Automatic start - system/service (+full story :)

Discussion in 'LnS English Forum' started by karrer, Apr 24, 2010.

Thread Status:
Not open for further replies.
  1. karrer

    karrer Registered Member

    Joined:
    Apr 24, 2010
    Posts:
    3
    Hi,

    i was just wondering about automatic start. Which one means earlier ignition of protection, system or service?
    Its now on 'service' but some rootkit's (rustock) spambot is able to generate outgoing traffic (on -25- smtp port) in the state xp is booting up or turning off, before/after LnS not running anymore! Its some damn tenacious rootkit working in kernel mode.

    Full story (Its an office environment):
    After sniffing the network and found out that some damn host releasing spam mails, i put LnS on it before deleting the rootkit (first i had to read some instructions about rootkit removal... :) So until i can disinfect the ominous host, lns can block the smtp traffic from it, i thought. (i cant turn the pc off or pull out cat5 because the colleague should work on it.)
    Note: In an office environment it is very critical because your public IP (smtp server...) gets blacklisted on dnsbl servers very fast (because of the outgoing spam) and after that you have nothing but complaining zombies hunting for you all around the office (lots of un-delivered emails).
    On the gateway/router you can not set the firewall allowing smtp traffic only from the smtp server and block it from any other host because its a crap asus consumer router, even if it was a rather expensive one (you just can't set up rules like that).

    So, that was the only infected host and i blocked its outgoing smtp comm. with lns, but from time to time we get back to the blacklists... It was killing me, why the damn f**k we gets back on the lists if i block the smtp port on the infected host? Then i came to realize it -only by luck- when i 'accidently' left packet sniffing (wireshark) on before going home. :) The spambot could release hundred of spam messages even during the xp's booting/turning off procedure! (And 'of course' i was not sniffing at those damn particular times!)
    It was a sharp lesson anyway.

    So will lns start the protection at an earlier stage if i set the automatic start to 'system'? And what about when halting op system down? :/

    Btw i like this fwall very much, using it from the beginnings.

    Thank You,

    K.
     
    Last edited: Apr 24, 2010
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You should use the hidden Look ‘n’ Stop registry option allows to block all traffic before Look 'n' Stop application is started BlockAllBeforeInit.reg - http://looknstop.soft4ever.com/Beta/2.06p2/Reg/

    And use the two features 'Keep * Filtering active after the application is stopped' found in Look ‘n’ Stop - Advanced options ;)
     
  3. karrer

    karrer Registered Member

    Joined:
    Apr 24, 2010
    Posts:
    3
    Thank You very much!

    Is there a possibility to doing this in 2.07? And what is the difference between 'system' and 'service' automatic start? Im just curious.

    Thank You,

    K.
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    It works w/ 2.07, no changes needed. Wrt the second question, you want "service" here so that LnS works all the time regardless whether someone's logged on or not. AFAICT the "Start Menu" and "System" methods only differ regarding the autorun entry location (registry/start menu).
     
  5. karrer

    karrer Registered Member

    Joined:
    Apr 24, 2010
    Posts:
    3
    Thank You!

    Under win7 there is no 'service' option, why?

    K.
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    No idea, sorry... don't have access to W7 box at the moment so can't try. :)
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I think it’s also unavailable for Vista ... unless it’s specific to x64 Windows. Then again it could be the Vista, and 7 OS restrictions / changes.

     
  8. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    378
    Location:
    England
    The "Service" option is not available here on XP64 either (greyed out)
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Doesn’t matter if you using 64bit or even the 32bit version of Look ‘n’ Stop, there doesn’t appear to be any support for running Look ‘n’ Stop application from service stage under Windows Vista and 7. There is an component that gets installed as service, used to communicate with Windows Security Center of different events occurring with the Look ‘n’ Stop application. :(
     
Thread Status:
Not open for further replies.