CCleaner connects despite being blocked in FW

Left out the best, Privacy Concerns.

 

Somehow missed your reply.

Yes, uncheck that entry in Autoruns and it will stop the dial-out activity from CCleaner.

 

I don't have that entry on my portable CCleaner

 

Don't know. I have it and I can't recall if I EVER installed CCleaner. As I recall it's always been portable.

NP, appreciate your follow-up. Tried what you said but it didn't work. CCleaner still launches and opens the update-check site.

 

Show the rule ( in Windows firewall ), it is bad, simply, you must block output http and https, port 80 and 443, to the internet, and Windows firewall blocks.

HIPS is off topic, not network.

 

As it became evident it's an issue to do with a parent child process relationship, where HIPS is ON topic. Re-read the earlier posts.

 

I block everything and CCleaner still leaks via the browser, which is launched automatically after the install. The only way to prevent it is with HIPS or similar.

 

The earlier discussions in this thread already showed that CCleaner launches your default browser with a command line. A firewall will not prevent this behaviour. A HIPS will. Using PFW I was successfully able to run CCleaner yet block its wish to open my browser and load a site using a command line.
PS - disbelievers of the value of HIPS should prolly be reading this. There's a certain Mr Bill MS MVP that would benefit from doing this.

 

Actually, in my testing svchost is involved; CCleaner64.exe influences svchost.exe upon startup, probably parent -> process relationship, even with the automatic updates, as well as system & active monitoring disabled. That said, there are no outbound connection attempts being made by either process.

 

If it is un-checked, it does not open the browser, but since the active monitoring is active by default and its main purpose is to detect an active browser, it might leak at will via iframe or etc.

 

There are no more HIPS, no hooks in the kernel, old story, there is the WPF (Windows filtering platform).

Make a good network rule, or kill the process or service, and let go of this story.


Stupid topic !

 

Regarding the 'view release notes' ... why even bother with an installed version of CC? Why not go for a portable one? Sure, maybe that lags a couple of versions behind but so what? The more portable you stay the better. Anything that involves an installation process has the potential to leak or to touch registry and so on.

 

Certainly nobody asked you to evaluate the cleverness or stupidity of this topic. Keep these comments to yourself.

 

This rookie can not tell the difference between a behavior blocker (now UAC in Windows, and root code in Linux), and a firewall, and he wants to control all the actions of a computer ... it's a dream.

 

Not all portable versions are "clean", just look at Zemana, it installs a permanent driver. Portable version takes too much time to "install" (20 secs vs 10 secs compared to the setup).

 

Btw, it seems pretty obvious Piriform just wants you to upgrade to one of their paid versions, which is why the update process launches your browser to their website.

 

Wow, 20 secs is much time nowadays

 

20 secs for several apps a day, that is half an hour a month, a few hours a year.

 

Aaahhh, Elliot, shoulda known it was you, ofc. Nice show-off moment there, pro. You remind me of a certain Mr Bill MS MVP. All I can tell you is that based on the 70 comments received so far you seem to be the only one who thinks this is a stupid topic. If ppl wanna discuss it, then we will and you are welcome to abandon this space here. Best of luck to you!

 

Thanks !

 

It's not a stupid topic. I've found it interesting and I've been learning from it. If you don't like it don't look at it.

 

It is stupid, a legitimate process connects, it takes a behavioral blocker to block a "leak" ..., while Windows only tolerates the UAC since Vista as a behavioral blocker.

No sens.


You just have to block the Ccleaner update, for paranoids use Eset Nod32 which can block in the kernel, with an API (and UAC), child process, but it's useless.

 

UAC is not behaviour blocker and Windows is limited in that way. But there are 3rd party tools that can be used for that.

 

In this topic, people without real knowledge (process and network) want to control the supposed leaks of an OS, with obsolete methods, and they cling to their dream of magic tool.

Pfff !