @WildByDesign. I hope he doesn't mind me sharing his config for it. This is the gist of his config, I added only one rule to it, for Windows Defender .

Code:

[#INSTALLMODE]
[#LETHAL]
[LOGGING]
[WHITELISTMODIFY]
[BLACKLISTMODIFY]
[WHITELISTREAD]
!C:\Windows\Microsoft.NET\*\ngen.exe>C:\Windows\Microsoft.NET\assembly\*\System.Management.Automation*.dll
!C:\Windows\Microsoft.NET\*\mscorsvw.exe>C:\Windows\Microsoft.NET\assembly\*\System.Management.Automation*.dll
!C:\Windows\Microsoft.NET\*\mscorsvw.exe>C:\Windows\assembly\*\System.Management.Automation*.dll
!C:\Windows\System32\sdiagnhost.exe>C:\Windows\*\System.Management.Automation*.dll
!C:\Windows\WinSxS\*\TiWorker.exe>C:\Windows\*\system.management.automation*.dll
!C:\Windows\System32\poqexec.exe>C:\Windows\*\System.Management.Automation*.dll
!C:\Windows\System32\svchost.exe>C:\Windows\WinSxS\*\System.Management.Automation*.dll
!C:\Windows\System32\wuauclt.exe>C:\Windows\*\System.Management.Automation*.dll
!C:\Windows\System32\poqexec.exe>C:\Windows\*\System.Management.Automation*.dll
!C:\ProgramData\Microsoft\Windows Defender\Platform\*\MsMpEng.exe>C:\Windows\*\System.Management.Automation*.dll
[BLACKLISTREAD]
*>*system.management.automation*.dll
[EOF]

 

1 Please remind me, how did I first post it?
2 MZwritescanner detects writes to disk. However, the powershell dll is compiled and then loaded directly into memory, without writing to disk.

 

It's a little too barebones, at least on Windows 10.
It will block some Windows management tasks and/or cumulative update tasks.
It won't provide full protection because it doesn't block system.management.automation.ni.dll

 

It might not be needed on Windows 7, I really have no idea... Andy Ful probably knows.

 

New version released.
More info available in the Newsblog (2020/01/06) [or in this post]

Download Pumpernickel (FIDES) (Binaries last updated on 2020/01/06)

 

I had a license before. Do I need to buy a new one to update?

Or can I just use the demo version, I have very few rules - only to protect images and other backups on external portable drive.

 

Actually this new version still comes with the old drivers; updating the Tray-App is enought. Full version needs to be downloaded from the special download link from the company.

 

Licenses are LIFETIME of the product... all releases.

 

Are you sure updates are free?

I have a download link which Execubits provided to me when I bought this is 2017. If I download Pumpernickel from the same link today it's still the old version.

 

Oh yes, I also remember being sent a link.

Good question, Mark.

 

Mark, you are correct (my bad) when using your original licensed download link.

This from the Excubits FAQ (slightly changed for clarification)...

"You receive product- and feature updates for 1 year after purchase. After that year you can still use our software without any restrictions, you receive no further feature updates."

 

Will the pumpernickel_demo.exe work? My .ini file is not even 3 KB ...

I seem to remember reading Config file can be up to 2 MB for free, or did I dream that?

 

For Bouncer, the demo limit is 5 KB. It might be lower for pumpernickel.
I just checked my old config files for pumpernickel, and they are all around 2.5 kb, so that tells me that the limit is 3 kb. Keep it under 3 kb and you are good.

 

Thanks @shmu26, might give update a go if I can figure out how to do that (not good with that stuff - drivers, etc.).
Else I may just leave it, as it's working now.

Or try the demo version on my other machine.

 

Greetings all... it's been a while. I wanted to take a quick look at any changes between the Jul2017 version I purchased and the Jan2020 current release. I downloaded the current TRIAL but it contains no Manual.pdf (like the Jul2017 version) or any sort of README file explaining the capabilities.

Does anyone have either of those documents for the Jan2020 release? Thanks for any help with this...

 

Manual.pdf is under the directory of "Tools".

 

Froggie, you may also want to consider trying Folderfication (for the future)?: https://www.wilderssecurity.com/threads/folderfication.428531/

Pumpernickel is no doubt lighter, but I am using Folderfication on my newer machine now.
I don't have the expertise to test compare effectiveness, but Folderfication at least has a UI (and some additional features, encryption upcoming).

 

Thanks @kakaka - I missed that. It used to be in the ROOT folder.

 

Thanks @paulderdash - will do!

 

Just to let you folks know, EXCUBITS is no longer available on the net and the Company is undergoing what the developer calls a "strategic realignment." I don't know how ominous this is but the product(s) Developer remains available at <info@excubits.com> to assist anyone with fully licensed application issues.