CCleaner connects despite being blocked in FW

Discussion in 'other firewalls' started by soewhaty, Nov 9, 2017.

Thread Status:
Not open for further replies.
  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    Posts removed.

    This thread will be closed if it cannot continue without insults being made.
     
  2. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination.

    The Windows Filtering Platform is supported on clients running Windows Vista and later


    https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx


    A malware manufacturer does not need to use leaks, since everyone uses Windows firewall, and Windows firewall filters little outbound traffic.

    A malware manufacturer laughs when he sees an anti leaks, so in user mode, in the application layer, he laughs, since Vista, SINCE VISTA.
     
    Last edited: Dec 23, 2017
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    @soewhaty, don't know what happened to your last post, but I hope you come back with some updates and just ignore posts that aren't useful. I too like portables and I don't like stuff connecting out either.
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @Boblvf
    Your opinion make me laughs...realy. But i"ll try to be serious...you seems to look as an expert and because I'm still using Vista I would ask you - could you show/share the rule in Vista FW that can block or alert about such behaviour like in CClenaer about which we disscus?
     
  5. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141

    I answer for others.

    If CCleaner starts as a service, you can block this service in outbound Windows firewall, or disable its update, or not use it, at best it is useless, in fact it is dangerous.

    If CCleaner uses svchost, you need a firewall (Kaspersky, Eset, Bitdefender) that blocks parent / child processes, or use Eset Nod32 (with or without firewall) that can prevent CCleaner from starting another application.


    The "HIPS" and other tartufferies are useless.
     
    Last edited: Dec 27, 2017
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    It doesn't start as a service and it doesn't use svchost. You can check first few posts to see what OP is talking about.
    If we talk about Eset Nod - it's the HIPS component that can achieve thing that OP wants. So it's a 3rd part tool and HIPS that gets the job done. Two thing that you say are not needed.
     
  7. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141

    "HIPS" Eset is a commercial term for nice consumers, to describe a behavioral blocker, it acts in the kernel.
    .

    You and others have never understood how an antivirus works, you recite marketing fables.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Nope it's not a commercial term it's actually a HIPS. You can go and manually configure it and you will realize that it's HIPS we're talking about and not behavior blocker. (P.S.: didn't you say that after Vista, there is only one behavior blocker: UAC? ;) ).
     
  9. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I couldn't resist...and perhaps you are the only one :argh:
     
  10. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141

    I can not tell you who you are, the moderator would not be happy.
     
  11. Boblvf

    Boblvf Registered Member

    Joined:
    Aug 10, 2014
    Posts:
    141
    Lesson:

    - if a behavior blocker asks a lot of questions, it is misconfigured.
    - since Vista, UAC is the behavior blocker of Windows, the root code that of Linux.
    - the "HIPS" (commercial term of ESET) acts in the UAC ... it is a complement.
    - all the "HIPS" do not use the UAC, they use hooks in user mode in the application layer, and NOT in the kernel, it's small sh*t.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    1. Yes, BB can be misconfigured. Also system could be infected and malware actions could trigger prompts.
    2. UAC is not behavior blocker it's "privilege elevation blocker". MS never describes UAC as behavior blocker. Also malware can run under SUA doing all kinds of things without triggering UAC prompts.
    3. HIPS doesn't act "in a UAC". It's drivers and services run at highest privilege level so they are not affected by UAC.
    4. After Patchguard introduction most HIPSs and AVs load digitally signed drivers and run in kernel.
     
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  14. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    i dont get the problem here - using the portable with activated update check? if not wanted just uncheck it. if you want information then is used as descriven. IMO the discussion changed from portable to the installed version which ofc has impacts, not only since avast bought it (now its pain and not clever).

    my portable here never bothered about updates (not checked) nor wanted outgoing. maybe it is more helpful to supply to a mailing list for ccleaner for updates (dont know for piri but others have). Or update tools like SUMo.

    this page for now is trash talk, too many people writing crap.

    concerning hips i only can say that if it not part of an antivirus or firewall it may be too difficult, eg "malware defender". there is a long thread about MD here which explains it all. but for the masses hips is not recommended - i say.

    KISS - keep it simple and stupid. if you cant handle it, deactivate or uninstall.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    he already gave his permission when ticking ccleaners option. was that too simple?
    i dont know if there is a feature description for it (piriform ccleaner faq).

    here it goes
    https://www.piriform.com/docs/ccleaner/using-ccleaner/checking-for-ccleaner-updates
    for pro or higher users
    https://piriform.zendesk.com/hc/en-us/articles/204043894-How-do-I-update-CCleaner-

    assuming he is a free user the check is wanted by click - why complain?
    if he is pro+ then its possible by option.

    to note: i am running pro as portable and 6.3.5 is not the latest (is already loaded but not extracted)
    ccleaner is not vital for me.

    i appreciate ccleaner using my browser if i like to instead going out itself, but i get also news about several updates.
    i dont see any reason offending ccleaner.

    and yes - MD could have prevented browser start, but MD is not uptodate and the last free was said to be buggy.
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    As I understand it, CCleaner is only an example. Any installed software could use similar option to send data to their server using browser and by this "circumvent" firewall. The thread is IMO not about complaining it's about finding solution that could be used to achieve level of control OP wants.
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    i dont read another specific question. if so, then its a wrong topic header, maybe a forum search for "hips" would help him out.
    maybe it ends in try & error using a sandbox or shadowing software (eg shadow defender) to trial unknown software.
    or like i wrote
    if in general, this is not something to put in few simple words.
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes, OP mentions this here: https://www.wilderssecurity.com/thr...eing-blocked-in-fw.397846/page-2#post-2718484
    To fully understand what this thread is all about, reader has to start from beginning. It's hard to explain it in few words.
     
  21. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Thanks for that explanation. That is precisely what I want and what I've clearly described several times. CCleaner here serves only as an example and that ought to be evident. Seems that a few users got it, but not everyone. Seems also that ppl don't bother read anything before they post some rather odd comments, which are completely out of place. I see no need to hijack or extend this topic any longer.

    This thread has been FULLY RESOLVED already since the first few comments on page 2 so I don't even get why ppl kept on posting and asking. But since they did I duly had to reply. Already in this post - https://www.wilderssecurity.com/thr...eing-blocked-in-fw.397846/page-2#post-2719577 - I made clear how thanks to the input of a few guys the OP was resolved. From then on some users dragged the discussion into a whole new layer, which is unnecessary, insults were involved (which is completely out of place too) and so on.

    If the admins want to mark it solved or whatever and/or change the title to sth like 'Using HIPS for command line analysis' then they are welcome to do so. If the title bothers some users, then that's your problem. Nobody asks you to post comments which are completely irrelevant. The OP was clear nuff so that a few knowledgeable users were able to help me out to resolve things.

    Instead of claiming that this or that is wrong in this discussion, then read what has been said since the OP and then who knows, you might end up learn something. If you think you won't learn anything, then you're prolly not going to be reading this thread in the first place.

    Read the above text and you'll see who writes trash, where and how.
     
  22. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    Yep, thanks for that comment. The topic was good until ppl decided to hijack it into a completely other dimensions and when I pointed out some, let's call em, trash-talkers, the admins moderated my words, although I insulted nobody and said nothing harmful.

    There are 2 or 3 users around in this thread whom for no reason posted completely irrelevant and unhelpful comments and I'll just ask them to stop doing that cos their comments have nothing to do with the OP. Their comments only point out that something or someone is less knowledgeable than them and that's fair enough but keep that to yourselves. After all this is an open space where users share knowledge. If you don't wanna share yours, then don't **** over others :)
     
  23. soewhaty

    soewhaty Registered Member

    Joined:
    Feb 28, 2014
    Posts:
    74
    - Comment #12 had little to do with the OP but ok, I don’t blame the guy for shifting focus. @Minimalist was kind nuff in post #14 to point that out to him while also answering his query.

    - Again, comment #23 had little to do with the OP and again @Minimalist was kind nuff in post #24 to enlighten, for which I thank him for saving me some time.

    - Comment #26 … again off topic since I’m speaking about a general case and giving CCleaner only as an example.

    - Comment #34, again off topic.

    - Comment #38 – the solution of the OP.

    - From Comment #38 onwards I can’t even count the number of off-topic and irrelevant comments, which I never even understood.

    In conclusion – some ppl post some rly odd stuff and then go so far as to insult others without even having understood what this discussion is all about. No need for that, thanks.

    PS:
    I loved comment #88 from @Azure Phoenix and laughed *******.
     
  24. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Thread Closed. Thank You!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.