I never actually monitored it's network traffic but after some of the last updates CCleaner is launching much longer if it's blocked by FW. This is my experience whether I use Windows FW or 3rd party (ESET, Kaspersky - IDK if they use their own filtering engine or MS' built-in). It seems to me that if CCleaner is starting slowly this is a good indication that it couldn't established network connections the way it tried to do.
Hadn't used EAM Network lockdown button before - good idea - but @stapp don't you mean the other way round, click to 'On', then 'Off' again (it is 'Off' by default)?
You got me there paulderdash !! Too much green tea this morning. (By the way, when you turn the network lockdown on, EAM definition updates are programmed to be the only thing allowed through)
I believe it's done by using svchost.exe to bypass the firewall, I don't know why M$ has made this possible. SpyShelter gives me an alert about "Inter-process communication", never really knew that this was a security risk until it was mentioned in the WFC thread, about Adobe Reader X using the exact same method. This leads me to the conclusion that these type of apps can't be fully trusted.
I somehow doubt it. CCleaner doesn't install service and AFAIK doesn't use svchost. When using ESET I get prompts for outbound request for svchost on per-service basis and create rules for specific service and not whole svchost executable. So CCleaner should abuse some system service that is allowed to connect out , but I really really doubt that this is happening.
I'm not an expert on this topic, but the way I understand it, is that these apps don't need to launch svchost.exe or need to install a service in order to use this firewall bypassing method. It seems that they can simply communicate with the already running instance of svchost.exe via interprocess communications, that's why SpyShelter alerts me about this. The problem is that lots of legitimate apps use IPC for all kinds of stuff, so it's difficult to say if it's used in a malicious way. So you either trust some app or not. However, I do notice that when you block CCleaner and Adobe Reader X from IPC, they still function correctly. It's also weird that I never saw this technique being mentioned on sites like Matousec back in the days. https://docs.microsoft.com/en-us/windows/win32/ipc/interprocess-communications
CCleaner 5.68.7820 released https://www.ccleaner.com/news/release-announcements/2020/06/23/ccleaner-v5687820 CCleaner builds https://www.ccleaner.com/ccleaner/builds
The CCleaner link is temporarily unreachable from Italy. No problem with a Proxy: Changing DNS (Quad9 ----> Clean Browsing DNS ) does not solve the problem.
CCleaner v5.69.7865 Release notes https://www.ccleaner.com/news/release-announcements/2020/07/21/ccleaner-v5697865 Builds page (including slim build) https://www.ccleaner.com/ccleaner/builds
I discovered the "problem". I had put Adric's rules into the Hosts file and then I forgot about it. This rule obviously prevents you from reaching the website: Code: 0.0.0.0 www.ccleaner.com
Sorry about that. I wanted a clean LiveTcpUdp log. You can still download directly without being blocked, which is all I needed.
I have a very annoying issue with that CCleaner update. For years and years, I've been using CCleaner and have never encountered that kind of problem. After starting my computer/s, I would open CCleaner and leave it in my taskbar. Now, that newest update Ccleaner, SLOWS DOWN my computers! I cannot leave it minimized like I've done it for YEARS!
Answered: 31 popular online questions about CCleaner July 23, 2020 https://www.ccleaner.com/news/blog/2020/07/23/31-popular-ccleaner-questions
CCleaner is resetting my extensions since updating Firefox to v79. https://www.wilderssecurity.com/threads/noscript-10-new-version-releases.397945/page-19#post-2934629
You should therefore remove the deletion of the ".sqlite-shm" and ".sqlite-wal" files from the rule "Internet Cache". It is also not necessary that these files are deleted by the rule "Internet Cache" ... I suppose only Avast / Piriform can do that, else 'Internet Cache' would have to be unticked which makes CCleaner a bit pointless. Wonder of Wise Disk Cleaner does same.
I have included: C:\Users\nnnn\AppData\RoamingFirefox\Profiles\*\*.sqlite, sqlite.shm and sqlite.wal in Options>Exclude? I had similar before, but for favicons only (must have been in the distant past) ... but as the man says in the Community link, 'places' uses that path / string as well - as does' webappstore', 'cookies' ...
Microsoft now detects CCleaner as a Potentially Unwanted Application July 29, 2020 https://www.bleepingcomputer.com/ne...leaner-as-a-potentially-unwanted-application/ PUA:Win32/CCleaner
"...'We’re in touch with Microsoft to resolve this as soon as possible,' a representative from CCleaner noted on Twitter..." https://www.windowslatest.com/2020/07/30/windows-defender-ccleaner-potentially-unwanted-app/ https://twitter.com/CCleaner/status/1288439298082168832
