4.8.0 – January 7, 2021
- Optimized network performance for high performance servers
- Decreased memory utilization
- Fixed cleaning when using Firefox in 32 bit mode
- Improved Excel export performance
- Improved process detection and reporting
4.7.4 – December 22, 2020
- Prevent execution of scripts through PowerShell
- Force TLS 1.2 communication
- Augmented console events
- Fix install permissions when using MSI
4.7.3 – November 24, 2020
- Updated event fields for Enterprise console
- Allow the addition of processes in allow list
- Updated default browser settings
- Rebuilt with new compiler fixes
4.7.2 – November 13, 2020
- Updated Trial to 14 Days
- Updated runtime dependencies
- Added infrastructure for ARM processors
4.7.1 – November 9, 2020
- Fixed ASLR support on Windows 7
4.7.0 – November 4, 2020
- Added additional detectors for Trickbot techniques
- Added monthly licensing option
- Added support for Brave browser forensic cleaning
- Added WannaCry worm payload prevention
- Updated notification alerts duplication checking
- Updated Mitre codes for several attack vectors
- Allow VDI group changing from image pool
- Added strict handle checking to executable
- Added address space layout randomization (ASLR) to executable
- Improved trial license expiration algorithm
- Improved status tray icon updating
4.6.1 – October 23, 2020
- Updated VDI detection for Enterprise console
4.6.0 – October 22, 2020
- Augmented events for Enterprise console
- Added support for VDI images
- Added event drill-down to dashboard
- Updated installer with the latest MS support libraries
- Removed duplicate hostnames from block events
- Added license deactivation to Enterprise console
- Added support for MS Intune Scripts
- Added additional PowerShell protections
- Optimized PowerShell command line processing
- Updated Windows detection with 20H2
4.5.3 – September 15, 2020
- Fixed terminal services RDP connections on Windows Server 2012
- Added French translation
- Added additional Mimikatz protection
- Improved detection of process network connections
- Added new homograph protections
- Updated Maze ransomware detections
- Updated prevention for Netwalker ransomware variants
- Updated prevention for Sodinokibi ransomware
- Updated techniques used by Ryuk ransomware
4.5.2 – August 15, 2020
- Improved Exfiltration performance to within 95% of bandwidth
- Improved logging performance at high traffic volume
- Optimized network buffers with larger queue lengths
- Optimized threading performance
- Fixed possible pointer corruption with high traffic servers
4.5.1 – July 28, 2020
- Change Whitelist to Allow List
- Change Blacklist to Deny List
- Fixed reporting of process names for enterprise console
- Resigned drivers for Windows 2004
- Prevent duplicate allow or deny rule
- Prevent override of a denied rule
- Prevent override of a geofence rule
4.5.0 – July 16, 2020
- More than 200% increase in filtering throughput
- Added additional double extension prevention mitigations
- Added mitigations for remote code execution MITRE T1170
- Added protections for Inhibit System Recovery MITRE T1490
- Added protection for Squiblydoo attack MITRE T1117
- Added TikTok blocking protection
- Added Homograph protection
- Updated UI to match Enterprise console
- Updated Windows 10 edition 2004
- Added associated MITRE codes to Enterprise console events
- Added msiexec execution mitigations
- Whitelist SolarWinds console automatically
- Improved BIOS model detection
- Added the ability to whitelist processes
- Added support for new MS Edge browser
- No longer send privacy clean events to console
- Fix performance lag on UDP RTP connections
- Added dynamic protocol detection
- Updated dashboard icons using material design outlines
- Renamed cryptomining to cryptojacking
- Auto detect application protocols
- Added Dark Web protection to IPv6 networks
4.3.1 – Mar 26, 2020
- Detect windows Server editions when reporting events
- Fixed mute on forensic clean with new threat types
- Added Hide Hostnames feature to Privacy options
- Updated copyright message for 2020
4.3.0 – Dec 23, 2019
- Improved execution detection performance
- Allow Shell script whitelisting in Enterprise console
- Added process detection with no active users
- Increased size of events dialog
- Added excel export option to events
- Added filtering option to events
- Improved statistics collection and performance
- Added amount cleaned to Privacy Event information
- Increased performance of geofence lookups by 200%
4.2.3 – Dec 16, 2019
- Added paths for Windows 32 bit editions
4.2.2 – Dec 15, 2019
- Added BlackFog version to log file
- Added system process path validation
- Added some minor exceptions in process hierarchies
4.2.1 – Dec 12, 2019
- Added several new illegal process checks
- Removed false positives for java and internet explorer
- Improved Double extension detection
4.2.0 – Dec 11, 2019
- Applications now monitored dynamically, no whitelisting required
- Removed application whitelisting buttons
- Install mode disables all exfiltration for designated periods
- Added Execution option to settings to selectively disable execution monitoring
- Ensure all icons are visible on settings by default
4.1.2 – Dec 9, 2019
- Added additional layer of protections against sodinokibi ransomware
- Added blocked gateway icon to events list
- Improved UDP filtering when using VOIP services
- Improved performance of PowerShell detection
- Optimized SSL requests for more efficient queries
4.1.1 – Nov 21, 2019
- Added proxy aware communication
- Ensure HTTPS for all transport
- Auto whitelist SCCM scripts
- Enforce PowerShell checking options when not logged in
4.1.0 – Nov 7, 2019
- Fix possible null when reading hardware info
- Allow license override from Enterprise to Standard
- Anonymous network stats count towards Dark Web
- Added versions detection for Windows 10 (1909)
- Added changing of secure deletion options from Enterprise console
- Added platform information to event data
- Added Mute Notification option for Privacy Clean
- Added Clean Interval options to Privacy Clean
- Changed Geography to Geofence across platforms
- Added Ransomware to dashboard which includes Dark Web
- Added Botnets to blocking architecture and Settings
- Fixed byte alignment when applying license keys using files
4.0.4 – Oct 17, 2019
- Whitelisted several system Powershell scripts from MS
- Added some memory checks around hardware serial numbers
- Rounded memory size when reporting
- Optimized database flushing for performance
- Increased event column size for timestamp
4.0.3 – Oct 3, 2019
- Optimized memory usage when using secure boot
- Fixed BS when uninstalling and applying updates with secure boot
- Passed all Driver Verifier tests on Windows 10
4.0.2 – Sep 27, 2019
- Fixed BSOD when using Secure Boot mode which pages out memory
4.0.1 – Sep 25, 2019
- Fixed BSOD on Windows 10 when running with Device Guard enabled
- Added notification to client when accessing a Fake News site
4.0.0 – Sep 24, 2019
- Added new user interface to provide easier access to features
- Added sidebar navigation to access core features
- Added new install mode options (15, 30 and 60 mins)
- Added Dashboard, Exfiltration, Settings, Geography, White List, Black List, Forensics, Privacy, Events
- Added event blocking log in addition to standard events
- Improved process scanning performance
- Eliminated duplicate process scanning in terminal services mode
- Enterprise training mode also works with process monitoring
- All options and settings are applied immediately
- All core layer blocking is available in the settings option
- Combined processes and hosts into traffic option with world map
- Updated size and style of world map for clarity
- Updated all tree based icons for high DPI scaling
- Forensic tile maps to Forensics
- Privacy Clean tile now mapped to Clean button within Forensics
- System tile maps to Privacy
- Added save option to Log file
- Added refresh option to Log file
- Fixed geolocation error on malformed data
- Added many more statistics to new dashboard
- Improved IPC performance
- Left side of status bar now shows whether system is active
- About dialog now includes build number
- Fixed stack overflow when parsing deeply nested directories
- Added HDPI icons for better scaling on large monitors
- Updated Installer dependencies for reliability
- Removed all dependencies on WMI
- Updated Ad Blocking. Profiling and malware detection rules
3.7.3 – May 28, 2019
- Reduced memory usage further when processing high traffic volumes
- Improved the upload speed by more than 100%
3.7.2 – May 20, 2019
- Sanity check DNS headers before parsing
- Check hardware object values before releasing
- Provide License dialog when trial has less than 30 days remaining
- Improved stats counters and simplified code
- Fixed stats persistence for profiling data
3.7.1 – Apr 12, 2019
- Improved threading and concurrency in high traffic environments
- Improved tray icon persistence
- Improved Model name detection and resolution
- Improved Autoupdate and client restart
- Added version detection for Windows 10 (1903) edition
3.7.0 – Feb 26, 2019
- Optimized memory access for 15-20% increased performance
- Allow device group assignment at installation through group.key file
- Updated rules logic for more accurate version checking
- Updated status bar text after privacy clean
- Fixed some minor memory leaks
- Enforce SSL when validating license
- Labelled private ip addresses ranges as “private.address”
- Streamlined internal address scanning for performance
- Eliminated possible thread contention when persisting to database
- Updated codebase to conform to C++17
- Automatically white list common URL shorteners
- Access global load balanced servers based on geography
- Fixed whitelist sequencing to ensure it is applied before geofencing
- Optimized subnet scanning performance
- Correctly release memory when finished with icons
- Changed some log messages to Debug only to cleanup log view
3.6.2 – Feb 5, 2019
- Fix certain lists internally due to bug in earlier versions of compiler
- Changed License description for Enterprise in License dialog
- Respect Enterprise options when running update manually
- Ensure training mode flag EXCLUDES execution prevention
- Added the ability to mute Windows Store notifications in console
- Removed possible buffer overrun when white listing long paths
- Removed deprecated Google+ and replaced with Linkedin in About
- Prevent Constrained Language mode of PowerShell Scripts in Windows 10
3.6.1 – Jan 7, 2019
- Prevented possible overflow when showing a large number of blocks on map
- Fixed export of IPv6 addresses in Excel export
- Refactored Excel export for better formatting
- Updated core libraries and optimized parsing
- Updated application icon to match other platforms
- Updated installer dialogs
3.6.0 – Nov 4, 2018
- Added support for IPv6 blocking
- Fixed error when restarting scheduled system tasks when cleaning
- Prevent possible string overflows in GeoIP lookup
- Ensure use of TLS 1.1 or later when using SSL
- Fixed possible overflow when mapping coordinates
- Improved Firefox history cleaning
- Updated detection in Windows 1809 release
- Added Turkish translation to application and installer
- Adhere to Enterprise rules for muting local execution threats
- Changed Audio muting default to OFF
- Fixed persistence of taskbar icon on Windows 10
- Added PID number when generating block notifications
- Changed No DNS message to Suspicious Address to match network option
- Added Fake News blocking
- Added Windows Store blocking
- Added Training mode to restrictions in Enterprise console
3.5.2 – May 22, 2018
-
Fixed SSL blocks when using HTTP/2
-
Fixed possible DNS overflow with long domain names
-
Added Build number to OS version string for console
-
Added the ability to block Facebook in Network > Blocks
- Drivers now signed by Microsoft according to new rules since Windows 10 (1607)
3.5.1 – May 8, 2018
-
Fixed minor leak when checking for new version
-
Improved multi threading with large packet volume
-
Improved Performance of packet sniffing
-
Re-signed application and drivers according to Microsofts new policies
-
Disable PowerShell blocks during install mode
-
Perform automatic upgrades with standard license
-
Updated for build 1803 of Windows 10
-
Updated install mode to a default of 30 minutes
3.5.0 – April 19, 2018
-
Enhanced logging with microsecond resolution
-
Debug mode now available using Ctrl+D to enable and Ctrl+X to disable
-
Ignore initial welcome screen with Enterprise license
-
Added mutex synchronization around some variables
-
Automatically defer browser forensic clean if a session is open
-
Include IP in threat message as well as hostname when available
-
Added mute privacy clean notification option for Enterprise
-
Added mute all threats notification option for Enterprise
-
Changed Enterprise license expiry handling
-
Added blacklisting capability to network options and Enterprise console
-
Correctly Detect closure of Internet Explorer shortcuts for browser clean
-
Added GDPR Data Retention option to Enterprise console
3.4.2 – March 21, 2018
-
Relaxed SSL validation to allow sites with malformed headers to pass
-
Added Powershell exception for developer console
-
Added Powershell exception for HyperV
-
Added more detailed logging when Whitelisting
-
Updated Ad blocking rules
-
Updated Service Load order dependencies
- Added over 100 new cryptocurrency mining blocks
3.4.1 – March 14, 2018
-
Improved JSON parsing performance and error detection
-
Added logging messages to client autoupdate procedure
-
Removed superfluous debugger messages
-
Added logging of path name to PowerShell exe attack vectors
-
Added support for SolarWinds Automation Manager
-
Optimized network buffering performance
-
Added several hundred new ad blocks
-
Added option to Mute Geofencing notifications to client and Enterprise
-
Improved SSL parsing performance
-
Whitelisted system files from PowerShell blocks
-
Optimized PowerShell attack blocking
-
Improved whitelisting on IP addresses
-
Improved SQL queries when using foreign character sets
-
Reduced memory requirements when filtering
-
Improved Ad blocking performance and detection over SSL
- Added global whitelisting option to Enterprise console
3.4.0 – February 19, 2018
- Added Powershell Fileless protection to Network options
1. Privilege escalation
2. Obfuscation
3. Encoded commands
4. Remote download
5. Remote execution
6. Mimikatz/Powersploit toolkits
7. Compiled PowerShell
8. PowerShell DLL injection - Improved SQL performance on multiple inserts
- Improved handling of foreign language character sets
- Fixed possible buffer overflow in notifications
- Improved refresh rates on client when changing geofence on Enterprise console
3.3.3 – February 12, 2018
- Added Mute Notification on Clean to Forensics options
- Added Standard Deletion option for cleaning instead of DoD
- Optimized DNS header traversal to avoid mismatches with incomplete data
- Improved statistics count for ads when using different ports
3.3.2 – February 7, 2018
- Improved icon sizing on High DPI screens
- Auto upgrade for Enterprise now restarts client as needed
- Updated translations
- Updated Gzip libraries
- Updated Cryptocurrency mining rules
- Updated Advertising rules
- Added Cryptocurrency mining to Network options
- Added Malware to Network options
- Changed Firefox “Site preferences” default to off to preserve bookmarks
- Removed Powershell config script from installer and used native installer API
3.3.1 – January 31, 2018
- Added some pointer checks on tree lists when there is no Internet connection
- Miscellaneous memory cleanup tasks on client application
- Changed Network block selections to icon based options
- Added the ability to toggle Application Gateway feature
- Added the ability to whitelist using wildcards
- Added several new forensic option categories
- Updated dependency maps for several forensic removals
3.3.0 – January 24, 2018
- Added automatic update of client for Enterprise licenses
- Added collapsible geography groups on windows 10
- Allow DDS passthrough if forensic option is unchecked
- Added Application Layer Gateway (ALG) for HTTP
- Added various data validation segments throughout
- Removed several dependencies reducing overall application size
- Rewrote charting code for modern look and feel
- Added threat chart below geofencing
- Increased performance of networking stack
- Fixed possible overflow when calculating bytes transferred
3.2.2 – January 4, 2018
- Reduced memory footprint of network scanner
- Improved performance of behavioral profiling by 20-30%
- Improved geolocation scanning
- Fixed minor memory leak when getting process information
- Updating user profiling blocks with several new data aggregators
- Updated copyright information for 2018
3.2.1 – December 18, 2017
- Stopped Enterprise console reporting of Browser Clean
- Added more detailed logging for HTTP transfers
3.2.0 – December 7, 2017
- Optimized memory usage throughout
- Added Network>>Whitelist Managed column to identify globally managed domains
- Added Protect menu option to access settings and Install mode
- Added descriptive text to blocked executables to remind users they can whitelist
- Added Expand and Collapse options to Forensics options
- Added Expand and Collapse options to System options
- Added Expand and Collapse options to Geography options
- Added user based whitelisting on multi user machines to ensure all accounts are protected
- Added local state storage for collapse state to all sections
- Improved device id detection for virtual machines
- Added Global process whitelisting for Enterprise users
- Improved packet detection performance
- Improved HTTP performance
3.1.2 – November 14, 2017
- Various performance optimizations
- Support for DDE Auto blocking
- Updated Forensic icons and categories to match Enterprise console
- Updated Ad blocking
3.1.1 – November 7, 2017
- Added automatic Bug Reporting to application
3.1.0 – October 11, 2017
- Added Enterprise capabilities and cloud console (licensed separately)
- Consolidate threats across all devices
- Report all threats, geofence restrictions, spyware and suspicious activity
- Graphical dashboard
- Control all settings remotely
- Lock aspects of the UI remotely
- Trending analysis
- Device inventory
- Device Grouping
- Multi-user administration and control
- 500% improvement in cleaning performance
- Support for files greater than 4GB
- Improved memory usage across the board
- Improved performance and decreased CPU activity across the board
- Improved installer for older systems
- Fixed edge cases for calculating next run times
- Fixed processed time display when no previous run was found
3.0.1 – August 10, 2017
- Added new whitelist rules
- Updated various translations added for Dutch and Danish
- Added enterprise notification options for browser cleaning
- Fixed data insertion error when using restricted character codes
- Fixed character encoding when using extended character codes
3.0.0 – June 28, 2017
-
Completely rebuilt as a Service so it can be used without elevated privileges
-
Added mapping of Geographic blocks on world map
-
Added Ukraine to default countries to block
-
Added Browser auto clean option so that browser is cleaned after each exit
-
Added new Enterprise options for configuration purposes
-
Added customization option for Geographic blocks in Network options
-
Added support for Windows 10 Creators Update
-
Added Disable feature to allow installation of new applications
-
Terminal / Remote Services now supported
-
Can also operate seamlessly without a UI if desired
-
Policies are now dynamically applied like all other rulesets
-
Improved performance across the entire stack for less than 1% CPU
-
Installs for all users of the machine and is licensed accordingly
-
Updated Event Viewer window to show more detail
-
Whitelisting capability for applications running in forbidden locations
-
Added encryption layer to all rulesets for added security
-
Ensure event text is truncated for long entries in main tile
-
Renamed ok button in license registration dialog to cancel
-
Fixed microphone volume detection notifications that could notify with setting off
-
Make events user specific when using terminal/ remote services
-
Clicking on message balloon event will bring up the event viewer
-
Wrap License key when entering into registration dialog
-
Added WhiteList Snapshot button to Network > Blocked
-
Improved Icon scaling in Network dialog when running on high DPI settings
-
Updated and added new Menu icons for high DPI systems
-
Automatically re-enable policies after 10 minutes inactivation for installs
-
Changed date format to more universal 24 hour format
-
Refactored host and process dialogs for larger screens
2.7.3 – April 6, 2017
- Added policy exclusion when running executables directly from Internet Explorer
- Resolved policy cleanup when upgrading from older versions
2.7.2 – April 4, 2017
-
Improved rules for preventing file execution inside protected folders with deep nesting
-
Blocked more anonymous network routing using TOR proxies
- Updated Advertising networks for bitcoin ads
-
Improved network scanning performance approximately 50%
-
Improved blocking when using HTTPS
-
Added Spotify to Whitelisting rules until they fix the installation
-
Remove non printing characters in License key
2.7.1 – March 20, 2017
-
Fixed issue which would stop updater running in some circumstances
2.7.0 – March 7, 2017
-
Added blocks for anonymous networks
-
Added blocks for geographic regions
-
Added execution blocks in temporary locations
-
Added execution blocks to over 100 double extensions such as txt.exe
-
Added execution blocks to non standard locations
-
Changed default color on map to black
-
Improved application cleanup and memory management
-
Prevent multiple notifications from the same threat vector
-
Ensure automatic updates to the application
-
Provide MSI installer option to Enterprises
2.6.4 – February 1, 2017
- Fixed system tray icon from disappearing in some systems
- Improved filtering performance
- Removed false positives when detecting DNS threats
2.6.3 – January 31, 2017
- Added enterprise licensing model
- Added more detail to threat messages such as the originating process and port
- Added acknowledgements menu item for third party libraries and licensing
2.6.2 – January 23, 2017
- Added new license format decoding
2.6.1 – January 17, 2017
- Fixed an obscure bug when parsing SSL
- Removed debug messages from console
2.6.0 – January 13, 2017
- Improved logging performance on busy devices
- Improved interface on high DPI screens
- Added new icons to System settings
- Changed requests to use SSL by default
- Improved database performance and concurrency
- Updated System Tray Icon with multiple states
- Implemented System Service for core tasks
- Fixed icon displayed in Windows 10 when viewing background tasks in process viewer
- Updated translations
2.5.3 – January 2, 2017
- Added debug symbols for bug reporting purposes
- User interface now adapts to high DPI screens with larger icons
- Updated rules based on Russian hack information from US government
2.5.2 – December 20, 2016
- Updated Licensing dialog to cope with more licensing scenarios
- Updated Dutch translations
- Added detailed error reporting and new crash reporter
2.5.1 – November 14, 2016
- Fixed dashboard redraw after sleep/wake cycle on some Windows 7 laptops
- Fixed error when exporting network data to Excel with no domain/country information
2.5 – October 18, 2016
- Major interface update highlighting threats and easy access to cleaning and other stats
- Added visual traffic map to main interface to highlight traffic destination
- Updated System Tray Icon for Windows 7 and 8.1 to align with system style icons
- Identified more System processes during network profiling
- Force rule update when selecting update from menus
- Updated rules for Edge browser when navigating to infected sites
- Improved the performance, parsing and error handling of json files
- On Windows 8 and above we offer the option to turn off “Smart Multi-Homed Name Resolution” which significantly improves the security of your machine
- Updated thumbnail cache removal on Windows 10
- Updated various settings for Windows 10 Centennial edition
- Updated Firefox password deletion for newest versions
- Fixed crash when parsing certain foreign language configuration files
- Optimized network profiling with malformed network packets
- Improved network blocking performance and reduced CPU usage even further
- Improved notification mechanism when dealing with threats
- Added rules for emptying recycle bin and downloads directory
- Added System settings for the Microsoft Edge browser to keep your data private
- Improved cache flushing when changing network settings
- Improved periodic gelocation flushing algorithm
- Added Default option to system privacy settings
- Optimized all tiles with Direct2D for rendering and performance
- Enabled the removal of Microsoft Edge History and Caching at the OS level
2.0.3 – September 12, 2016
- After applying a license key the application no longer requires a restart
2.0.2 – September 8, 2016
- Changed application icon to align with MacOS version
- Improved screen redraw on Windows 10 based devices
2.0.1 – August 24, 2016
- Added new “defaults” option to Forensics dialog
- Allow reset of all statistics using Ctrl-R
- Renamed blocking of “Comp