5.0.1 – November 26, 2024
- Added agent build information to console checkin
- Removed legacy Geofencing and set region field correctly
- Improved DHCP lookups when using air gapped mode
- Improved multicasting and broadcasting support in complex environments
- Added PowerShell whitelisting to piped PowerShell attacks
- Updated filter casting that could create buffer overflows in rare cases
5.0 – October 22, 2024
- Features:
- Realtime GeoIP lookups
- Added completely Air gapped packet filtering for failsafe blocking
- Modernized UI with consistent look and feel
- New baseline activity monitoring
- New system wide feature switching
- Added canary release capability to console
- Performance
- Added multi-threading to network filtering
- Perform packet reassembly when parsing large header blocks
- Added thread safe cache mapping for high performance blocking
- Added thread controls for systemwide performance increase
- DNSLookup can be utilized across multiple threads
- Improvements
- Prevent Powershell piping attacks
- Accurately parse SSL messages that are split over more than one TCP packet
- Improvement parsing of inter application communication messages
- Updated JSON parsing and type checking
- Strongly typed epoch timestamp
- Refactored database access using RAII wrapper
- Moved UI preprocessing logic to core agent
- Forced prepared statements for all SQL queries
- Fixed memory leak in event collection
- Fixed Invalid DNS queries on some systems
- Updating settings parsing for structured JSON deserialization
- Fixed SQL bug preventing some searches to return empty results
- Moved persist classes to core
- Refactored enum values to strongly typed C++ enum classes
- Created data classes to replace overworked tuples
- Make incompleteSslPayloads concurrency safe
- Guard against buffer overrun exceptions when casting payload
- Ensure Baseline Activity Monitoring defaults to OFF if Enterprise
- Removed support for 32 bit systems
4.9.12 – April 29, 2024
- Added SSL/TLS packet reassembly when headers are very large
- Improved serial number detection fallback in rare cases
- Renamed executable to reflect BlackFog naming
- Rebuilt installers with new file naming conventions
- Rebuilt ARM installer for compatibility with Windows 11 ARM 64
- Ensure default options match UI on initial startup
- Updated Copyright strings for 2024
- Ensure forensics tools are not blocked when option is disabled
- Added Windows 23H2 and 24H2 version detection
- Updated audio muting from Enterprise console
- Updated firewall rules for agent communication
- Enforce TLS 1.2 on Windows 7 SP1, Windows Server 2008 R2 and 2012
- Updated process monitoring for Windows 7 and 8
4.9.11 – October 31, 2023
- Fixed compatibility with Windows Hello/Faceid feature
- Ensure settings reload when deleting from Deny dialog
- Renamed drivers to reflect BlackFog convention
- Updated allow listing for common domains
- Added additional spectre mitigations
4.9.10 – September 7, 2023
- Added new logic to stop NAPLISTENER on infected devices (T1505)
- Defined additional SysJoker protections (S0266)
- Added additional PowerShell protections
- Added support for CentraStage scripts
- Updated Windows Server version release data
- Added Linkedin CDN to whitelisting
- Added Group based PowerShell Whitelisting
4.9.9 – March 26, 2023
- Added additional BIOS serial detection
- Optimized double extension protection
- Added backup process parent id detection
- Fixed install mode restriction from console
- Optimized compiling in several core algorithms
4.9.8 – February 22, 2023
- Ignore fake BIOS Serial numbers
- Added ability to lock Allow and Deny lists in UI
- Updated ransomware detection logic
- Added several thousand new malware detections
- Updated copyright for 2023
- Digitally sign installer DLL’s
4.9.7 – September 28, 2022
- Updated support for Windows 21H2
- Updated core feature icons across platforms
- Updated several URL short codes
- Simplified settings terminology
- Synced feature icons across platforms
- Reduced memory footprint of UI
- Reduced application size
- Improved Excel export
4.9.6 – April 14, 2022
- Updated detection of wow64 processes and paths
- Signed all DLL’s
4.9.5 – March 28, 2022
- Made global allow listing to be case insensitive
- Allow InTune scripts to execute
- Added SysJoker service specific detection
- Optimized memory usage while scanning executables
- Added Trusted PowerShell parent processes
- Improved compatibility with HyperV and Windows 11
- Added support for Hypervisor-protected Code Integrity
- Updated copyright notices to 2022
- Updated code signing certificates to 4096 bits
- Renaming transition to BlackFog in preparation of 5.0
- Validate installer and updater paths before launching
- Added several indexes to database to increase performance
- Improved statistics calculations and storage
- Hide global whitelisting in Enterprise mode
- Improved device deletion from Enterprise console
- Updated dashboard icons in line with new BlackFog design
- Removed volume control notifications from client
4.9.1 – December 30, 2021
- Added Workgroup name if domain is empty
- Added additional layers for Log4j vulnerability
- Added rate limiting to events
- Added defaults button in geofencing
- Apply default geofencing at installation
- Improved performance and memory utilization
4.9.0 – September 21, 2021
- Added Windows release 21H1, 21H2
- Added Windows 11 support
- Added Windows 10, 11 ARM 64 support
- Added support for ARM Virtual machines on M1
- Added process deny listing
- Updated driver signatures
- Improved driver memory management
- Update device name on events
- Support new Edge 2 browser
- Decreased memory footprint
- Decreased package sizes
- Improved Excel export
- Detect ARM 64 processors
- Added svchost validation logic
- Added domain name collection
- Added C class allow listing
4.8.2 – April 2, 2021
- Added compatibility for ucheck patching
- Added support for new InTune scripts
- Added new parent process to enterprise events
4.8.1 – March 16, 2021
- Updated Event descriptors for PowerShell attack variants
- Updated detection of Dell laptop machines
- Updated Windows Server editions
- Update JSON parsing performance
- Augmented property reporting with processes
- Allow whitelisting of scripts spawned using illegal parents
- Updated database insert performance
- Added Privacy and Browser cleaning events
- Optimized Event database
4.8.0 – January 7, 2021
- Optimized network performance for high performance servers
- Decreased memory utilization
- Fixed cleaning when using Firefox in 32 bit mode
- Improved Excel export performance
- Improved process detection and reporting
4.7.4 – December 22, 2020
- Prevent execution of scripts through PowerShell
- Force TLS 1.2 communication
- Augmented console events
- Fix install permissions when using MSI
4.7.3 – November 24, 2020
- Updated event fields for Enterprise console
- Allow the addition of processes in allow list
- Updated default browser settings
- Rebuilt with new compiler fixes
4.7.2 – November 13, 2020
- Updated Trial to 14 Days
- Updated runtime dependencies
- Added infrastructure for ARM processors
4.7.1 – November 9, 2020
- Fixed ASLR support on Windows 7
4.7.0 – November 4, 2020
- Added additional detectors for Trickbot techniques
- Added monthly licensing option
- Added support for Brave browser forensic cleaning
- Added WannaCry worm payload prevention
- Updated notification alerts duplication checking
- Updated Mitre codes for several attack vectors
- Allow VDI group changing from image pool
- Added strict handle checking to executable
- Added address space layout randomization (ASLR) to executable
- Improved trial license expiration algorithm
- Improved status tray icon updating
4.6.1 – October 23, 2020
- Updated VDI detection for Enterprise console
4.6.0 – October 22, 2020
- Augmented events for Enterprise console
- Added support for VDI images
- Added event drill-down to dashboard
- Updated installer with the latest MS support libraries
- Removed duplicate hostnames from block events
- Added license deactivation to Enterprise console
- Added support for MS Intune Scripts
- Added additional PowerShell protections
- Optimized PowerShell command line processing
- Updated Windows detection with 20H2
4.5.3 – September 15, 2020
- Fixed terminal services RDP connections on Windows Server 2012
- Added French translation
- Added additional Mimikatz protection
- Improved detection of process network connections
- Added new homograph protections
- Updated Maze ransomware detections
- Updated prevention for Netwalker ransomware variants
- Updated prevention for Sodinokibi ransomware
- Updated techniques used by Ryuk ransomware
4.5.2 – August 15, 2020
- Improved Exfiltration performance to within 95% of bandwidth
- Improved logging performance at high traffic volume
- Optimized network buffers with larger queue lengths
- Optimized threading performance
- Fixed possible pointer corruption with high traffic servers
4.5.1 – July 28, 2020
- Change Whitelist to Allow List
- Change Blacklist to Deny List
- Fixed reporting of process names for enterprise console
- Resigned drivers for Windows 2004
- Prevent duplicate allow or deny rule
- Prevent override of a denied rule
- Prevent override of a geofence rule
4.5.0 – July 16, 2020
- More than 200% increase in filtering throughput
- Added additional double extension prevention mitigations
- Added mitigations for remote code execution MITRE T1170
- Added protections for Inhibit System Recovery MITRE T1490
- Added protection for Squiblydoo attack MITRE T1117
- Added TikTok blocking protection
- Added Homograph protection
- Updated UI to match Enterprise console
- Updated Windows 10 edition 2004
- Added associated MITRE codes to Enterprise console events
- Added msiexec execution mitigations
- Whitelist SolarWinds console automatically
- Improved BIOS model detection
- Added the ability to whitelist processes
- Added support for new MS Edge browser
- No longer send privacy clean events to console
- Fix performance lag on UDP RTP connections
- Added dynamic protocol detection
- Updated dashboard icons using material design outlines
- Renamed cryptomining to cryptojacking
- Auto detect application protocols
- Added Dark Web protection to IPv6 networks
4.3.1 – Mar 26, 2020
- Detect windows Server editions when reporting events
- Fixed mute on forensic clean with new threat types
- Added Hide Hostnames feature to Privacy options
- Updated copyright message for 2020
4.3.0 – Dec 23, 2019
- Improved execution detection performance
- Allow Shell script whitelisting in Enterprise console
- Added process detection with no active users
- Increased size of events dialog
- Added excel export option to events
- Added filtering option to events
- Improved statistics collection and performance
- Added amount cleaned to Privacy Event information
- Increased performance of geofence lookups by 200%
4.2.3 – Dec 16, 2019
- Added paths for Windows 32 bit editions
4.2.2 – Dec 15, 2019
- Added BlackFog version to log file
- Added system process path validation
- Added some minor exceptions in process hierarchies
4.2.1 – Dec 12, 2019
- Added several new illegal process checks
- Removed false positives for java and internet explorer
- Improved Double extension detection
4.2.0 – Dec 11, 2019
- Applications now monitored dynamically, no whitelisting required
- Removed application whitelisting buttons
- Install mode disables all exfiltration for designated periods
- Added Execution option to settings to selectively disable execution monitoring
- Ensure all icons are visible on settings by default
4.1.2 – Dec 9, 2019
- Added additional layer of protections against sodinokibi ransomware
- Added blocked gateway icon to events list
- Improved UDP filtering when using VOIP services
- Improved performance of PowerShell detection
- Optimized SSL requests for more efficient queries
4.1.1 – Nov 21, 2019
- Added proxy aware communication
- Ensure HTTPS for all transport
- Auto whitelist SCCM scripts
- Enforce PowerShell checking options when not logged in
4.1.0 – Nov 7, 2019
- Fix possible null when reading hardware info
- Allow license override from Enterprise to Standard
- Anonymous network stats count towards Dark Web
- Added versions detection for Windows 10 (1909)
- Added changing of secure deletion options from Enterprise console
- Added platform information to event data
- Added Mute Notification option for Privacy Clean
- Added Clean Interval options to Privacy Clean
- Changed Geography to Geofence across platforms
- Added Ransomware to dashboard which includes Dark Web
- Added Botnets to blocking architecture and Settings
- Fixed byte alignment when applying license keys using files
4.0.4 – Oct 17, 2019
- Whitelisted several system Powershell scripts from MS
- Added some memory checks around hardware serial numbers
- Rounded memory size when reporting
- Optimized database flushing for performance
- Increased event column size for timestamp
4.0.3 – Oct 3, 2019
- Optimized memory usage when using secure boot
- Fixed BS when uninstalling and applying updates with secure boot
- Passed all Driver Verifier tests on Windows 10
4.0.2 – Sep 27, 2019
- Fixed BSOD when using Secure Boot mode which pages out memory
4.0.1 – Sep 25, 2019
- Fixed BSOD on Windows 10 when running with Device Guard enabled
- Added notification to client when accessing a Fake News site
4.0.0 – Sep 24, 2019
- Added new user interface to provide easier access to features
- Added sidebar navigation to access core features
- Added new install mode options (15, 30 and 60 mins)
- Added Dashboard, Exfiltration, Settings, Geography, White List, Black List, Forensics, Privacy, Events
- Added event blocking log in addition to standard events
- Improved process scanning performance
- Eliminated duplicate process scanning in terminal services mode
- Enterprise training mode also works with process monitoring
- All options and settings are applied immediately
- All core layer blocking is available in the settings option
- Combined processes and hosts into traffic option with world map
- Updated size and style of world map for clarity
- Updated all tree based icons for high DPI scaling
- Forensic tile maps to Forensics
- Privacy Clean tile now mapped to Clean button within Forensics
- System tile maps to Privacy
- Added save option to Log file
- Added refresh option to Log file
- Fixed geolocation error on malformed data
- Added many more statistics to new dashboard
- Improved IPC performance
- Left side of status bar now shows whether system is active
- About dialog now includes build number
- Fixed stack overflow when parsing deeply nested directories
- Added HDPI icons for better scaling on large monitors
- Updated Installer dependencies for reliability
- Removed all dependencies on WMI
- Updated Ad Blocking. Profiling and malware detection rules
3.7.3 – May 28, 2019
- Reduced memory usage further when processing high traffic volumes
- Improved the upload speed by more than 100%
3.7.2 – May 20, 2019
- Sanity check DNS headers before parsing
- Check hardware object values before releasing
- Provide License dialog when trial has less than 30 days remaining
- Improved stats counters and simplified code
- Fixed stats persistence for profiling data
3.7.1 – Apr 12, 2019
- Improved threading and concurrency in high traffic environments
- Improved tray icon persistence
- Improved Model name detection and resolution
- Improved Autoupdate and client restart
- Added version detection for Windows 10 (1903) edition
3.7.0 – Feb 26, 2019
- Optimized memory access for 15-20% increased performance
- Allow device group assignment at installation through group.key file
- Updated rules logic for more accurate version checking
- Updated status bar text after privacy clean
- Fixed some minor memory leaks
- Enforce SSL when validating license
- Labelled private ip addresses ranges as “private.address”
- Streamlined internal address scanning for performance
- Eliminated possible thread contention when persisting to database
- Updated codebase to conform to C++17
- Automatically white list common URL shorteners
- Access global load balanced servers based on geography
- Fixed whitelist sequencing to ensure it is applied before geofencing
- Optimized subnet scanning performance
- Correctly release memory when finished with icons
- Changed some log messages to Debug only to cleanup log view
3.6.2 – Feb 5, 2019
- Fix certain lists internally due to bug in earlier versions of compiler
- Changed License description for Enterprise in License dialog
- Respect Enterprise options when running update manually
- Ensure training mode flag EXCLUDES execution prevention
- Added the ability to mute Windows Store notifications in console
- Removed possible buffer overrun when white listing long paths
- Removed deprecated Google+ and replaced with Linkedin in About
- Prevent Constrained Language mode of PowerShell Scripts in Windows 10
3.6.1 – Jan 7, 2019
- Prevented possible overflow when showing a large number of blocks on map
- Fixed export of IPv6 addresses in Excel export
- Refactored Excel export for better formatting
- Updated core libraries and optimized parsing
- Updated application icon to match other platforms
- Updated installer dialogs
3.6.0 – Nov 4, 2018
- Added support for IPv6 blocking
- Fixed error when restarting scheduled system tasks when cleaning
- Prevent possible string overflows in GeoIP lookup
- Ensure use of TLS 1.1 or later when using SSL
- Fixed possible overflow when mapping coordinates
- Improved Firefox history cleaning
- Updated detection in Windows 1809 release
- Added Turkish translation to application and installer
- Adhere to Enterprise rules for muting local execution threats
- Changed Audio muting default to OFF
- Fixed persistence of taskbar icon on Windows 10
- Added PID number when generating block notifications
- Changed No DNS message to Suspicious Address to match network option
- Added Fake News blocking
- Added Windows Store blocking
- Added Training mode to restrictions in Enterprise console
3.5.2 – May 22, 2018
-
Fixed SSL blocks when using HTTP/2
-
Fixed possible DNS overflow with long domain names
-
Added Build number to OS version string for console
-
Added the ability to block Facebook in Network > Blocks
- Drivers now signed by Microsoft according to new rules since Windows 10 (1607)
3.5.1 – May 8, 2018
-
Fixed minor leak when checking for new version
-
Improved multi threading with large packet volume
-
Improved performance of packet sniffing
-
Re-signed application and drivers according to Microsofts new policies
-
Disable PowerShell blocks during install mode
-
Perform automatic upgrades with standard license
-
Updated for build 1803 of Windows 10
-
Updated install mode to a default of 30 minutes
3.5.0 – April 19, 2018
-
Enhanced logging with microsecond resolution
-
Debug mode now available using Ctrl+D to enable and Ctrl+X to disable
-
Ignore initial welcome screen with Enterprise license
-
Added mutex synchronization around some variables
-
Automatically defer browser forensic clean if a session is open
-
Include IP in threat message as well as hostname when available
-
Added mute privacy clean notification option for Enterprise
-
Added mute all threats notification option for Enterprise
-
Changed Enterprise license expiry handling
-
Added blacklisting capability to network options and Enterprise console
-
Correctly Detect closure of Internet Explorer shortcuts for browser clean
-
Added GDPR Data Retention option to Enterprise console
3.4.2 – March 21, 2018
-
Relaxed SSL validation to allow sites with malformed headers to pass
-
Added Powershell exception for developer console
-
Added Powershell exception for HyperV
-
Added more detailed logging when Whitelisting
-
Updated Ad blocking rules
-
Updated Service Load order dependencies
- Added over 100 new cryptocurrency mining blocks
3.4.1 – March 14, 2018
-
Improved JSON parsing performance and error detection
-
Added logging messages to client autoupdate procedure
-
Removed superfluous debugger messages
-
Added logging of path name to PowerShell exe attack vectors
-
Added support for SolarWinds Automation Manager
-
Optimized network buffering performance
-
Added several hundred new ad blocks
-
Added option to Mute Geofencing notifications to client and Enterprise
-
Improved SSL parsing performance
-
Whitelisted system files from PowerShell blocks
-
Optimized PowerShell attack blocking
-
Improved whitelisting on IP addresses
-
Improved SQL queries when using foreign character sets
-
Reduced memory requirements when filtering
-
Improved Ad blocking performance and detection over SSL
- Added global whitelisting option to Enterprise console
3.4.0 – February 19, 2018
- Added Powershell Fileless protection to Network options
1. Privilege escalation
2. Obfuscation
3. Encoded commands
4. Remote download
5. Remote execution
6. Mimikatz/Powersploit toolkits
7. Compiled PowerShell
8. PowerShell DLL injection - Improved SQL performance on multiple inserts
- Improved handling of foreign language character sets
- Fixed possible buffer overflow in notifications
- Improved refresh rates on client when changing geofence on Enterprise console
3.3.3 – February 12, 2018
- Added Mute Notification on Clean to Forensics options
- Added Standard Deletion option for cleaning instead of DoD
- Optimized DNS header traversal to avoid mismatches with incomplete data
- Improved statistics count for ads when using different ports
3.3.2 – February 7, 2018
- Improved icon sizing on High DPI screens
- Auto upgrade for Enterprise now restarts client as needed
- Updated translations
- Updated Gzip libraries
- Updated Cryptocurrency mining rules
- Updated Advertising rules
- Added Cryptocurrency mining to Network options
- Added Malware to Network options
- Changed Firefox “Site preferences” default to off to preserve bookmarks
- Removed Powershell config script from installer and used native installer API
3.3.1 – January 31, 2018
- Added some pointer checks on tree lists when there is no Internet connection
- Miscellaneous memory cleanup tasks on client application
- Changed Network block selections to icon based options
- Added the ability to toggle Application Gateway feature
- Added the ability to whitelist using wildcards
- Added several new forensic option categories
- Updated dependency maps for several forensic removals
3.3.0 – January 24, 2018
- Added automatic update of client for Enterprise licenses
- Added collapsible geography groups on windows 10
- Allow DDS passthrough if forensic option is unchecked
- Added Application Layer Gateway (ALG) for HTTP
- Added various data validation segments throughout
- Removed several dependencies reducing overall application size
- Rewrote charting code for modern look and feel
- Added threat chart below geofencing
- Increased performance of networking stack
- Fixed possible overflow when calculating bytes transferred
3.2.2 – January 4, 2018
- Reduced memory footprint of network scanner
- Improved performance of behavioral profiling by 20-30%
- Improved geolocation scanning
- Fixed minor memory leak when getting process information
- Updating user profiling blocks with several new data aggregators
- Updated copyright information for 2018
3.2.1 – December 18, 2017
- Stopped Enterprise console reporting of Browser Clean
- Added more detailed logging for HTTP transfers
3.2.0 – December 7, 2017
- Optimized memory usage throughout
- Added Network>>Whitelist Managed column to identify globally managed domains
- Added Protect menu option to access settings and Install mode
- Added descriptive text to blocked executables to remind users they can whitelist
- Added Expand and Collapse options to Forensics options
- Added Expand and Collapse options to System options
- Added Expand and Collapse options to Geography options
- Added user based whitelisting on multi user machines to ensure all accounts are protected
- Added local state storage for collapse state to all sections
- Improved device id detection for virtual machines
- Added Global process whitelisting for Enterprise users
- Improved packet detection performance
- Improved HTTP performance
3.1.2 – November 14, 2017
- Various performance optimizations
- Support for DDE Auto blocking
- Updated Forensic icons and categories to match Enterprise console
- Updated Ad blocking
3.1.1 – November 7, 2017
- Added automatic Bug Reporting to application
3.1.0 – October 11, 2017
- Added Enterprise capabilities and cloud console (licensed separately)
- Consolidate threats across all devices
- Report all threats, geofence restrictions, spyware and suspicious activity
- Graphical dashboard
- Control all settings remotely
- Lock aspects of the UI remotely
- Trending analysis
- Device inventory
- Device Grouping
- Multi-user administration and control
- 500% improvement in cleaning performance
- Support for files greater than 4GB
- Improved memory usage across the board
- Improved performance and decreased CPU activity across the board
- Improved installer for older systems
- Fixed edge cases for calculating next run times
- Fixed processed time display when no previous run was found
3.0.1 – August 10, 2017
- Added new whitelist rules
- Updated various translations added for Dutch and Danish
- Added enterprise notification options for browser cleaning
- Fixed data insertion error when using restricted character codes
- Fixed character encoding when using extended character codes
3.0.0 – June 28, 2017
-
Completely rebuilt as a Service so it can be used without elevated privileges
-
Added mapping of Geographic blocks on world map
-
Added Ukraine to default countries to block
-
Added Browser auto clean option so that browser is cleaned after each exit
-
Added new Enterprise options for configuration purposes
-
Added customization option for Geographic blocks in Network options
-
Added support for Windows 10 Creators Update
-
Added Disable feature to allow installation of new applications
-
Terminal / Remote Services now supported
-
Can also operate seamlessly without a UI if desired
-
Policies are now dynamically applied like all other rulesets
-
Improved performance across the entire stack for less than 1% CPU
-
Installs for all users of the machine and is licensed accordingly
-
Updated Event Viewer window to show more detail
-
Whitelisting capability for applications running in forbidden locations
-
Added encryption layer to all rulesets for added security
-
Ensure event text is truncated for long entries in main tile
-
Renamed ok button in license registration dialog to cancel
-
Fixed microphone volume detection notifications that could notify with setting off
-
Make events user specific when using terminal/ remote services
-
Clicking on message balloon event will bring up the event viewer
-
Wrap License key when entering into registration dialog
-
Added WhiteList Snapshot button to Network > Blocked
-
Improved Icon scaling in Network dialog when running on high DPI settings
-
Updated and added new Menu icons for high DPI systems
-
Automatically re-enable policies after 10 minutes inactivation for installs
-
Changed date format to more universal 24 hour format
-
Refactored host and process dialogs for larger screens
2.7.3 – April 6, 2017
- Added policy exclusion when running executables directly from Internet Explorer
- Resolved policy cleanup when upgrading from older versions
2.7.2 – April 4, 2017
-
Improved rules for preventing file execution inside protected folders with deep nesting
-
Blocked more anonymous network routing using TOR proxies
- Updated Advertising networks for bitcoin ads
-
Improved network scanning performance approximately 50%
-
Improved blocking when using HTTPS
-
Added Spotify to Whitelisting rules until they fix the installation
-
Remove non printing characters in License key
2.7.1 – March 20, 2017
-
Fixed issue which would stop updater running in some circumstances
2.7.0 – March 7, 2017
-
Added blocks for anonymous networks
-
Added blocks for geographic regions
-
Added execution blocks in temporary locations
-
Added execution blocks to over 100 double extensions such as txt.exe
-
Added execution blocks to non standard locations
-
Changed default color on map to black
-
Improved application cleanup and memory management
-
Prevent multiple notifications from the same threat vector
-
Ensure automatic updates to the application
-
Provide MSI installer option to Enterprises
2.6.4 – February 1, 2017
- Fixed system tray icon from disappearing in some systems
- Improved filtering performance
- Removed false positives when detecting DNS threats
2.6.3 – January 31, 2017
- Added enterprise licensing model
- Added more detail to threat messages such as the originating process and port
- Added acknowledgements menu item for third party libraries and licensing
2.6.2 – January 23, 2017
- Added new license format decoding
2.6.1 – January 17, 2017
- Fixed an obscure bug when parsing SSL
- Removed debug messages from console
2.6.0 – January 13, 2017
- Improved logging performance on busy devices
- Improved interface on high DPI screens
- Added new icons to System settings
- Changed requests to use SSL by default
- Improved database performance and concurrency
- Updated System Tray Icon with multiple states
- Implemented System Service for core tasks
- Fixed icon displayed in Windows 10 when viewing background tasks in process viewer
- Updated translations
2.5.3 – January 2, 2017
- Added debug symbols for bug reporting purposes
- User interface now adapts to high DPI screens with larger icons
- Updated rules based on Russian hack information from US government
2.5.2 – December 20, 2016
- Updated Licensing dialog to cope with more licensing scenarios
- Updated Dutch translations
- Added detailed error reporting and new crash reporter
2.5.1 – November 14, 2016
- Fixed dashboard redraw after sleep/wake cycle on some Windows 7 laptops
- Fixed error when exporting network data to Excel with no domain/country information
2.5 – October 18, 2016
- Major interface update highlighting threats and easy access to cleaning and other stats
- Added visual traffic map to main interface to highlight traffic destination
- Updated System Tray Icon for Windows 7 and 8.1 to align with system style icons
- Identified more System processes during network profiling
- Force rule update when selecting update from menus
- Updated rules for Edge browser when navigating to infected sites
- Improved the performance, parsing and error handling of json files
- On Windows 8 and above we offer the option to turn off “Smart Multi-Homed Name Resolution” which significantly improves the security of your machine
- Updated thumbnail cache removal on Windows 10
- Updated various settings for Windows 10 Centennial edition
- Updated Firefox password deletion for newest versions
- Fixed crash when parsing certain foreign language configuration files
- Optimized network profiling with malformed network packets
- Improved network blocking performance and reduced CPU usage even further
- Improved notification mechanism when dealing with threats
- Added rules for emptying recycle bin and downloads directory
- Added System settings for the Microsoft Edge browser to keep your data private
- Improved cache flushing when changing network settings
- Improved periodic gelocation flushing algorithm
- Added Default option to system privacy settings
- Optimized all tiles with Direct2D for rendering and performance
- Enabled the removal of Microsoft Edge History and Caching at the OS level
2.0.3 – September 12, 2016
- After applying a license key the application no longer requires a restart
2.0.2 – September 8, 2016
- Changed application icon to align with MacOS version
- Improved screen redraw on Windows 10 based devices
2.0.1 – August 24, 2016
- Added new “defaults” option to Forensics dialog
- Allow reset of all statistics using Ctrl-R
- Renamed blocking of “Computrace/DDS and LoJack” to “Forensic Tools” to block a wider range of tools
- Improved memory management
- Updated all rulesets to detect over 25m threats
2.0.0 – July 18, 2016
- Added over 24 million blocks for Ransomware and Spyware
- Added Block Page message to browser when trying to access blocked URL’s directly
- Added specific option for forensic tools instead of being grouped under spyware
- Added new License menu option to make changing licenses easier
- Added ability to turn off the reminder when executing a second instance
- Added many new rules for Windows 10 and recent OS updates
- Added forensic rules for over 30 new applications
- Added deletion of Temporary Internet Files
- Added historical charts for Profiling and Advertising
- Added markers to gauges displaying recommended levels
- Added remote desktop disable option to system settings
- Clicking on Threats dashboard entry now opens threat event window
- Change default value for microphone volume checking to off
- Check for updates before performing initial install
- Prevent updater from running if it is already executing in the scheduler
- Translated Welcome message into native language equivalents
- Improved process detection for edge cases
- Ensure windows services are validated before being shutdown
- Ensure spyware deactivation does not notify on subsequent scans
- Validate license server before checking license
- Moved Events into the View menu
- Changed Diagnostics to Log and moved into the View menu
1.3.1 – June 1, 2016
- Ensure non routable addresses are not flagged internally
- Added decimal place to dashboard statistics for larger values
- Fixed null error when discovering process paths
- Improved threat detection performance by approximately 20%
1.3.0 – May 27, 2016
- Added counters to the main dashboard to show the number of blocks over a 24 hr period
- Added Danish Translation
- Added Dutch Translation
- Validate network connection before attempting product update
- Updated frequency of Tile redraws
- Changed Traffic Tile highlight color so hover is more obvious
- Removed Internet connection check on installer which did not work correctly with multiple NIC cards enabled
- Create Firewall exception on systems that block all outbound connections
- Ensure that unchecking spyware switches off spyware detection
1.2.0 – May 3, 2016
- Added Excel export of weekly traffic report for Network auditing and data breach purposes. Supports xlsx and xls formats
- Added Excel export of weekly summary report for Network auditing and data breach purposes. Supports xlsx and xls formats
- Added behavioral analysis for detecting ransomware connections when communicating with Command and Control servers
- Added notifications when attempting to connect to suspicious domains
- Added ability to lookup domains in VirusTotal for further information from context menu
- Changed manual blocking to rules based blocking so application is preconfigured on startup
- Fixed loading of older traffic tile calculations if application was restarted
- Improved database persistence performance for network auditing
- Tweaked Navigation labels to be more consistant with documentation
- Changed gauge colors to a different palette
- Improved domain name detection for SSL connections
- Removed text welcome screen and replaced with a graphic
- Added infrastructure for multiple languages for future releases
1.1.0 – April 6, 2016
- Automatically open main window if user tries to run a second copy of the application
- Ensure window opens and positions correctly on multiple monitors
- Resize traffic window and buttons correctly when DPI is greater than 100%
- Added Twitter, Facebook and Google links to main dashboard
1.0.6 – March 11, 2016
- Ensure time stamps are updated when loading new rules
- Added View menu option for displaying traffic detail in addition to the tiles
- Improved memory management when dealing with large traffic volume
- Added streamlining of preprocessed packets to increase performance
1.0.5 – February 29, 2016
- Added Quick Start to Help Menu
- Fixed display of blocked endpoints in the network dialog
- Ensure Windows 7 based installs have been correctly patched with SHA256 support (KB3033929)
- Added Log Rolling capability for diagnostics
1.0.4 – February 19, 2016
- Updated Signing certificates to SHA256 to prevent problems on Windows 7
- Various Performance and memory improvements
- Added foundation work for traffic triggering in next major release
1.0.3 – February 15, 2016
- Various performance improvements
- Updated System Privacy metric calculations
1.0.2 – February 8, 2016
- Initial Public Release
- Real-time removal of online advertising, data collection and profiling
- Spyware detection and blocking
- Forensic data removal
- System privacy lockdown
- Microphone notifications
- Application and endpoint blocking
Related Posts
The Johnson Controls Ransomware Attack – Impact and Key Insights Review
In September 2023, Johnson Controls International suffered a ransomware attack linked to the Dark Angels group, resulting in the theft of 27TB of sensitive data. The breach caused $27 million in losses and disrupted operations, highlighting the critical need for robust cybersecurity defenses.
The 2024 Vulnerability Crisis – Managing Cybersecurity Threats
Learn how organizations can meet the onslaught of cybersecurity vulnerabilities, along with five of the most common vulnerabilities and successful management strategies. Find out why there’s a new vulnerability every 17 minutes.
What is Data Loss Prevention? | A Complete Guide to DLP Security
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
BlackFog: Personal Liability Concerns Impact 70% of Cybersecurity Leaders
70% of cybersecurity leaders face personal liability concerns. Discover how it impacts governance, accountability, and cybersecurity practices.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
BlackCat Ransomware: What It Is and How to Defend Against It
Learn how to protect your business from BlackCat ransomware with essential insights, ransomware prevention tips, and actionable defense strategies to mitigate risk.