Hi everyone! Have you got some experience about pcInternet Patrol 2.0 Firewall?

http://www.pcinternetpatrol.com/downloads/pcip.php

According to these Leak tests,

http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html

my Outpost Pro 2.0 should pass the PCAudit test, but I couldn't pass that test when I used the "Component control level is MAXIMUM" position in my Outpost Pro 2.0. ???

I am now a bit of worried, because I am going to have a fast ADSL- internet connection (= continuous) today!

This PCAudit firewall test is made by the same company that makes the pcInternet Patrol Firewalls!


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

Hello interesting question indeed.

But if you are going to have a fast connection to the net and not dial up.

Then you might consider a Hardware firewall.

I feel that with a super fast connection and speed you should worry more about hackers as they can hack you faster and in real time.

For dial up "fire wall software" is fine.

Some people have a hardware fire Wall and a software fire wall together.

Personally i think its over kill but better being safe then sorry.

So if you have some money to spend and a little time on your hands id check into a nice hardware fire wall.

I have to agree with OpenSource, either a hardware firewall or a dedicated host firewall is the preferred solution unless you have a laptop that you take around and even then I would recommend both the separate firewall as well as the Personal Firewall.

I've no experience with the product you mentioned so I have no input in that regard.

Hope this Helps and Drive Safe ;D,

Dan

Hello,

Basically, an hardware FW is just a gateway machine with a build in software firewall which control the inbound connexions, not always outbound ones.

If you have no LAN and are a home user, well set rules based software FW offers a fair protection.

On a LAN, I would suggest a dedicated LINUX server as gateway (IPtables and/or Freesco) for the clients AND a rule based FW on each client controling outbond .

An old PII 64 Mo RAM is enough.

Rgds,

For a dedicated Host firewall I am running OpenBSD's pf on a Pentium 90 ;D

A software firewall is still needed i think, at least to filter applications.

regards,

gkweb.

Hi,

I may be wrong but I think that Firefighter ask for advise regarding not only indbound protection but also outbound protection (PCAudit).

For that purpose, I think no hardware firewall is a solution.

regards,
Sisko

ZA 4 and OP 2 passes pcaudit, but it required max settings, hard to find indeed.

Those who wants OP2 screenshots of settings email me at gkweb@wanadoo.fr

regards,

gkweb.

gkweb,

-{ Quote: "Those who wants OP2 screenshots of settings email me" }-

Do the community a favor, and feel free to post them over here ;)

regards,

paul

Yes pictures are always nice.

If you don't have a web site to remote link them from just attach the file when you post.

You will see attach file option when you post to-wards the bottom everytime you reply.

Just hit browse locate the picture on your pc then hit post

Those settings are an example to pass pcaudit.

Trusting application has nothing to do with the capability to block a leaktest or not, put them in "partially allowed" to tighten up your security:
http://perso.wanadoo.fr/jugesoftware/conf1.JPG

Component detection at MAX, but be sure to remove thel all in case that you allowed by mistake pcaudit dll :
http://perso.wanadoo.fr/jugesoftware/conf2.JPG

noting to do with pcaudit, but could be usefull if your are on LAN:
http://perso.wanadoo.fr/jugesoftware/conf3.JPG

Disable system global rules, prefer per application rules (in partially allowed)
http://perso.wanadoo.fr/jugesoftware/conf4.JPG

A very important thing !!
http://perso.wanadoo.fr/jugesoftware/conf5.JPG

I remove plugins to do tests, but i think of course that you can use it:
http://perso.wanadoo.fr/jugesoftware/conf6.JPG

just an example to show that OP2 can block leaktest but sometimes only log them, no popup warning:
http://perso.wanadoo.fr/jugesoftware/conf7.JPG

After that, i advice you to reboot, because it seems that OP2 doesn't apply all settings.

With this, when pcaudit will try to inject his DLL, OP2 will ask you if you want to update components for the application accessed or block it.

regards,

gkweb.

Gkweb That was some great posting and very nice pictures.

I Applaud you.

We are lucky to have such a promising new member.

And thank you for that great post.

-{ Quote: "
I Applaud you.

We are lucky to have such a promising new member.
" }-

thanks you :)

To gkweb from Firefighter!

Thank you very, very, very much for those Outpost Pro 2.0 settings! :D :D :D


Best Regards,
Firefighter!

I just noticed something that I think needs an extra comment.
In the section with the pictures of Outpost where gkweb says
-{ Quote: "Trusting application has nothing to do with the capability to block a leaktest or not, put them in "partially allowed" to tighten up your security" }-, this is very true. The picture shows all the applications in the Trusted applications section and that is something we always recommend against. The reason is that any application in the trusted applications section is not governed by the Outpost rules, it is in effect ignored.
It is sufficient in most cases to have your applications in the partially allowed section with the suggested preset rule list applied.
This is not meant to criticise gk, it is just to clarify to anyone not familiar with Outpost rules that applications should not be placed in the trusted applications if rules can be made for it. :)

absolutly, i just gave my settings while testing leaktests, but of course it's better to put them in partially allowed with per application rules, what i said here:

-{ Quote: "Trusting application has nothing to do with the capability to block a leaktest or not, put them in "partially allowed" to tighten up your security:
" }-

and

-{ Quote: "Disable system global rules, prefer per application rules (in partially allowed)
" }-

i agree ;)

regards,

gkweb.

Hi gkweb,

Excellent work. The more people that try to find holes through the major software firewalls, the better. That is my opinion. I just wanted to write to tell you that I tested WallBreaker and PCAudit with Outpost V2 tonight. Of course, I am running the latest public version of the firewall. And, although I feel that you have given outstanding general advice on how to configure Outpost, my results differ from yours slightly. And, here they are:

PCAudit: Passes with Normal component control and default global rules.

WallBreaker: Passes with Normal component control and default global rules.

As I said, the advice you gave was very good. I just wanted to point out my experience with these two LeakTests. I keep a running scorecard at this URL:
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7459

I am not sure if it allowable to post links to other forums here, but I have posted the link above in good faith rather than trying to promote the OutpostFirewall forum.

Lastly, I do want to say the following. ALL of my rules are custom made. I always choose 'Other' when a rules creation popup appears and create the proper rule. I say this because it is possible that users who have allowed rules to be auto-configured may not get the same results as I when performing the LeakTests. One of the major reasons for this is that explorer.exe is given TCP Outbound HTTP access by default and I have found this to be a problem in the past when performing some LeakTests. Currently, I have explorer.exe manually setup to ONLY communicate with ONE IP. That IP is associated with Windows Help. So, any user of Outpost may want to remove explorer.exe from their application list and manually choose when to allow or not allow access for this executable. In the case when a LeakTest is performed, it is sufficient to choose Block Once when a rules creation popup appears and to choose to Block when presented with a component control popup. This should take care of the Leak Test. In the case of a rule creation popup when using Windows Help, it would be OK to choose 'Other' and just create a rule for TCP Outbound HTTP to the SPECIFIC IP mentioned.

Agnitum has added some entries to their INI files that may further protect explorer.exe from being exploited by a Leak Test for a user who is using an auto-configured rule list. But, I have not had a chance to test whether this will make a difference yet. So, I recommend that users of Outpost follow the instructions regarding explorer.exe that I noted above. As I do further testing, I will faithfully update the thread that I listed above to ensure that it is as accurate as possible.

Thanks again gkweb and keep trying to poke holes in those firewalls.

Have a good day. :D

-{ Quote: " quoting: DavidH link=board=23;threadid=10486;start=15#msg68517 date=1056181132]As I said, the advice you gave was very good. I just wanted to point out my experience with these two LeakTests. I keep a running scorecard at this URL:
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7459

I am not sure if it allowable to post links to other forums here, but I have posted the link above in good faith rather than trying to promote the OutpostFirewall forum." }-

Not a problem at all, David. ;) And thanks for adding your information here.

Best Wishes,
LowWaterMark

Thanks LowWaterMark,

By the way, I have checked out ZA4 and your posts regarding it here in the forum. You are right, ZA4 is a good comprimise between simplicity and configurability regarding rules configuration. At least, I hope it was you who said that. :D I used ZAP for years also recommend it to users on the OutpostFirewall forum having problems with Outpost. If I have learned anything in the past several years, it is that ALL firewalls do not work on ALL systems. It is really strange. And not being a developer, I do not understand all of the complexities. Anyway, I did not mean to ramble on too much here. I just wanted to say thanks for the reply and your thorough ZAP configuration threads.

Have a good day. :D

@DavidH

-{ Quote: "PCAudit:* Passes with Normal component control and default global rules." }-

_How_ did OP2 block pcAudit?
Did you have a browser running (which is required for thorough pcAudit tests, although it isn't said by pcAudit... ;) )?
(In gkweb's 'out of the box settings', the explorer.exe is allowed to communicate, so pcAudit should bypass OP2 in these settings, anyway.)


-{ Quote: "WallBreaker:* Passes with Normal component control and default global rules." }-

Same question: _How_ did OP2 block it? At this point, I really can't imagine, how OP2 could block Wallbreaker... ???

Thanks for your comments DavidH.

About leaktest, for highest settings results (on my site), i don't try to find from what settings it can block a leaktest, i just setting it at max, and look if it can or not ;)

About WallBreaker, I tested OP2, like all other firewall that i'm testing, and no one blocks it.
But to do tests, i always fully trust explorer.exe and iexplore.exe, that is probably the difference, because an unvulnerable firewall should block it anyway, for instance "Tooleaky" (which launch IE) is detected even with IE fully trusted by most of firewall (OP2 too :)).

This is just to test if the firewall is vulnerable to the exploit or not.

After of course, it's by far better to improve security to prevent such exploit like deny explorer.exe and to add per application rules... i'm working on a new page that i will add and will be about "best guidance settings and behaviour" to improve security and cover firewall leaks.

regards,

gkweb.

I just tested (again): 'explorer.exe' didn't need any rights for pcAudit ('normal' component control) and Wallbreaker to bypass OP2.
This is quite logical, because in both cases, it isn't 'explorer.exe' which communicates.

So the question to DavidH remains... ;)

For WallBreaker, it is depending on which OS...
Indeed it doesn't have the same behaviour on XP and 2000 :
XP -> explorer.exe which access the Internet
2K -> iexplore.exe which access the Internet

in both case explorer is the start, and an IE window is the result, but the following is not handled in the same way by the two OS.

This is that I noticed.

regards,

gkweb.

Hmm, on 'my' WinXP machine, it is still iexplore.exe (IE), which connects... ???

lol

may be it's depend on services started or not, i will not try to define which ;D
It's the same exploit for all OS, but they handle it as they want :)

regards,

gkweb.

Hi,

gkweb, I understand what you are saying. There is a school of thought that says that the firewall should be configured to handle all possibilities in the universe by default. Actually, I really do not subscribe to that philosophy. For experts it is fine. For beginners, it is not. And, except for e-mail which should be covered by an anti-virus, I have a hard time understanding where someone would pick up a trojan or virus so bad that it contains one of the more advanced firewall defeating algorithms. There must be a comprimise between usability and security, especially for beginners. The advanced configuration should be left ot the experts. And, in my opinon Outpost is as capable as any to handle the majority, if not all of the "real" threats out there. However, that does depend on the user, their skill, and their experience.

_anvil, I had the browser open and a download manager running constantly while running PC Audit and Wall Breaker. The PLAIN and SIMPLE fact is that Wall Breaker could not load the web page and PC Audit consistently told me that "My PC is well protected" and I got NO e-mail. I am not sure how I could have possibly given these leak tests a better chance. They simply failed to bypass Outpost. And believe me, if they would penetrate Outpost and my configuration, I would be the FIRST to give Agnitum notice as I have done many times in the past. If any leak test that I have confirmed fails to penetrate (as described in the thread I linked) OP2 firewall does penetrate OP2 on some user's system, then it is simply mis-configured. In most cases, if someone insists that OP2 pass the tests, we will instruct them on how to setup their firewall in the forum.

In general, I will admit that the auto configured setting leaves a little bit to be desired. But, then anybody wanting to pass sophisticated leak tests should know better than to EVER let auto configuration take place in any firewall.

-{ Quote: " quoting: gkweb link=board=23;threadid=10486;start=15#msg68540 date=1056191859]

But to do tests, i always fully trust explorer.exe and iexplore.exe
" }-

Hi gkweb,

It's up to you of course, but first thing I do when configuring any FW is disallowing any access to Explorer to the W3 : it as no reason to be considered as a web browser.
On non NT OS, it must sometime be partially allowed.
With OP, if you set any app among the trusted applications, OP has no control at all on this app.

I don't remember for sure but I think no app is by default in the trusted apps.

It's not really the right terminology to say "maximum security settings" if you introduce by yourself a weakness by what I should consider a purposely bad configuration but I understand you point ;)

Rgds,

To sume up, i never said that firewall should by default block all threat, i'm not from this school, i'm only intesresting about the detection engine capability, that it can see.
For me it's an important security component by itself, and after, only after when i know weakness of this engine, i add improvement to cover it.
Some doesn't care of real capability of it, some are just interested with all their security measure if they leak or not, and often the answer is no.
Me, i'm interesting about details, those who are sharing this will can see information that i give.

You talked about beginners, that it would be compromise between security and usuability, and this exactly that i want to show.
A beginner doesn't know how to set up his firewall, so the stronger is his personal firewall detection strenght, the better will be his security.

But this is a security component that is not a priority for everyone, it is for me.

@ JAck
Put IE fully trusted, and run "Tooleaky", OP2 will block it because it has control on it.
Try Look'n'Stop, fully trust IE, run Tolleaky and again, blocked because it has control on it.

regards,

gkweb.

@DavidH

Hmm, the only application rule, I had set up was:
'iexplore.exe, TCP out, port 80: allow'
No change of global rules, component control 'normal.'
Is that 'misconfigured'? ;)

When you tested: did OP2 show an alert pop-up? If yes, what was the message? If not, what did the log say (the reason for blocking the leaktest should be logged)?

What OS do you use? I use WinXP.


@gkweb

Nicely explained, I've the same thoughts about leaktests as you. :)
I also like to go into details, and not just:
'klick -> leaktest blocked -> "hooray"'
or
'klick -> leaktest not blocked -> :'( ' ;)

lol anvil ;D

as far better sume up than me, congratulations ;)

regards,

gkweb.

EDIT : when you talked about Wallbreaker, say about which test, the first (explorer trick) or the second (launch only IE).

_anvil and gkweb.....as far as PC Audit is concerned, I have not had a problem. As for Wall Breaker...I was confused by the Wall Breaker test and mistakenly kept pressing "yes". After, I read the directions ::) , I managed to execute the second test for Wall Breaker and OP2 did indeed fail. The mistake was mine. I am sorry about that.

I am curious about a couple of things though. All the second test seems to do is open a browser and load a web page. Is this really a leak? I have not captured any packets, but I assume all that was sent was a SYN packet to TCP port 80 on the site your leaktest prescribed. And, since port 80 is normally allowed for IE, the page loaded nicely. :P I am just wondering if substantial data can really be transported this way. After all, it was an outbound connection that was established and it was only a request to load a web site, as far as I know. Perhaps UDP can be used to export data. But, in that case there would have been an alert since IE is not allowed to use UDP on my system.

At any rate, I learned at least one thing here today. I should make more of an effort to read the instructions rather than assuming how something works. I will make the appropriate corrections to the Leak Test link. Thanks. :)

I have to go now, but I do look forward to any insight regarding the questions I posted in this thread. Have a good day. :)

-{ Quote: " quoting: gkweb link=board=23;threadid=10486;start=15#msg68588 date=1056212121]
@ JAck
Put IE fully trusted, and run "Tooleaky", OP2 will block it because it has control on it.
Try Look'n'Stop, fully trust IE, run Tolleaky and again, blocked because it has control on it.

regards,

gkweb.
" }-

Hello gkweb,

I did not try and shall not ;)
I never put any app fully trusted with any FW : maybe it would pass leaktests with flying colours but nevertheless totally unsecure anyway ;)
Leaktests give a hint about FWs abilities, that's all. Could even give a false security feeling to newbies. Only usefull for advanced users or at least involved with their own security IMHO.

Cheers,

@DavidH

No prob. :)
The leak, which Wallbreaker shows, is quite simple and basically the same as in Tooleaky. It can (only) be used to transfer personal data (passwords, credit card numbers,...) to a foreign, 'evil' web server. The personal data is a part of the URL, which your browser connects to
(http://perso.wanadoo.fr/jugesoftware/doyouleak.html?PERSONALINFORMATION+CREDITCARDNUMBER+PASSWORDS+MAILACCOUNT.) The webserver just recieves the url, and reads the personal data in it. This connection is initiated by Wallbreaker.
The test would be passed by your firewall, if it detects, that it is wallbreaker.exe, which originally initiated the connection. But in both wallbreaker tests, most (all?) firewalls fail to see this...

Sorry for insisting: _how_ does OP2 pass pcAudit (normal component control) and Wallbreaker-Test 1 on your machine? Does OP2 alert you? What do the logs say?
It's for my own peace of mind... ;)

Good thing, now we know that WB bypass OP2 (for example, but LnS too, and all other tested).
Now, time to answer to "is this a leak?" :)

Yea, it is! You may not noticed that the url called was :

http://perso.wanadoo.fr/jugesoftware/doyouleak.html?PERSONALINFORMATION+CREDITCARDNUMBER+PASSWORDS+MAILACCOUNT

How to transmit information? the web page just should be a php one instead of html, and then after the "?" i just have to transmit like this:

http://url/page.php?variable=personalinfos

Behind this i can have an SQL database which can record any information sent...
This idea about "how to transmit" was showned first by Tooleaky with in launching IE sent information too, but Tooleaky is blocked by most firewall nowadays, WB use another trick ;)

At the end, about adavanced information transmition by this method, i copy/paste what the Tooleaky leaktest author said :

-{ Quote: "Note to those who think this method is limited:

If we wanted to pass more information than fits on the command line,
we could first create an HTML file on the user's hard drive that
consists of that data, and have that HTML file reload to the actual
URL that we wanted to send the data to, passing the data along (this
can be done with a META REFRESH tag in the file's header, for example,
or with JavaScript if you want to get fancy). In this instance,
we are keeping things simple.
" }-

But it could be very simple that the trojan uses keylogger feature, and as soon as a credit card number is detected, send it to the remote page.

So yes, i think that this leak could seriously hurt ;)

If you launch IE yourself it's good, but if it's another program that launch it, serious leak can happens.

regards,

gkweb.

Someone discovered an interesting thing... hmm... "terrific" thing.

Indeed, if IE is already started, no matter that explorer.exe is blocked and IE have restricted rules (http 80, dns, etc...) WB uses the existing process, it doesn't launch an other one, then it go trought firewall each time for both test.
The more terrific is that even SSM doesn't see it because WB doesn't launch an other app (if IE closed, SSM perfectly see it and warn you).

So even if a firewall would be able to block WB when IE is closed, when IE is already started, the use of the existing process _seems_ to not be avoidable (i need your point of view!).
If even SSM can't see Wallbreaker.exe access the process iexplore.exe, how a firewall could do it ?

Is there any way to see an executable accessing a process? or even locking a process to avoid such exploit?

gkweb.

-{ Quote: " quoting: gkweb link=board=23;threadid=10486;start=30#msg68627 date=1056226144]
Someone discovered an interesting thing... hmm... "terrific" thing.

Indeed, if IE is already started, no matter that explorer.exe is blocked and IE have restricted rules (http 80, dns, etc...) WB uses the existing process, it doesn't launch an other one, then it go trought firewall each time for both test.
The more terrific is that even SSM doesn't see it because WB doesn't launch an other app (if IE closed, SSM perfectly see it and warn you).

So even if a firewall would be able to block WB when IE is closed, when IE is already started, the use of the existing process _seems_ to not be avoidable (i need your point of view!).
If even SSM can't see Wallbreaker.exe access the process iexplore.exe, how a firewall could do it ?

Is there any way to see an executable accessing a process? or even locking a process to avoid such exploit?

gkweb.
" }-

Nite,

Did you tried by yourself ?

IE open and/or Opera I get a warning

Yes, the same here... there is always a _new_ IE process started in both WB tests - no matter if there is already an IE process running. :P

:o

each time that IE is started on my comp, WB use it instead of create a new one, what's going on O_o ???

i will investigate it much, but we are two against two : 2 comp with create new process, and two with using existing one...

Meanwhile, it's a very interesting new! can you make screenshot (or list here) of your running processes pls ? (and remember me what OS you have... hmm... XP for anvil ;))

thanks.

gkweb.

EDIT : i wanted to say "windows services"

gkweb and _anvil,

I just spent half an hour writing a more detailed response. However, I lost my connection and my post. I am unsure why. I will make this one short.

gkeweb, I have had similar results as you with WB-Test1. I believe the problem with test 1 last night may have more to do with the same sort of connection issues that I am experiencing today than OP2's ability to block the test. I will do a little more testing and update the Leak Test info for Outpost appropriately.

_anvil, in the case of PC Audit, I get a rule creation popup for explorer.exe and component control popup for winlnet.dll. In each case I block and PC Audit tells me that my system passes. I used a clean configuration with normal component control and also cleared out all of the old module information. Attached are the log entries which coincide with the prompts that I was given by Outpost when running PC Audit. If you would like anymore info, let me know. :)

Thanks....

@DavidH

-{ Quote: "in the case of PC Audit, I get a rule creation popup for explorer.exe and component control popup for winlnet.dll." }-

Hmm, on my machine there is no 'component control popup' on NORMAL level when testing pcAudit - only on MAXIMUM level... ???
Of course, winlnet.dll is not on the 'trusted' components list _before_ the tests with pcAudit - but _afterwards_ it is, without ever getting a 'component alert'... :P

Normally OP2 should block this easily on NORMAL level, but it just doesn't (other leaktests with dll-injection _are_ blocked on NORMAL level.)
I'm testing on a fresh installed WinXP system, so there shouldn't be 'bad' influences.
What is your OS again, DavidH?

Sorry to post between your posts, continue, but i really need to know how an other IE processus is started when IE is already started, when you try the second WB test...

If i click twice on my IE icon on my desktop, i have two process.
I i launch it, and then i do the second WB test, same process is used, whereas with you anvil other process is created, i need to know how :'(

regards,

gkweb.

LOL, it's exactly the contrary on my machine! :o :P

Only the first wallbreaker test uses an already running IE process - while in test 2, there is always started a second process... ???

Hi

I have been reading this thread but am bit confused about what is being said.
Doesn't appear WB is using a HOOK and only kicks in with IE?
If this is the case, you should see a different DLL loaded shouldn't you?
Or a another call to a DLL?

con

Hi

WB doesn't "appears" to work in one way or other to me, because i done WB, so i know how it works ;)
WB doesn't use hook or DLL injection, in the two test it calls another executable, that's all.
After, windows seems to react differently on our comp, and i want to know why :o

regards,

gkweb.

EDIT : i just tested on Win 2000 too, and same process is used for both test if IE is already started...

Hi _anvil and gkweb,

hmmmm. It is starting to like we have three or four topics being discussed here. :)

-{ Quote: " quoting: _anvil link=board=23;threadid=10486;start=30#msg68734 date=1056281386]
Hmm, on my machine there is no 'component control popup' on NORMAL level when testing pcAudit - only on MAXIMUM level... ???" }-

That is a curious situation. You might try to start with a new configuration by making that selection from the File Menu. I named mine 'leaktest'. I have made only one rule: TCP, Out, 80, Allow. Then, Exit and Shutdown Outpost and add a .bak extension to modules.ini and modules.0 in the Outpost installation directory. After all that is finished, restart Outpost and try the tests again. Hopefully you get the same results as I. If not, it may be benefical to generate some logs and foward them to Agnitum.

-{ Quote: " quoting: _anvil link=board=23;threadid=10486;start=30#msg68734 date=1056281386]Of course, winlnet.dll is not on the 'trusted' components list _before_ the tests with pcAudit - but _afterwards_ it is, without ever getting a 'component alert'... :P" }-

Strange, at normal component control level, winlnet.dll is not on my trusted components list before or after PC Audit execution. It is difficult to say why Outpost is not alerting you of the new component as it does on my system.

-{ Quote: " quoting: _anvil link=board=23;threadid=10486;start=30#msg68734 date=1056281386]What is your OS again, DavidH?" }-

My OS is Windows XP Home with no customization made to the default running services and no substantial registry tweaks. My network consists of a cable connection through a Toshiba cable modem, and SMC wireless router, and then to an SMC wireless ethernet card on my PC. The only running processes, other than system processes, are NOD32 AV and Outpost. If you need some specific information, let me know. If needed, I can send you my Outpost Config files, INI Files, and even a registry export for comparison. That might help us find out why you are getting different results.

gkweb... Not knowing what is going on in general with WallBreaker at this point, I have changed the info regarding Outpost and Leak Tests to reflect that it fails both Wall Breaker tests. I do not want to take any chance that I am giving wrong information to a user. While the forum is no longer directly associated with Agnitum, many users still come there for support and so it is important for our information to be as accurate as possible. This is an interesting and educational conversation for me and I will continue to follow it. If there are any tests or experiments that I can do on my end or request that Agnitum do, let me know. I am happy to help.

Have a good day. :)

no way to make IE start an other process when one exist :'(

i think we are the first to see a new surprising discover : the Windows OS are muting (mutate?) like virus, it's a new kind of life!
The Polymorphic COS (Clever Operating System) does what they want, this is why mine don't want to launch another process!

Sorry, i become mad i guess :-\

gkweb.