is there such a thing? because I have tried ZAbypass test on my pc
http://www.firewallleaktester.com/leaktest26.htm

And what it does is communicate with your already running browser and use that to bypass firewall and make outgoing connections.

I am running

look n stop
EQS
Sandboxie

And neither of these seem to be able to block ZAbypass from using the browser.

online armor protects against remote code control

-{ Quote: "online armor protects against remote code control" }-


So have u tested this with online armor?

i've not tested it, but I do know it's a feature of online armor.

arran, perhaps I'm doing this leaktest wrong but just downloading it and trying to open it, AVG 8.5 throws a fit (one example):

207000

Then, when I add it to the exceptions and run the .exe, my ZA Free 5.5.094.000 throws an alert:

207001

So of course, I would either click AVG's Move to Vault and/or ZA's Deny buttons, and this leaktest does not go anywhere.

-{ Quote: "arran, perhaps I'm doing this leaktest wrong but just downloading it and trying to open it, AVG 8.5 throws a fit (one example):

207000

Then, when I add it to the exceptions and run the .exe, my ZA Free 5.5.094.000 throws an alert:

207001

So of course, I would either click AVG's Move to Vault and/or ZA's Deny buttons, and this leaktest does not go anywhere." }-is this the free version of zone alarm?thanks

-{ Quote: "is this the free version of zone alarm?thanks" }-
jmonge, yes it is and you'll find it at FileHippo (http://filehippo.com/download_zonealarm_free/106/). The Zone Alarm Release History (http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html) page still does have old version downloads but their Free Forum reports that some of them create installation problems. FileHippo is your best bet.

cool thanks:thumb:

even tho zone alarm here has blocked the outgoing connection, it isn't really a Communication Blocker.

what ZAbypass does is send mesage to csrss.exe which sends message to your browser to bypass your firewall and make the outgoing connection.
Comodo is really the only one I know of with its feature in its HIPS called
"Send Message"

EQS Fail
Process Guard FAil
Mamutu Fail.

If anyone knows of any HIPS program like comodo has here in the screenie please post.

arran, I don't know what to tell you but I have followed the instructions below detailed in the zabypass.pdf, which is part of the file download, and my ZA Free blocks it every time as soon as Internet Explorer opens.


Step 1: Run “zabypass.exe”
Step 2: The sample information in the text box is meant to be sent to the to the attacker’s site. If you want to change the information in the text box then feel free to do that (Note: Only the text which appears in the text box will be sent to the server and no information is logged).
Step 3: Click on “GO” button to send the information to the server.
Step 4: On successful execution, Internet Explorer (or the default browser) will be open up and will try to access the attacker’s (here it is my site…..For GOD sake don’t think I am attacking you, it is just a demo ;o) without getting blocked by Zone Alarm (refer Screenshot 3 for details). The firewall will not prevent it as Internet Explorer is a trusted program and will be allowed to access the any site.

The only thing I can think of is since I don't allow IE access to Internet Server (Red X), and have an Ask (blue question mark) in Trusted Server, that's why the exploit does not work and I get a program alert. I see that the author states:
-{ Quote: "Note: Here it is assumed that Internet Explorer is one among those trusted program in the Zone Alarm program / access control list and has the default setting as “Allow”." }-
but only a fool would allow unfettered Server access to any program.

Hi,

@ Arran, tweak your Services Windows; and download SeconfigXP here: http://seconfig.sytes.net/?sv=1.1 Notch all ( all ), click 'For home', click Apply ! ... like me. That's all.

Yours PROROOTECT:thumb:

-{ Quote: "Hi,

@ Arran, tweak your Services Windows; and download SeconfigXP here: http://seconfig.sytes.net/?sv=1.1 Notch all ( all ), click 'For home', click Apply ! ... like me. That's all.

Yours PROROOTECT:thumb:" }-

you have made a complete Moronic idiotic post, you know that don't you.
SeconfigXP has nothing to do with the topic at here, and I already have SeconfigXP installed and it does not block zabypass.exe,

Thank You for assessment of my post; man is fallible.

I just wanted to help.

PROROOTECT

-{ Quote: "Thank You for assessment of my post; man is fallible.

I just wanted to help.

PROROOTECT" }-you got a nice complement:)

Update:
EQSecure 4.1 prevented the "send message to other process" or "process message" of the ZABypass test.

So that makes, comodo, malware defender and eqsecure 4.1 having "process message" blocking capability or as the OP puts it, "Remote Code, Communication, Blocker" capability.

-{ Quote: "is there such a thing? because I have tried ZAbypass test on my pc
http://www.firewallleaktester.com/leaktest26.htm
" }-

Site's no longer avaliable.
At least not for a while.

Test which does the same...
PC Flank Leaktest link: http://www.pcflank.com/pcflankleaktest.htm

-{ Quote: "Update:
EQSecure 4.1 prevented the "send message to other process" or "process message" of the ZABypass test.

So that makes, comodo, malware defender and eqsecure 4.1 having "process message" blocking capability or as the OP puts it, "Remote Code, Communication, Blocker" capability." }-

Thanks for letting me know trismegistos. This was one reason why I dumped EQS for MD. I might give EQSecure 4.1 a try out. I doubt its file and folder rules would be as good as MD's tho.

Preventing programs from communicating to other programs plays a very important role in controlling the behavior of programs. It is an important feature that all HIPS should have.

shame how firewallleaktester is down. still have the zabypass test tho

You can download Zabypass (and others) from here:

http://www.testmypcsecurity.com/securitytests/all_tests.html#AllTests