Firewar still able to terminate Outpost FW with PG

Outpost Pro v2.0.238.3121 (290)
Process Guard v1.150
Firewar Standalone Edition http://www.paoloiorio.it/fw.htm

I have all the block flags selected for outpost.exe, both General Protection Options selected and CHM.

TaskMgr is unable to stop the process.

Upon execution, Firewar causes CHM to pop-up, I click cancel twice then receive an error from Outpost as it unloads.

Attached is a screen shot of the PG log, which doesn't report any attempt on outpost.exe from firewar.exe, the Outpost error, and Firewar showing that it has disabled Outpost.

 

Hi aperkins and welcome,
This issue has been addressed in the DiamondCS General Forum and will be looked into
quote from Jason:

quote from Pilli:

Dolf

 

i never have worried about firewar, and considered it a gimmick.. i think diamondcs has the bases covered..

 

Gimmick or not, I expect PG to protect the applications I assign to it, period. Anything less would put DiamondCS in the general, kinda works, utility catagory.

They have chosen to be the leaders in their field, so they must continue to perform above and beyond...

We should expect nothing less.

 

They ARE the leaders in this field, because there is no competition for this program
But as you could have read: they are working on it
Dolf

 

At least Outpost gives you a message that it has been tampered with. It would be worse if it just closed silently.

You can immediately restart the firewall afterwards, by clicking on the program shortcut in Start Menu Programs.

 

you are further ahead by using PG than not.

be interesting to see if SSM allows firewar to even execute - my guess is it will not...

just tried both firewar versions... html & .exe

the html page doesn't even make my browser burp, and the .exe can't start up with SSM in place

nice result for this insecure win9x system...

looks like a weak exploit, except if you have ur config...


probably isolated layer in some more defenses until PG handles...

 

Yes and on Win98 that is a reasonable solution

 

peakaboo, which version of system safety monitor do you recommend? which version are you using?

 

redwolfe, If you are running Win98/SE or above, I would recommend you try the latest version 1.9.4b1. If you have any problems look in the help file (help file should unpack when you run SSM.exe) and email the author. Max is very responsive.

If you are running below Win98/SE contact Max for special build.

I'm running a special build off the SSM 1.9.3 platform.

get the latest version here:

http://kormushkin.narod.ru/ssm.zip

also if you have any problem with the Html version of firewar you can defeat by taking away the activex...

either

1) turn off active x if you use IE or
2) use proxomitron with a filter which kills activex or
3) use a browser which doesn't support activex - Opera or Firebird

 

i installed the latest version of ssm.. ssm appeared to stop firewar from running, but it (firewar) still managed to shut down my kerio 2.15 firewall (somehow).

 

redwolfe,

With SSM running after you have allowed all trusted aps right click on SSM icon in systray and move from administrator mode to user mode

then try running firewar.exe

the .exe should not even start since it is not trusted ap; exploits can't fool it since it uses MD5 fingerprint

great discussion by gkweb on two different approaches sandboxing & process monitoring here:

http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/software.html

the point is if SSM will not allow the firewar.exe to run then it won't allow a trojan or any other program or Ap which is non trusted to run either...

contact Max via email if it does not work as you expected, or post to SSM thread, worked fine for me.

additional discussion re: SSM...

http://www.wilderssecurity.com/showthread.php?t=17132

 

thanks, peakaboo.. that worked, switching it from administrator to user mode.. now it is stopping firewar even in administator mode.. 'don't know why it wouldn't, before. ssm is running smoothly..