Advice Request BlackFog - Anyone Used It?

Please provide comments and solutions that are helpful to the author of this topic.

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465

Giving it a trial, so far impressed but not seen much about it on here, the interface isn't wonderful & options not plentiful, so far looks very good - Anyone else used it?
 
B

BVLon


Giving it a trial, so far impressed but not seen much about it on here, the interface isn't wonderful & options not plentiful, so far looks very good - Anyone else used it?
Lots of glamour and first test - Norton detects something with IPS.
This software does nothing.

1583711465883.png


Then I kept testing and testing... did not see it in action at all. It is hard to say that this software is effective.
They use fancy naming for stuff that's been around since the early web age. For example there is a tool called "forensics". By the name I got impressed, thinking this tool might help me track and analyse attacks. Upon clicking, I discovered that it shreds the browser history on exit or scheduled for specific time... Something McAfee has called QuickClean...
GeoFence seems useless to me...
Exfiltration is a basic traffic monitor and we all know a better one.
Settings are... I just could not figure them out.

Conclusion: this is a paid software that to me looks more like a joke
 
Last edited by a moderator:

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Thanks for that, it does a fantastic job of ad-blocking though, no idea about what else it does? 😮 - The interface is from Windows 3, GeoBlocking does work though not sure how useful it is - Got a 30 trial so can't lose much - I too am running Norton 360- Found a thread on Wilders, has potential maybe?

Fog.jpg
 
B

BVLon

Thanks for that, it does a fantastic job of ad-blocking though, no idea about what else it does? 😮 - The interface is from Windows 3, GeoBlocking does work though not sure how useful it is - Got a 30 trial so can't lose much - I too am running Norton 360- Found a thread on Wilders, has potential maybe?

View attachment 234609
I updated my comment to reflect the software better...I don't think it is useful.
 

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Used BlackFog for a couple of days & put it on my other half's new lappy & have to say I'm most impressed, I think enough to buy it - I appreciate others may not be but for me it does a great job.. I tried it a few months back & was undecided but IMHO, worth a try (y)(y)
 

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
There's a long running thread over at Wilders and a developer is active there.
Thanks I found that yesterday, the developer seems to be quite active - Thanks again :):)
 

Darren Williams

Level 1
Mar 10, 2020
10
Just noticed this forum discussion. Happy to respond to any questions you guys may have. From a high level perspective we focus on Privacy and security and rather than focus on fingerprinting like all the other tools that exist we focus on data exfiltration, so we are able to stop attacks as they happen in real time by looking at the individual packets coming from the device itself.

As someone pointed out, we have a long running discussion on Wilders that might be useful from a discussion point of view as its a quite a different a approach. You will notice that we have very few false positives as well, so while you may think it is not doing anything it is actually quite busy.

If you have specific questions I am happy to answer them.
 
B

BVLon

Just noticed this forum discussion. Happy to respond to any questions you guys may have. From a high level perspective we focus on Privacy and security and rather than focus on fingerprinting like all the other tools that exist we focus on data exfiltration, so we are able to stop attacks as they happen in real time by looking at the individual packets coming from the device itself.

As someone pointed out, we have a long running discussion on Wilders that might be useful from a discussion point of view as its a quite a different a approach. You will notice that we have very few false positives as well, so while you may think it is not doing anything it is actually quite busy.

If you have specific questions I am happy to answer them.
So what's your approach and what are you trying to protect against?
 

Darren Williams

Level 1
Mar 10, 2020
10
Here is a snippet of a response from Wilders:

BlackFog sits at layer 3 of the Network stack and watches all outbound traffic and watches for anomalies in behavior, this includes data leaking to known C&C servers, crypto mining sites etc. We look at how protocols are formed, what it is sending, how and where to determine if it is legitimate and block accordingly. We have about 12 different parameters (many more under development) that are used to determine legitimacy of the traffic. In addition we monitor executable location to prevent files being dropped on your machine. As pointed out this is very complex to do and it is done in real time.

We designed this to be no intrusive and minimize false positives.

We have a lot of blog articles that talk about each aspect in a lot more detail if you are interested. I would point you to the following as a starting point:

All About Data Exfiltration
 
B

BVLon

Here is a snippet of a response from Wilders:

BlackFog sits at layer 3 of the Network stack and watches all outbound traffic and watches for anomalies in behavior, this includes data leaking to known C&C servers, crypto mining sites etc. We look at how protocols are formed, what it is sending, how and where to determine if it is legitimate and block accordingly. We have about 12 different parameters (many more under development) that are used to determine legitimacy of the traffic. In addition we monitor executable location to prevent files being dropped on your machine. As pointed out this is very complex to do and it is done in real time.

We designed this to be no intrusive and minimize false positives.

We have a lot of blog articles that talk about each aspect in a lot more detail if you are interested. I would point you to the following as a starting point:

All About Data Exfiltration
So you are saying your software can protect against data leaks, botnets, crypto-mining and file-less malware. Your software is supposed to block an executable from being written via PowerShell?
 

Darren Williams

Level 1
Mar 10, 2020
10
A really good way to see what is going on is to run BlackFog and switch off the Profiling and Web Advertising options. Then use your browser to goto a few news sites. Then go to the exfiltration pane and click hosts. It will bring up a list of all the hosts that data is being exfiltrated to. Now turn those features back on and press CTRL+R (to reset the stats to zero) and do it again. Note how much the traffic has decreased in terms of the number of hosts and volume, normally by at least 50%.

You can do this for many of the other options as well. You can also review the events pane to see what it is actually blocking. I think you will be surprised by what you see.
 

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Hi: Darren, I noticed on my BF rules were from February which I was going to ask about but just noticed very recently now updated - I haven't had to to read the whole thread on Wilders but I'm assuming your rules don't need updating as frequently as for example 'Normal'' Ad rules for example - Excuse my ignorance but just been using BlackFog a few days but so impressed bought it :):)
 

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
@Darren: Can you please answer a question, I've read all the info I can find & I think read the thread on Wilders but: Whatever I do with BlackFiog hidden or not I get a list of each & every site I've visited for anyone to view in 'ExFiltration' 'Hosts' - I don't mind Processes being view-able but all the sites I visit is the opposite of what I'm looking for in a big way, like the worst case scenario. There doesn't seem to be anyway to stop this happening altogether, I can't think of a reason I would ever want that? The screenshot with a couple of entries to show a potential issue is with Fog hidden. Hope there is a way & I'm wrong :oops:

CropImage.jpg


EDIT: I have the same situation on my other half's lappy, totally different PC, same situation, Events needs a clear button or no log for some don't keep events they too have IP's associated.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top