BlackFog ensures your device is protected from fileless cyberattacks which are growing at an alarming rate. It provides real-time protection against online threats with 12 layers of protection to prevent attacks from ransomware, spyware, malware and unauthorized data collection and profiling.
It provides several layers of protection.
- Monitors network traffic in real-time and blocks applications and websites from collecting and profiling your behavior. It also allows you to see where you outbound traffic is going and block endpoints and / or applications from sending data to remote servers.
- Locks down the operating system so that background services, scheduled tasks and processes do not collect data about your behavior
- Removes any forensic data (application history, cookies and log files) from your computer
- Blocks microphone activation by other applications so that you are well informed about audio recording activity
All of these features can be easily controlled using the navigation tiles on the main screen.
Navigation
The main interface consists of navigation icons on the left and relevant content on the right.
Options
The options provide various dialogs to control the settings of the application based upon forensic data, privacy and outbound traffic destination.
Exfiltration
The destination of every packet is analyzed by BlackFog in real-time. This option displays the number of hosts and processes over the last 24 hours. Clicking on the relevant icons opens a dialog with specific detail of each process or host with its geo location and domain.
Exfiltration provides a visual map of all outbound traffic from your device across all ports and interfaces. The black squares represent the destination of the traffic and the red circles the geofences you have applied. It provides up to 100 unique data points and is updated every 60 seconds.
The Settings provide many different levels of protection for your device. By default most options are switched on by default for the maximum available protection.
Ransomware
The Ransomware option blocks more than 26 million known transmission sites for bad actors and prevents data leaking from your device to these sites. It includes all known command and control servers and suspicious transfers from your device.
This option disables data collection and remote access from forensic tools that can be installed in the BIOS of your device. This detects and terminates process in real time to ensure your device remains protected.
Hide BlackFog / Browser Traffic
When viewing the network traffic from the hosts or traffic tile you will normally see all traffic leaving your device. If you select this option it will automatically filter out traffic from BlackFog and any browser you are using. It does not change the collection of the data, only the filter for displaying the information.
Blocks Web Advertising in real time across the entire device regardless of browser. This blocks display ads, modal popups and video based advertising. It does not require any browser based plugin to function. You can also combine this with whitelisting if you would like to bypass this filtering on specific web sites. It will also protect devices from malvertising.
Web Profiling
Eliminates the collection of browsing and behavioral data while you are browsing the Internet. It also ensures that your information is not being shared with third parties for future marketing efforts.
Suspicious Address
Many bad actors use direct IP addresses when communicating with their own servers. Unless you are a developer it should be rare that you need to use a direct IP address for a legitimate purpose. This option allows direct IP addresses to be automatically blocked.
The Dark Web is the primary communications channel for most ransomware and malware. Bad actors will use this to both activate and collect your data. By enabling this feature you can stop communication through the Dark Web. This will also prevent users from using Dark Web browsers such as TOR.
Geofence
Geofencing is a technique for blocking data transmission (exfiltration) to other countries. Since many attack vectors come from a small number of countries it is preferable to geofence them to protect your device. You can add specific countries in the Geofence option in the navigation pane. This option can toggle the blocking as needed.
Application Gateway
When bad actors target your machine over the network they commonly use firewall ports they know are already open, such as HTTP and HTTPS. They use these ports to send non-HTTP(s) traffic to send data back to Command and Control Servers (CC Servers) to steal data. BlackFog detects these messages and blocks them before they can do any damage.
Cryptocurrency Mining
Cryptocurrency mining is growing exponentially as a way for cyber criminals to make money. Rather than using there own computing resources, power and equipment they would rather use yours. They infect your computer with code to steal CPU cycles and ultimately mine digital currency to make a profit. This option ensure that your device is protected.
Malware
Malware and phishing attacks continue to rise rapidly using social engineering and other common techniques. This option protects you from known malware infecting your device and provides an immediate block screen for those sites affected.
PowerShell attacks now represent a major entry point for attack vectors. PowerShell is most commonly used to launch a fileless attack and launches directly into memory. BlackFog detects these attacks in real time and immediately terminates execution. This prevents the download of any further payloads to keep your device safe.
Geofence
Geofencing is a technique for blocking data transmission (exfiltration) to other countries. This option allows you to add specific regions to the active geofence. To enable this feature you also need to enable Geofence in the settings pane.
White List
The White List allows you to specify specific domains or ip addresses to be ignored when applying the blocking rules. This can be important if you are using your device for development or wish to allow outbound activity to suspicious destinations. In addition, you can also white list applications that are using illegal runtime locations for certain activities, most commonly application updates.
Black List
As the opposite of White List, Black List allows you to specify hosts or ip addresses that should be automatically blocked for destination traffic. Hostnames may include wild card characters to block a range of sites from a single domain such as *.domain.com.
Forensics
Forensic options control the trace activity recorded by applications such as history, cookies and log files that maybe leaking your personal information and activity. BlackFog Privacy constantly updates these rules to ensure you are always protected. Secure deletion algorithms ensure there is no trace activity left behind.
Privacy
Privacy options control the background system services, scheduled tasks and processes that are collecting information and usage patterns. These services can be toggled on or off and will not affect the routine operation of your operating system.
Events
Events provides a list of the most recent blocks performed by BlackFog. This is limited to the most recent 256 blocks and shows the time stamp, type of block, domain or ip and port. More detailed threat information can be accessed by clicking the Events button in the lower right hand corner.