CCleaner connects despite being blocked in FW

Discussion in 'other firewalls' started by soewhaty, Nov 9, 2017.

Thread Status:
Not open for further replies.
  1. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Left out the best, Privacy Concerns.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Somehow missed your reply.

    Yes, uncheck that entry in Autoruns and it will stop the dial-out activity from CCleaner.
     
  3. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    I don't have that entry on my portable CCleaner
     
  4. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Don't know. I have it and I can't recall if I EVER installed CCleaner. As I recall it's always been portable.

    NP, appreciate your follow-up. Tried what you said but it didn't work. CCleaner still launches and opens the update-check site.
     
  5. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    Show the rule ( in Windows firewall ), it is bad, simply, you must block output http and https, port 80 and 443, to the internet, and Windows firewall blocks.

    HIPS is off topic, not network.
     
  6. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    As it became evident it's an issue to do with a parent child process relationship, where HIPS is ON topic. Re-read the earlier posts.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    I block everything and CCleaner still leaks via the browser, which is launched automatically after the install. The only way to prevent it is with HIPS or similar.
     

    Attached Files:

  8. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    The earlier discussions in this thread already showed that CCleaner launches your default browser with a command line. A firewall will not prevent this behaviour. A HIPS will. Using PFW I was successfully able to run CCleaner yet block its wish to open my browser and load a site using a command line.
    PS - disbelievers of the value of HIPS should prolly be reading this. There's a certain Mr Bill MS MVP that would benefit from doing this.
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,933
    Location:
    UK
    Do you leave ''view release notes'' ticked (checked) at the end of the install?
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Actually, in my testing svchost is involved; CCleaner64.exe influences svchost.exe upon startup, probably parent -> process relationship, even with the automatic updates, as well as system & active monitoring disabled. That said, there are no outbound connection attempts being made by either process.
     
    Last edited: Dec 20, 2017
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    If it is un-checked, it does not open the browser, but since the active monitoring is active by default and its main purpose is to detect an active browser, it might leak at will via iframe or etc.
     
  12. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    There are no more HIPS, no hooks in the kernel, old story, there is the WPF (Windows filtering platform).

    Make a good network rule, or kill the process or service, and let go of this story.


    Stupid topic !
     
  13. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Regarding the 'view release notes' ... why even bother with an installed version of CC? Why not go for a portable one? Sure, maybe that lags a couple of versions behind but so what? The more portable you stay the better. Anything that involves an installation process has the potential to leak or to touch registry and so on.
     
  14. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Certainly nobody asked you to evaluate the cleverness or stupidity of this topic. Keep these comments to yourself.
     
  15. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    This rookie can not tell the difference between a behavior blocker (now UAC in Windows, and root code in Linux), and a firewall, and he wants to control all the actions of a computer ... it's a dream.
     
  16. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Not all portable versions are "clean", just look at Zemana, it installs a permanent driver. Portable version takes too much time to "install" (20 secs vs 10 secs compared to the setup).
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Btw, it seems pretty obvious Piriform just wants you to upgrade to one of their paid versions, which is why the update process launches your browser to their website.
     
  18. Tarantula

    Tarantula Guest

    Wow, 20 secs is much time nowadays :argh:
     
  19. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    20 secs for several apps a day, that is half an hour a month, a few hours a year.
     
  20. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Aaahhh, Elliot, shoulda known it was you, ofc. Nice show-off moment there, pro. You remind me of a certain Mr Bill MS MVP. All I can tell you is that based on the 70 comments received so far you seem to be the only one who thinks this is a stupid topic. If ppl wanna discuss it, then we will and you are welcome to abandon this space here. Best of luck to you!
     
  21. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141

    Thanks !
     
  22. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    It's not a stupid topic. I've found it interesting and I've been learning from it. If you don't like it don't look at it.
     
  23. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141


    It is stupid, a legitimate process connects, it takes a behavioral blocker to block a "leak" ..., while Windows only tolerates the UAC since Vista as a behavioral blocker.

    No sens.


    You just have to block the Ccleaner update, for paranoids use Eset Nod32 which can block in the kernel, with an API (and UAC), child process, but it's useless.
     
    Last edited: Dec 23, 2017
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    UAC is not behaviour blocker and Windows is limited in that way. But there are 3rd party tools that can be used for that.
     
  25. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    In this topic, people without real knowledge (process and network) want to control the supposed leaks of an OS, with obsolete methods, and they cling to their dream of magic tool.

    Pfff !
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.