App. Filter list backup.

Discussion in 'LnS English Forum' started by Phill, Sep 6, 2004.

Thread Status:
Not open for further replies.
  1. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Hi Frederic.

    Could you tell me whether it is possible to back up my application filter list? I see that it is stored in the lns.reg file. Could this be saved and reused on a clean install? The reason I ask is that I have spent quite a bit of time fine tuning my application list and it has grown quite larhe.

    Thanks for any feedback.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Phill,

    Yes, this is exactly the purpose of the lns.reg file.

    Just double-click on a lns.reg file and your configuration will be written back in the registry.
    Look 'n' Stop must not be running when you do that (because when Look 'n' Stop exit, it overwrites the registry with the current internal settings), so quit Look 'n' Stop before double-click the lns.reg.

    Note that the .reg contains the signature values. So, depending on the files you will have after a clean install, signatures will be different if files are not exactly the same.

    If you'd like to only backup the App Filter List, you can edit the lsn.reg file (with a text editor) before applying it.

    Regards,

    Frederic
     
  3. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Thanks Frederic.

    This means I won't have to go through all my IP filtering again :).

    Also, hopefully, this means that, on a clean install, there will be no lockups on boot when I load LnSSvc.exe. I think the lockups came about from the LnSSvc loading before other important services (winlogon.exe etc...) and not allowing the services to run without an answer to the "do you allow..." promt from L'n'S. The problem I think that was because the LnSSvc was loading so early it didn't give you chance answer...

    I have now configured all early loading services to access 127.0.0.1 as a work around ;)

    Would this sound like a solution Frederic? It works for me... ;)
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Phill,

    I don't understand why you specified 127.0.0.1.

    The problem is only caused by the fact a dialog waiting user input is displayed.
    If you just allow or deny the application (like you do when Look 'n' Stop is started in the standard way), it should be sufficient, Look 'n' Stop will allow/block the application without waiting for the user input.

    Regards,

    Frederic
     
  5. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Hi Frederic.

    The reason I stated 127.0.0.1 was Look'n'Stop, as you know, asks for permission even if the application/service is accessing local ports. The problem I was having was that because the LnSSvc was loading so early, it was loading before other important services (winlogon, SMSS, Services, CSRSS..? Not sure which.). This meant that even though L'n'S did it job and stopped the service from communicating with the local port, there was no allow/deny promt displayed from L'n'S and the computer froze (would this be because it was working before explorer shell had fully loaded??). I had to disable LnSSvc and add the services manually to the application filter list and give them access to 127.0.0.1 before re-enabling LnSSvc. This then worked fine.

    I hope you understand what I'm trying to say here and it makes sense!! heheh.

    Hope this helps...

    Ron.
     
  6. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Did you understand what I was saying here Frederic? I'm not sure I explained myself properly but I hope it got through...

    Whilst on the subject, if you DO block access from the internet to an application using the application filter list, does this also block it from the localhost? (127.0.0.1) The reason I ask is that I have given local access to virtually all applications to stop compatibility problems with my system not knowing if I needed to or not.

    Thanks.
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I didn't understand why you did something special with 127.0.0.1.

    Yes, it does, there is no need to specify the IP address.
    And actually, when an application is blocked the IP & port selection are not considered at all.

    If possible only applications causing compatibility issues should be allowed.

    Frederic
     
  8. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Many thanks Frederic :)

    What I have found to be the easiest method was to allow all applications in the application filter list access to 127.0.0.1 (TCP, UDP). This way, they have full access to MY computer, but cannot access the internet at all without me adding other specific IP's. I thought this would be a very strict way letting applications access the internet whilst keeping full compatibility.

    Is this ok or is it a security issue? Bear in mind, doing the above means that applications given access to 127.0.0.1 using TCP and UDP ONLY cannot gain outbound access at all.

    Thanks for any feedback again ;)
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    Normally, your configuration should be fine.

    However, with some particular applications (like proxies for instance) it happens the local address 127.0.0.1 as a relay. So, if this kind of application is allowed to connect to Internet, with your kind of configuration all applications will be allowed to connect...
    If you are not using this kind of application no problem, but sometimes they are installed by other software (Norton AV for instance reconfigures the emails clients with this address).

    So, it is safer to only allow applications that really connect to Internet.

    Regards,

    Frederic
     
  10. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Thanks Frederic.

    I'm still not sure how applications, proxies or otherwise, can connect to the internet if I have allowed localhost only for them though. Can't L'n'S detact this relaying going on? Is it something that can be implemented?

    Thanks again for taking the time to answer...
     
  11. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    This is contradictory, you can't at the same time allow all applications to connect to 127.0.0.1 and detect/block applications to pass through a proxy which has been configured on 127.0.0.1...

    So, it would be better to remove all these authorizations, and to allow only the applications which really need to connect locally (to solve the compatibility issue you were talking about).

    Frederic
     
  12. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Ok.

    Thanks Frederic. Again, great support. Quick and helpfull. Thanks for all the help in this thread.

    :)
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I can definitely say without a doubt the problem isn’t specific to LnSSvc launching Look ‘n’ Stop before Windows Shell, and I re-call when using Look ‘n’ Stop I had that launched so early in the boot process it intercepted and prompt for everything upon booting process without freezes regardless if it was choose Accept or Block. It is possible there is something else for software installed conflicting generating this anomaly, one thing for sure this is specific to your system.

    Authorizing LocalIP for Applications in Application Filtering list isn’t what prevents the anomaly you had been experiencing, the fact it’s entry in the Application Filtering list is merely enough to prevent the anomaly. Not to mention once an app been accepted, Local activity is authorized anyhoots regardless if you configured TCP, and UDP ports fields to block on all ports.
     
  14. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Phant0m, hi.

    The problem I was having was that it wasn't giving me an option to accept or deny. The box with that option wasn't appearing, hence the system locking up as I presume L'n'S was waiting for a reply. The only way around this was to boot to safe mode, cancel LnSSvc and then reboot. I then manually added early booting services giving them access 127.0.0.1 only and re-enabled LnSSvc. I had to do this a number of times before I found the correct service that was locking the system (not sure which now though). This was performed on a clean, newly installed system with no other applications installed. All latest drivers were installed however. How this can be specific to my machine is a mystery if this was a clean install with no other applications installed to cause conflicts.

    The freeze was definitely down to L'n'S and I was hoping the post would be some feedback to Frederic so he could look into the anomaly. It may not be down to LnSSvc loading before the shell, but definitely before something.
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Frederic

    While Look ‘n’ Stop isn’t running and applying LNS.reg file doesn’t succeed to bring back the Application Filtering list entries and its settings upon booting of Look ‘n’ Stop GUI.


     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Phill

    Running Windows XP with SP2 I’ve tried everything to no avail in reproduce your anomaly, I do believe this is specific to your system.

    In Look ‘n’ Stop was "Automatic selection" disabled and your Network Interface checked under "Network interfaces" in Options screen at the time? You may just be using poor driver, or a device is malfunctioning.
     
  17. Phill

    Phill Registered Member

    Joined:
    Oct 4, 2003
    Posts:
    17
    Hi Pant0m.

    Automatic selection was disabled and I manually select my network interface too. The reason I'm sure it was L'n'S was that enabling and disabling the LnSSvc service meant my computer would boot or not boot, simple as that. I tried that a few times before adding other services manually. These services were found using another 3rd party program (I can't remember which. A freeware application from SysInternals perhaps?) As soon as these processes were added to the application filter, LnSSvc worked fine, and has done since.


    My method for the new install is found here:

    //http://www.abxzone.com/forums/showthread.php?p=321808&postcount=1

    SP2 was NOT installed.

    Again, I hope this helps.
     
Thread Status:
Not open for further replies.