Update through Svchost.exe

And now what if I tell you I have tried another firewall and ReturnIL bypasses it as well ? How many firewalls do I have to try before you admit that returnIL simply has the ability to bypass firewalls in general ? Does it bypass every firewall out there ? I don't know because I have not tried every one. Does every firewall that returnIL bypasses have a bug ? Of course not.

ReturnIL is the only program that has been able to bypass the firewalls I have tried, so logically the issue is with ReturnIL.

What about the questions you ignored from my previous message regarding rootkits ?

 

John,
The3re is nothing in our software or its design/implementation that is not legitimate and for the purposes stated in the documentation and here in many thread discussions. You may however find this Comodo forum discussion of use here:

http://forums.comodo.com/wishlist-cis/merged-advance-svchost-rulesname-t29948.90.html

Mike

 

Even with your IP addresses blocked, this thing is still making the connection. Can you please tell me how to make this stop once and for all ?

There must be some way you can block this at your server or on your end. You have my software Id number, can't you program your system to ignore me and not make this connection ? There must be some way to make this stop.

 

Hi John,
Take a look at the rvs3.log file in your C:\ProgramData\Returnil\RVS3\log directory. It will list all connection attempts, the time/date the connection was attempted, and whether it was successful or not. Cross reference this information with your firewall logs and determine if a connection is actually made. If there is a successful connection, check the IP listed and see if it is properly blocked in the firewall...

Mike

 

Dear Coldmoon,

I checked the rvs3.log file as you suggested and verified that a connection was made moments ago. The log listed your IP address as 91.193.166.92. However, when I used the firewall to block that IP address and two other IP addresses used by returnIL it did not stop the connection.

I think this is because the connection is being made under svchost.exe.

The returnIL connection was being made "behind" the IP of my own ISP. The returnil IP address was hidden "behind" the IP address of my own ISP via svchost.exe.

When I blocked the IP of my own ISP, that was being used for the returnil connection, the connection terminated immediately. I hope returnil does not just select a different IP from my ISP the next time it wants to make a connection, if it does, then the only way I can stop it is to un-install it.

Now, if svchost.exe needs that IP for something else, it is going to be blocked. So, far, It seems I can surf and check email OK. However, I do not like blocking the IP of my own ISP because I am not sure if it will affect my INTERNET connection at some point. This is just a 56k dial up connection with a dynamic IP, so I don't know how it might affect things every-time I reconnect.

Would you consider not using svchost.exe with returnil in the future? Using svchost.exe is the source of all the problems and confusion. The whole idea of svchost.exe is bad and it's a security nightmare waiting to happen.

I hope you will give this thread and my points due consideration.

If anyone else has any thoughts or opinions, please let me know.

Thanks
John