BlackFog Privacy ensures your device is protected from fileless cyber attacks which are growing at an alarming rate. This Quick Start Windows guide walks you through the main features of the desktop application. BlackFog provides real time protection against online threats with 12 layers of protection to prevent attacks from ransomware, spyware, malware and unauthorized data collection and profiling.
It provides several layers of protection.
- Monitors network traffic in real-time and blocks applications and web sites from collecting and profiling your behavior. It also allows you to see where you outbound traffic is going and block endpoints and / or applications from sending data to remote servers.
- Locks down the operating system so that background services, scheduled tasks and processes do not collect data about your behavior.
- Removes any forensic data (application history, cookies and log files) from your computer.
- Blocks microphone activation by other applications so that you are well informed about audio recording activity.
All these features can be easily controlled using the navigation tiles on the main screen.
Navigation
The main interface consists of 12 tiles. The left hand tiles provide the main configuration dialogs, while the right hand tiles provide more detailed traffic and threat information.
Tiles
The Tiles provide an overview of your system privacy based upon forensic data, system privacy settings and outbound traffic destination. The first column of tiles provide various option dialogs to control the settings of the application in these three areas.
Forensics
Forensic options control application software trace activity such as history, cookies and log files. BlackFog Privacy constantly updates these rules to ensure you are always protected. Secure deletion algorithms ensure there is no trace activity left behind.
System Privacy
Privacy options control the background system services, scheduled tasks and processes that are collecting information and usage patterns. These services can be toggled on or off and will not affect the routine operation of your operating system.
Network
The core of BlackFog Privacy focuses around network based threat detection and data collection. By blocking applications and activity in real-time we not only eliminate the threat but significantly increase the performance of your computer.
The second column of tiles provide information about the current network activity and the number of blocks for advertising, profiling/ tracking and identified threats. By its very nature you will notice that your device is significantly faster than before. Sites load much quicker because you are now generating 40% fewer requests (on average) than before. You can measure this by turning off the networking options and visiting the same sites again.
Advertising
Malvertising presents one of the biggest threat vectors on the Internet and is routinely used to distribute malware. When Ad-Blocking is enabled this tile will update with the number of advertising endpoints being blocked each day.
Profiling
Behavioral profiling and tracking allows sites to target you wherever you go. This information is shared and traded across providers, making you the product. This tile shows you how many of these endpoints are being blocked each day.
Threats
BlackFog currently protects you from more than 26 million active threats. This includes ransomware, spyware and forensic tools. This tile shows you the number of threats blocked in real-time each day and also includes known phishing scams.
The third column provides detailed network traffic information. You can drill into the top two tiles to get further information about the endpoint processes and destinations as well as geographic data such as city, state and country. The third tile allows you to quickly perform a privacy clean based on the current settings available in the Forensic dialog.
Processes
BlackFog tracks network traffic by process and destination. This tile provides a cumulative total of traffic volume by process over the last 24 hours. Click this tile to see a breakdown of traffic by process.
Hosts
The destination of every packet is analyzed by BlackFog in real-time. This tile displays the number of unique hosts over the last 24 hours. Click this tile to see the destination, geo location and domain.
Privacy Clean
A forensic privacy clean executes every 4 hours based upon the settings in the forensic dialog. The next execution time is displayed on this tile. Clicking this tile will execute the privacy clean immediately.
Traffic Map
The Traffic Map provides a visual map of all outbound traffic from your machine across all ports and interfaces. The black squares show you where the traffic is flowing out of your machine and the red circles the geographic blocks you have applied. It provides up to 100 unique data points which is constantly updated.
Network Options
The Network options provide many different levels of protection for you device. By default most options are switched on by default for the maximum available protection.
Spyware and Ransomware
Spyware and Ransomware option blocks blocks more than 26 million known transmission sites for bad actors and prevents data leaking from your device to these sites. It includes all known command and control servers and suspicious transfers off your device.
This option disables data collection and remote access from forensic tools that can be installed in the BIOS of your device. This detects and terminates process in real time to ensure your device remains protected.
Hide BlackFog / Browser Traffic
When viewing the network traffic from the hosts or traffic tile you will normally see all traffic leaving your device. If you select this option it will automatically filter out traffic from BlackFog and any browser you are using. It does not change the collection of the data, only the filter for displaying the information.
Blocks Web Advertising in real time across the entire device regardless of browser. This blocks display ads, modal popups and video based advertising. It does not require any browser based plugin to function. You can also combine this with whitelisting if you would like to bypass this filtering on specific web sites. It will also protect devices from malvertising.
Web Profiling
Eliminates the collection of browsing and behavioral data while you are browsing the Internet. It also ensures that your information is not being shared with third parties for future marketing efforts.
Suspicious Address
Many bad actors use direct IP addresses when communicating with their own servers. Unless you are a developer it should be rare that you need to use a direct IP address for a legitimate purpose. This option allows direct IP addresses to be automatically blocked.
The Dark Web is the primary communications channel for most ransomware and malware. Bad actors will use this to both activate and collect your data. By enabling this feature you can stop communication through the Dark Web. This will also prevent users from using Dark Web browsers such as TOR.
Geography
Geofencing is a technique for blocking data transmission (exfiltration) to other countries. Since many attack vectors come from a small number of countries it is preferable to geofence them to protect your device. You can add specific countries in the Network > Geography settings. This option can toggle the blocking as needed.
Application Gateway
When bad actors target your machine over the network they commonly use firewall ports they know are already open, such as HTTP and HTTPS. They use these ports to send non-HTTP(s) traffic to send data back to Command and Control Servers (CC Servers) to steal data. BlackFog detects these messages and blocks them before they can do any damage.
Cryptocurrency Mining
Cryptocurrency mining is growing exponentially as a way for cyber criminals to make money. Rather than using there own computing resources, power and equipment they would rather use yours. They infect your computer with code to steal CPU cycles and ultimately mine digital currency to make a profit. This option ensure that your device is protected.
Malware
Malware and phishing attacks continue to rise rapidly using social engineering and other common techniques. This option protects you from known malware infecting your device and provides an immediate block screen for those sites affected.
PowerShell attacks now represent a major entry point for attack vectors. PowerShell is most commonly used to launch a fileless attack and launches directly into memory. BlackFog detects these attacks in real time and immediately terminates execution. This prevents the download of any further payloads to keep your device safe.
