Pumpernickel (FIDES)

Discussion in 'other anti-malware software' started by TheRollbackFrog, Dec 9, 2016.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,062
    Not a decent GUI, no GUI. And I wouldn't hold out hope
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,959
    Location:
    U.S.A. (South)
    If there ever is a turn of events it would be a decent one certainly.

    So much for empty babble over expectations of it from me, but do you still use FIDES and which combo, (MemProtect I use) is an ideal addition to round out granular security control from your standpoint.

    Really doesn't impact system energy any longer going back to the Layered Approach given much better suited coding and hardware these days.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,062
    I use FIDES with MZWritescanner
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
    Because the current version is expired, the developer uploaded a new version today.
    ("Demo driver will stop working in 2019. A follow up demo version will be available then which will work for another year.")
    Website
    pumpernickel_demo.exe (Digital signature of the driver: April 2, 2018)
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,254
    Location:
    Under a bushel ...
    Paid users are unaffected?
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
    Only users of the demo version. It has several "limitations" and this is one of them.
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,409
    Location:
    Mexico
    Did refresh FIDES files. I'm back in the game again. :)
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    How do you enable balloons?
    Or is this only for the beta version?
    I am currently using FIDES stable demo.
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
    A beta-version is not needed. Launch Tray.exe with the additional parameter -showballoon ("Tray.exe -showballoon") and a balloon/notification will appear on the desktop (and it will be mentioned in the Notification Center)
    FIDES_trayicon-balloon_desktop.png FIDES_trayicon-balloon.png
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    Got it. I made a bat file so it can run that way at startup.
     
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,581
    Location:
    Toronto, Canada
    @shmu26 For reference, if there is ever a time when you want to silence any alerts (no balloons or toasts), there is also a parameter "nopopups" which alternatively you would place where "showballoon" was placed.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    If an item is under [BLACKLISTREAD] does that automatically stop it from modifying, or does it also need to be put under [BLACKLISTMODIFY] ?
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,813
    It depends on the rule.

    Code:
    [BLACKLISTREAD]
    *>C:\Protected\*
    
    = Applications can't read files in this directory, but they are able to "see" them and are even able to delete them.
    If you have such rules they should be put in both categories [BLACKLISTREAD] + [BLACKLISTMODIFY]
    Code:
    [BLACKLISTREAD]
    *>C:\Protected*
    
    = If it is written like this, files (and the directory) are now protected and placing the rule in [BLACKLISTREAD] should be enough. But it shouldn't harm to place it in both :cautious:
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    Thanks, @mood. That's an interesting difference between rules.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    Can you make a block rule for recycle bin with the path
    ?:\$Recycle.Bin\*
    And is this useful, or are processes blocked by default from reading recycle bin data?
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    Or maybe FIDES does not support the character $ since it has a different meaning in Excubits?
     
  17. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    349
    Location:
    router
    use this in black list
    !C:\Windows\explorer.exe>C:\$Recycle.Bin*
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    That was a good idea. I tried your rule, and when I access recycle bin by explorer, I get Windows error messages, and FIDES shows in the log:

    R: C:\Windows\explorer.exe > C:\$Recycle.Bin

    But the strange thing is that despite all this, Recycle bin opens anyways, and I can see files and restore them.
     
  19. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    349
    Location:
    router
    put rule in [BLACKLISTMODIFY]
    i think then you unable empty it

    post edited :)
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,086
    It seems to me that processes cannot read the content of files in recycle bin. They can only get basic info about the file, such as name and size. Correct? If this is so, the security risk is much smaller.
     
  21. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    349
    Location:
    router
    with below rule just explorer can not delete move rename file other exe can
    but explorer.exe can read it if no block in block read section like na me size location
    [BLACKLISTMODIFY]
    !C:\Windows\explorer.exe>C:\$Recycle.Bin*
     
  22. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    222
    Location:
    Europe
    Here's my config for caging chrome, been running this for 3-4 days now and no popups, .ini size is exactly the maximum for the demo version: 3070 bytes (won't work with longer username, one can always rename)

    I've added C:\Windows\System32\CatRoot*\* and C:\Program Files (x86)\Google\Chrome Beta\Application\Dictionaries\* to Bouncer's blacklist, since they're writable by chrome

    [LETHAL]
    [LOGGING]
    [#INSTALLMODE]
    [WHITELISTMODIFY]
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Temp\*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Microsoft*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Packages\chrome.sandbox.gpu*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\Local\Google\Chrome Beta\User Data\*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\AppData\LocalLow\Microsoft\CryptnetUrlCache\*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Users\User\Appdata\Roaming\Microsoft\Windows\Recent\*Destinations*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\Dictionaries
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\ProgramData\NVIDIA Corporation\Drs\*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\catroot*
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Downloads*
    [BLACKLISTMODIFY]
    *chrome.exe>*
    [WHITELISTREAD]
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:*
    [BLACKLISTREAD]
    *chrome.exe>*
    [EOF]

    Chrome is the only software on my PC that I deem worthy of protecting with pumpernickel. I don't use photo editing software other than Paint, I don't use video/audio players, I don't use office or anything like that, I don't use anything adobe or java related etc. 7zip and skype are the only software I use which would be popular enough, but then if you check cvedetails.com, you'll see that these programs have barely any vulnerabilities if at all, and they're usually patched ASAP (fun fact, compare intel and amd vulnerabilities) Now if I know the NSA or russian hackers are determined to hack me, I'd define very strict rules for every program, on the edge of crippling them, but for general use I think only chrome is enough, on my system anyway

    One can also go here https://www.cvedetails.com/top-50-products.php and check every year starting from like 2010 onward if he has any of those targeted software installed on their pc, in my case the only software there asides from chrome is Edge which is completely removed from the system and IE which is completely blocked from running

    I store my backups on a partition which is constantly being shadowed by Shadow Defender, and only unshadowed when macrium writes to it, so no need to protect it with pumpernickel (it's also better this way anyway, raw access is powerless, in case something gets exploited to run as admin for example)
     
    Last edited: Sep 3, 2018
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,062
    This isn't the best use of Pumpernickel. It does better for protecting disks and folders.
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    222
    Location:
    Europe
    Everyone has their own uses :thumb:

    It's a flexible software (not so much with 3KB), it can be used for many purposes

    What's your config pete? What do you use pumpernickel for?
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,062
    I use it mainly to protect my other internal hard drives against a ransomware attack. I don't worry about my c: drive as I take hourly backup images with Macrium. The only thing that can write to the other drives are the imaging programs.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.