Pumpernickel (FIDES)

Discussion in 'other anti-malware software' started by TheRollbackFrog, Dec 9, 2016.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,908
    Not a decent GUI, no GUI. And I wouldn't hold out hope
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,126
    Location:
    U.S.A. (South)
    If there ever is a turn of events it would be a decent one certainly.

    So much for empty babble over expectations of it from me, but do you still use FIDES and which combo, (MemProtect I use) is an ideal addition to round out granular security control from your standpoint.

    Really doesn't impact system energy any longer going back to the Layered Approach given much better suited coding and hardware these days.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,908
    I use FIDES with MZWritescanner
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    6,076
    Because the current version is expired, the developer uploaded a new version today.
    ("Demo driver will stop working in 2019. A follow up demo version will be available then which will work for another year.")
    Website
    pumpernickel_demo.exe (Digital signature of the driver: April 2, 2018)
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,032
    Location:
    At the door ...
    Paid users are unaffected?
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    6,076
    Only users of the demo version. It has several "limitations" and this is one of them.
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,234
    Location:
    Mexico
    Did refresh FIDES files. I'm back in the game again. :)
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    How do you enable balloons?
    Or is this only for the beta version?
    I am currently using FIDES stable demo.
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    6,076
    A beta-version is not needed. Launch Tray.exe with the additional parameter -showballoon ("Tray.exe -showballoon") and a balloon/notification will appear on the desktop (and it will be mentioned in the Notification Center)
    FIDES_trayicon-balloon_desktop.png FIDES_trayicon-balloon.png
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    Got it. I made a bat file so it can run that way at startup.
     
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,477
    Location:
    Toronto, Canada
    @shmu26 For reference, if there is ever a time when you want to silence any alerts (no balloons or toasts), there is also a parameter "nopopups" which alternatively you would place where "showballoon" was placed.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    If an item is under [BLACKLISTREAD] does that automatically stop it from modifying, or does it also need to be put under [BLACKLISTMODIFY] ?
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    6,076
    It depends on the rule.

    Code:
    [BLACKLISTREAD]
    *>C:\Protected\*
    
    = Applications can't read files in this directory, but they are able to "see" them and are even able to delete them.
    If you have such rules they should be put in both categories [BLACKLISTREAD] + [BLACKLISTMODIFY]
    Code:
    [BLACKLISTREAD]
    *>C:\Protected*
    
    = If it is written like this, files (and the directory) are now protected and placing the rule in [BLACKLISTREAD] should be enough. But it shouldn't harm to place it in both :cautious:
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    Thanks, @mood. That's an interesting difference between rules.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    Can you make a block rule for recycle bin with the path
    ?:\$Recycle.Bin\*
    And is this useful, or are processes blocked by default from reading recycle bin data?
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    Or maybe FIDES does not support the character $ since it has a different meaning in Excubits?
     
  17. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    341
    Location:
    router
    use this in black list
    !C:\Windows\explorer.exe>C:\$Recycle.Bin*
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    That was a good idea. I tried your rule, and when I access recycle bin by explorer, I get Windows error messages, and FIDES shows in the log:

    R: C:\Windows\explorer.exe > C:\$Recycle.Bin

    But the strange thing is that despite all this, Recycle bin opens anyways, and I can see files and restore them.
     
  19. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    341
    Location:
    router
    put rule in [BLACKLISTMODIFY]
    i think then you unable empty it

    post edited :)
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    888
    It seems to me that processes cannot read the content of files in recycle bin. They can only get basic info about the file, such as name and size. Correct? If this is so, the security risk is much smaller.
     
  21. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    341
    Location:
    router
    with below rule just explorer can not delete move rename file other exe can
    but explorer.exe can read it if no block in block read section like na me size location
    [BLACKLISTMODIFY]
    !C:\Windows\explorer.exe>C:\$Recycle.Bin*
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.