Pumpernickel (FIDES)

Discussion in 'other anti-malware software' started by TheRollbackFrog, Dec 9, 2016.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,538
    Do you use it also to prevent data theft from those hard drives?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I don't have any data, that I worry about theft. Basically with my security software load I really don't worry to much about anything getting on the machines
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Perhaps you should write your security config in your signature, so other members can see it :thumb:

    @shmu26 Do you use pumpernickel? What is YOUR setup?
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,538
    I do use it, demo version, mainly because I have two programs running from appdata that I want to control their access to personal data.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Most users here know it, but if your are interested PM me and I'll tell you
     
  6. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I installed pumpernickel and haven't been able to get it working yet. A quick question to maybe get on the right track: what does the blue system tray icon I'm seeing signify?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The color of the icon indicates the status of the driver. But on a more basic level is the driver installed and do you have a log file. These should both be in the windows area
     
  8. 4Shizzle

    4Shizzle Registered Member

    Joined:
    May 27, 2015
    Posts:
    179
    Location:
    Europe
    First ensure you install driver. right click on pumpernickel.inf and select "install". then driver should be installed.
    copy your configuration file (pumpernickel.ini) to c:\windows\pumpernickel.ini
    then open cmd.exe as admin and type
    net start pumpernickel

    you can checks if pumpernickel is running in cmd.exe console uzsing:
    sc query pumpernickel

    it should then looks like this:

    Code:
    C:\Users\rizzle>sc query pumpernickel
    
    SERVICE_NAME: pumpernickel
            TYPE               : 2  FILE_SYSTEM_DRIVER
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 1077  (0x435)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
    You said that your icon is blue? this marks pumpernickel be in non-lethal mode, so your setting (c:\windows\pumpernickel.ini) should contains some line like [#LETHAL]. I would highly recomend that you first get comfortable with configuration before set pumpernickel in [LETHAL] mode. It can be very dangerous if yoiu have set something to blocking ant then be in [LETHAL], because driver will then block and forget, this could crash your system. so first check config in [#LETHAL], open c:\windows\pumpernickel.log to see what is logging, then adjust configuration until you feel fine and then go into [LETHAL] mode.
     

    Attached Files:

  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    In case you don't have Install when you right click the .inf file, open cmd and type:

    InfDefaultInstall "C:\Program Files (x86)\Excubits\Pumpernickel\x64\Pumpernickel.inf"

    This should run runonce.exe then grpconv.exe and that will install the driver. Next, here are the commands from cmd for using pumpernickel:

    check status: sc query pumpernickel
    start: net start pumpernickel
    stop: net stop pumpernickel
    uninstall: sc delete pumpernickel

    You can also use the Tray icon by right clicking it

    Copy the pumpernickel.ini file from C:\Program Files (x86)\Excubits\Pumpernickel to C:\Windows. You can technically place it anywhere you want and make pumpernickel use it from that location, just C:\Windows is the default one

    Next, go to C:\Program Files (x86)\Excubits\Pumpernickel\Tools\64-bit and copy Admin Tool.exe and Tray.exe into C:\Program Files (x86)\Excubits\Pumpernickel\Tools, replacing them. Now, you can make a shortcut from C:\Program Files (x86)\Excubits\Pumpernickel\Tools\Tray.exe on your desktop to start the tray program when your PC starts, since pumpernickel tray doesn't get automatically added to startup

    Now all that's left to do is to open the config file, right-click the tray and Open Config File and then you edit it. You need to restart pumpernickel for the edit to take change. You can also restart pumpernickel by using Clear Log File

    Pumpernickel has 4 color states if you did everything above:

    Gray: Off
    Green: On, can be either [LETHAL] or [#LETHAL]
    Red: Check the log, by default C:\Windows\pumpernickel.log, more convenient by using Open Log File from the tray
    Yellow: In [INSTALLMODE]

    You will not receive logs when pumpernickel is in Installmode, unlike when it's in #lethal. In the latter case, pumpernickel still logs as if it blocked them, except it didn't

    Use installmode when you're restarting your pc and it's doing an update, or you just want to permanently put pumpernickel off, since if it's off with Gray icon, when you restart your pc pumpernickel will be On again. Pumpernickel driver starts automatically on pc startup. You only need to start the tray program

    Personally, I use pumpernickel to deny chrome to read any partition that's not my system one, to deny chrome to write to anything that it doesn't need to write to, and to deny anything to write to my backup partition

    Here's my config, maybe it will help you:

    [#INSTALLMODE]
    [LETHAL]
    [LOGGING]
    [WHITELISTMODIFY]
    !*chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\debug.log
    !*chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\71.0.3578.30\debug.log
    !*chrome.exe>C:\
    !*chrome.exe>C:\Users\User
    !*chrome.exe>C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\*Destinations*
    !*chrome.exe>C:\Users\User\AppData\Local
    !*chrome.exe>C:\Users\User\AppData\Local\Packages\chrome.sandbox.gpu*
    !*chrome.exe>C:\Users\User\AppData\Local\Google\Chrome Beta\User Data\*
    !*chrome.exe>C:\Users\User\AppData\Local\Microsoft\Windows\Caches*
    !*chrome.exe>C:\Users\User\AppData\Local\Microsoft\Windows\Explorer*
    !*chrome.exe>C:\Users\User\AppData\Local\Temp\*
    !*chrome.exe>C:\Users\User\AppData\LocalLow\Microsoft\CryptnetUrlCache\*
    !*chrome.exe>C:\ProgramData\NVIDIA Corporation\Drs\*
    !*chrome.exe>C:\ProgramData\NVIDIA Corporation\NV_Cache\*
    !*chrome.exe>C:\Windows\System32\catroot
    !*chrome.exe>C:\Windows\System32\catroot2
    !*chrome.exe>C:\Windows\System32\catroot2\dberr.txt
    !*chrome.exe>C:\Downloads*
    [BLACKLISTMODIFY]
    *>D:*
    *chrome.exe>*
    [WHITELISTREAD]
    !*chrome.exe>C:*
    [BLACKLISTREAD]
    *chrome.exe>*
    [EOF]
     
    Last edited: Nov 8, 2018
  10. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Thank you everybody; I just managed to get back to this now. I did study and understand the manual, and did follow its instructions carefully, so my problem is probably something small. It also occurred to me that maybe Bitdefender is the root of my problem. I'll let you know how I make out.
     
  11. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I have it working now, after reading the posts above. Thank you. I don't know what was wrong (other than not copying the tray and admin tools from the tools 64 bit subfolder to the tools folder, and not realizing that the tray icon wasn't suppose to automatically start after a restart). I simply reinstalled the pieces and in particular I started with the provided Pumpernickel.ini file rather than creating a new file (probable source of my problem). A couple of questions: 1) the .ini files that people have shared with me consistently use the priority symbol ! where I don't understand why it is needed. 2) I don't understand how Floyd's file above works without a [WHITELISTREAD] *>* rule, unless he has given us only a part of his file.
     
  12. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Cuz blacklist rules take priority over whitelist rules. And so do blacklist priority rules over whitelist priority rules, so ! is used to make the whitelist rules priority whitelist rules in order for them to take priority over the non-priority blacklist rules, such as *chrome.exe>*

    It's the full file, pumpernickel doesn't block everything by default like Bouncer, neither does memprotect with [defaultallow]. So no need for general *>* rule. The excubits dev was sleeping on the manuals
     
  13. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I think that is the answer to most of the things I wasn't understanding. I probably could have figured it out myself - after a few weeks. Much appreciated Floyd!
     
  14. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Opening notepad once, creating one line of text, and doing one Save, using the following .ini file; produces five lines in a previously empty log file rather than the one line I was expecting. Can anybody explain why?

    [#INSTALLMODE]
    [#LETHAL]
    [LOGGING]
    [WHITELISTMODIFY]
    [BLACKLISTMODIFY]
    *>E:*
    [WHITELISTREAD]
    [BLACKLISTREAD]
    *>*.rtf
    [EOF]

    2018/11/09_17:41:33 > W: C:\Windows\System32\notepad.exe > E:\test3.txt
    2018/11/09_17:41:33 > W: C:\Windows\System32\notepad.exe > E:\test3.txt
    2018/11/09_17:41:33 > W: C:\Windows\System32\notepad.exe > E:\test3.txt
    2018/11/09_17:41:33 > W: C:\Windows\System32\notepad.exe > E:\test3.txt
    2018/11/09_17:41:33 > W: C:\Windows\System32\notepad.exe > E:\test3.txt
     
  15. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    407
    Location:
    router
    reason is because of this
    [BLACKLISTMODIFY]
    *>E:*
    its mean every process denied to write file in E: drive
    and you disabled LETHAL mode but not disabled logging!
     
  16. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I expected to get one log entry, but why did I get five?
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Cannot reproduce

    When I open the .txt file with notepad, I enter something and use Save, I get one log line, then notepad asks me where to save the file, followed by telling me I don't have sufficient permissions to open the file if I try to "overwrite" the file, and then another log line appears, for a total of two log lines. If on the 2nd phase of saving, I try to save the file in another location, I get a message that I don't have enough permission to save in that location, and a suggestion to save in the documents folder instead, with another log line with the new location appearing

    With notepad++, I instead get "Save failed, please check if this file is opened in another program" and one log line
     
  18. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I opened Windows notepad, typed a line of text, and saved the file as a new file. Your post tells me that this is unexpected. I'll do some more experimenting.
     
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Honestly if they're all at the same time then I don't think it matters if it's 1 or 10 lines, this happens quite often actually
     
  20. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Maybe normal then, but at this point I'm trying to understand the tool and don't know what's normal and what is caused by something I'm doing wrong.
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    This is not unexpected.
    This might be the ideal case:
    1x click on "Save" = 1 write request (which is denied) = 1 entry in the logfile​
    But this isn't always the case.

    Some applications might try to write a file several times in a row or they don't write a file as a whole but they write it in several pieces
    = more than one entry for a file can be seen in the logfile.
     
  22. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    Okay; good. Thanks folks.
     
  23. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I believe the current rule precedence hierarchy is flawed, perhaps due to the product changing at some point from no rules blocking everything, to no rules allowing everything. (This change is suggested by now obsolete text on page 8 of the manual: "By default Pumpernickel will block all paths that are not specified in the whitelist.") The current hierarchy is, from highest to lowest:

    4 priority blacklist rule
    3 priority whitelist rule
    2 non-priority blacklist rule
    1 non-priority whitelist rule

    This current hierarchy requires you to a) create rules beginning at level 2 to have any effect, thus giving you only three levels to work with, and b) unnecessarily use the priority operator for most of your rules (in level 3) in contrast to my proposed hierarchy below:

    4 priority whitelist rule
    3 priority blacklist rule
    2 non-priority whitelist rule
    1 non-priority blacklist rule

    Am I correct, or am I not understanding something?
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,236
    Location:
    Europe
    Well, personally I think we should be able to set a level. Like, before each rule, there will be [X] where X is a number from 1 to however you like, and the higher number rule overrides the lower number one regardless of placement, and a blacklist rule overriding a whitelist one if both have the same numbers
     
  25. AlphaOne

    AlphaOne Registered Member

    Joined:
    Jan 29, 2015
    Posts:
    87
    Location:
    Canada
    I am inclined toward the scheme I proposed, but don't have a strong preference, even for any change at all. The product looks like it will effectively and efficiently provide the added protection to my external hard drive images as it is.

    I was pointing out what I think would be an improvement that could be easily implemented by the developer without any disruption to his users (existing .ini files would continue to work without modification even though the priority operator would be superfluous in many cases).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.