how can this program bypass the firewall?

You can see it with that tool because your firewall is not blocking it. Another nice one is Process Hacker that lets you also monitor network connections besides many other things.

We are still amiss about why in your system it is allowed without any exception/rule given to it?

Myself I saw it from Tinywall Connections Window and checking blocked connections. It is a great firewall (controller) that also needs things like that one because it blocks everything unless allowed and it does not pop up anything.

The blocked connections feature is not available among most 3rd party firewalls that also depend too much on their HIPS part for their lack of packet filtering things properly. TinyWall has no HIPS and that means it will not conflict with any other security software. It has no system level drivers/hooks. That is a big plus.

Just if you or anyone try it. 2 things to avoid. Don't unblock blocked apps from connections window since that is a dangerous option and can mess up your TW install and firewall security. And don't password protect the TW GUI. Those are the 2 stability issues existing as of now that I know of.

EDIT
Some other software might use a specific updater program, that runs only for a specific checking/updating time. You would not be maybe able to see them with such connection checking tools. This does not seem to be the case with Xnview.

 

Like with Brummelchen, "Windows 8 Firewall Control" detects XnView outgoing request:

 

Hehe Majomo with that popup, so many fancy looking features. Bewilders my head even to look at that. Knowing that behind the surface it is just Windows firewall operated. And what to trust with the possible bugs that interface hides behind?

TinyWall works very much different. It has no zones etc. All in the good old no need add allowing rules when you don't need them, in the good old kerio 2.1.5 way sort of. And specific TCP and UDP ports if you want. It is much more like a tinkerers firewall controller that allows you be in control of what you allow than a fancy interface.
You can when you want restrict applications to LAN only too with TW.

Special exceptions can be added to network printers or LAN traffic. I have not tested them. But you can can check them by allowing. Simpler interface makes it much easier to check of what is allowed behind.

The rules for normal internet actions are just these:
http://www.saunalahti.fi/~jarmos3/TinyWall_rules.jpg

 

Sounds like improper rules.

Go into the advanced settings > configure rules and zones > create a new rule set to deny TCP and UDP > set for every profile and browse to the application.

 

i did it , i blocked!
weird ,no process hacker or cports.exe detect any connection
for example cports.exe filter includerocess:xnview.exe
http://i.imgur.com/dxEKEDi.png

currports on top , performed many info->check for update
nothing in currport

http://i.imgur.com/PiJlMXj.png

but maybe xnview fake the connection at least with mine configuration,could be?

my firewall module is Personal firewall module: 1117 (20130403)

 

It did not bypass anything.
There is nothing wrong with firewalls, it is XnView's fault. The "check for updates" facility is broken.
It checks for updates only the first time after the installation, after that it does nothing. It just displays a message that you have the latest, without trying to open a socket. That's why the warnings from firewalls (I tried several of them in a Win 8.1 x64 VM) are missing. You can simply use CurrPorts to check.

Exactly.

 

wow Sir Seer
maybe there is something in the ini files to edit tu enalbe a check for update
i start to think it performs a true check for update every x days , in the midtime i perform a fake check

but in the post above some users report some screenshots where xnview performs an update like https://www.wilderssecurity.com/showpost.php?p=2300346&postcount=27 and https://www.wilderssecurity.com/showpost.php?p=2299958&postcount=7

 

I wouldn't count on it.

Perhaps they installed XnView and then checked for updates. As I said, all firewalls I've tried (LnS included) correctly detected XnView's outbound attempt on the first use of program. After that (when I deleted the rule), XnView stopped appearing in Currports (and triggering firewall alerts).
Those users should delete the rule and try the update check again.

 

thanks
in the ini file there is

Code:

LastCheck=23053934
CheckUpdate=1

 

Make a backup of the .ini and remove the numbers from LastCheck and save. See what happens.

 

I guess this ini setting is for the automatic check for updates. Which you configure on the popup XnView presents on the first run.
I doubt it will affect manual checks.

 

That's indeed correct the "check for update" within the GUI is broken and does nothing... The poor ESET and look and stop been crucified... LoL

 

ok man , by the way what is it pure eset?
by the way i quote you

-->https://www.wilderssecurity.com/showpost.php?p=2299958&postcount=7

 

Indeed it was the most probable, user not capable of setting the security properly. But in reality it was the less probable... i.e. Amateur bug of the application... LoL ... and sorry I meant the "poor" not the "pure"..... LoL again (corrected above).

 

thanks mates
so we are sure it's no a smart security and look and stop fault

 

I am sure it's an XnView flaw.
I am also quite sure that your PC is not -

 

Thanks Sir Seer , really appreciate your help!

 

It seems that the update feature does not do nothing except at the first run after install. Still LnS passed the program without an exception given.

Blocked programs would not be shown in a tool like currports. So your firewall is still faulty configured.

About XnView, it might be allowing only one update check for the unregistered version of the program. No bug in the program itself perhaps.

Myself with TinyWall blocking the program, I can get as many blocked requests as I care to push with Info->check for update.. And I guess others too with denying a popup with any other working firewalls. And none shown in CurrPorts.

So your LnS is not able to block that internet connection. Was there some other firewall mentioned too? You should not run 2 firewalls same time.

EDIT
I regret being so harsh to you majoMo, seeing that popup. It might be a good nice firewall. I just noticed a new version announced and I take that popup picture as an advertisement, but in a good way lol.

 

i used 2 pc,i have not 2 firewall installed
did you test the program?

 

no further clue here - your detection seems broken however. you got lots of cons concerning several firewalls and you still wont believe that it is your or windows fault

but i can say that if windows detection is broken (look on services --> BFE) that almost all detections wont work, including zonealarm which rely on this service.

i had this issue long time ago on my first steps on win7 and i did not managed to reactivate it, only windows setup from scratch can help.

so i advise you to use system recovery or a proper image until your issue is fixed.

at least if this fault is proven your computer reacts like a zombie cause you dont have any control of in and outgoing traffic.

btw xnview has a manually check for updates

 

do you mean info->check for update?
but did you read some post above?

 

which one of?

you entries in inifile have no effect, once xnview checks successfully for updates those information are stored in the internet explorer cache, so you have to empty it.

currports - xnview shows up with destination 0.0.0.0 as long w8fc blocks it. when allowed it looks like this

Code:

xnview.exe	1192	TCP	54283		192.168.x.y	http	178.33.105.203	duncan.xnview.com	Established	C:\Program Files\XnView\xnview.exe	XnView	XnView for Windows	2.05	XnView, http://www.xnview.com	03.11.2013 17:51:14	abc		A	03.11.2013 17:51:28			XnView

anything else was mentioned, now its up on you!

 

yeah!

yes man!!!!!!!

as soon as i cleaned explorer , never used , run xnview my firewall pop ups!

thanks again! great find

by the way how do you know that once

 

i used ccleaner on that cache after xnview still showed up "no update" on manually check without any outbound connection. the only solution for such things ist the IE cache. (used from many programs since those use system routines, like MBAM too).

 

why would it need a custom rule.?

i installed and ran it. here is the alert no custom rules set, but that is not the internet it is the network