Sensiveguard Guard review

I had this problem too. In the end I gave up and uninstalled it

 

Stem thanks,

How do these results compare against other FW's (f.i. Comodo)?

 

Can you get this program to pass the leaktest DNS tester? I haven't figured out a way, even when I created a DNS Warn rule.

 

Hi Kees,

I was setting up for further testing. As I am using W2K all DHCP/DNS is performed(when the relavent service is enabled) by "services.exe". In the "Network security setting" I unchecked the "Allow outbound DHCP, name service,...." rule, so I would be given a popup for DHCP/DNS. With DHCP, I was given popup, but a deny rule only blocked DHCP about 50% of the time on boot up. DNS lookups didnt allways cause a popup but was allowed anyway. I did set a rule to block all comms for "Services,exe"(I set a static IP), but DNS lookups where still allowed for this application (and logged within the firewall) although I had the "Deny all" for "Services.exe"

It does appear to be buggy on my W2K setup, and as I mentioned, if I install onto XP pro, the UI will not show.

 

Nop,

Starting up the DNStester.exe is a user initiated action. Therefore it also matches the allow user initated outbound traffic. Also due to the windows update allowance of svhost to the microsoft website, dnstester also is allowed by that rule. I think setting up a custum for dnstester causes a rules conflict. Normally sensitiveguard markes conflicting rules with fxxxxx in stead of giving it a rules number.

Can't test I am afraid (still does not mean this kind of leak will pass sensivie guard, only that a user initiated dnstest to microsoft.com is not stopped due to other rules).

Regards

 

OK - so if it was a real trojan using the same method as DNS Tester, it might be stopped, right?

 

Hello mvdu,
When the DNS client is active, all applications will use (in XP) svchost for DNS lookups. These internal comms (app-> svchost) are not seen by many firewalls. The easiest way to stop such a leak as DNS_Tester is to disable the DNS client. This will of course mean rules per app will need to be made for the DNS lookups (as each app will make these with the DNS service disabled). There is the possiblity that a trojan could re-enable the DNS service, so a need to put in place rules to block lookups by (XP) svchost is needed.

 

Thanks, Stem. I was able to get it blocked, but could disabling the DNS client interrupt my internet access?

 

Hi mvdu,
Disabling the DNS client will only cause any application that requires DNS lookups to perform this itself. So the only downside is the fact you will be prompted (or need to create rules) for each applications that needs this service.

So no, it will not interrupt you internet access.(apart from as mentioned, the extra popups/rules required)

 

MDVU,


How did you block DNS-tester? PLEASE SHARE KNOWLEDGE

Regards

Kees

 

Stem.

I finally got a reply from the author's of the program. They have underestimated the amount of testing they have to do with different hardware and software set ups for home users. So I am lucky, on certain set ups this great program works, on other setups it does not.

 

Kees1958 - you have to turn off the DNS client, and then go into the firewall rules and turn off any that would automatically allow DNS. I no longer have the program on since I got a BSOD.

 

Thanks for the info.

 

Re: Sensitive Guard review

This....is puzzling to me at first glance. The only way to determine if it's what i can use is to give it a whirl. Wish me luck no BSOD or all bets are off with this one.

--------------------------------------------------------------------------------

How to replace the default file proyection rules (protection against download of executables and reading of private data).

Choose the default file protection settings (fixed allow and warn option can not be changed). Select file protection tab, select advanced, select the default rules (the top ones), choose edit policy detail (button right of the screen, marked -1), click line (marked -2-), press delete (marked 3) and select apply on th emain screen.

 

Hi Kees, I tried it today. It seems light. My FW knowledge is very rudimentary though so I might remove it very soon. I want to ask does it alerts on inbound access or just denies by default?
My main concern is that all popups are of same type/ color. It was much better if the pop ups are in different colors according to the type of alert.
Are they planning for a newer version in future? Any ideas?

Thanks