how can this program bypass the firewall?

Discussion in 'other firewalls' started by mantra, Nov 1, 2013.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    Hi

    xnview is a great software free and clean

    but when it checks for update , it bypass the firewall

    i tried with eset smart security and look and stop

    at check for update no pop up

    can you explain it?

    thanks
     
  2. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    It is whitelisted?
     
  3. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    nope , i don't think
    and i disabled it the whitelist
     
  4. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    130
    Location:
    USA
    Have never used the program myself so not sure how it's updating but it might be using a webservice that is using http 80 traffic that you have open already for your Web browser maybe?

    You could download and run WireShark and have a look at the packets and then know for sure where and how it's talking if your current firewall is not logging it, though it should be.

    http://www.wireshark.org/
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Possible reason might be you are running some local proxy software, avast webshield is one, but there are many others. Perhaps those firewalls are not able to filter that loop hole. I know Windows firewall can't.

    Avast had mitigated the problem a bit by allowing only known browsers on TCP 80.
     
  6. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    if you use ZoneAlarm free firewall and block the update for this program then i am sure it will not bypass.

    You may try it and tell us the result.
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    nview.JPG


    But I guess any decent firewall should be able to block this program. Better to check with ESET support how to setup ESET firewall to warn you about software connecting to internet. I am sure you are missing something on ESET firewall configuration or application control.
     
  8. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194

    [​IMG]



    here you have it, ZoneAlarm free blocks xnview. good luck
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Comodo firewall with custom ruleset would alert to this.
     
  10. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    thanks a lot to everybody
    can't understand why it bypass my firewall
     
  11. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    wireshark is not free
    is there a free and maybe portable version or at least free?
    i would appreciate it a lot

    maybe nsoft should i developt at least 1 program
     
  12. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    202
    At this time Zonealarm is incompatible with Avast...

    They are working on it...

    rrrh1 (arch1)
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Interesting, working on it? Do you have please a link in which AVAST confirms its working on it? I could not find it so far.

    Thanks,
    Fax
     
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
  15. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    hi

    i'm considering a security suite alternative to smart security

    the new forum and the supprot is:thumbd: :thumbd:

    so zonealarm can detect it

    i tried smart security 6 and 5 , look and stop and they don't detect it

    outside wireshark is there a portable program created by nirsoft that can do it
     
  16. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    If LnS did not reported then it uses system programs or settings which were already made. check or post your LnS settings if you dare :D

    BTW i also use xnview and windows 8 firewall control from sphinxsoft detects its outgoing request. so i assume same as above - either misconfigured proxy settings in internet explorer or you system has certain vulnerabilities you cannot handle any longer - a zombie computer used for bot attacks.
     
  17. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    which firewall? can you name it ?
     
  18. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    eset smart security and look and stop
     
  19. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    may i know what protocol does it use? i mean xnview

    i have windows 7 64bit full updated and smart security updated ,plus malwarebyte

    what should i do?
    i have very few software installed and all legit!
    so?

    thanks
     
  20. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    For a test, first make sure that you have no allow rule for this program, then put the ESS firewall into Policy-based mode and see if it makes a difference?
    In this mode every connection attempt in/out will be blocked unless there is a rule.
     
  21. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    It is xnview.exe, TCP 80 and the remote IP is 178.33.105.203 from my location.
    Xnview->Info->Check for Update...
    Used Windows firewall with TinyWall controller. It seems to be just a normal program with no special internet access tricks.

    I just tested the software on Sandboxie. With SBIE you can disallow all internet access, except for those programs you whitelist, so even if you had a local proxy program running on your system or some "baddie", Xnview sandboxed would not be allowed internet access with that setting, unless whitelisted by SBIE1307 popup.
     
    Last edited: Nov 1, 2013
  22. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    use ZoneAlarm free firewall then you are much safer.
     
  23. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    202
    Zonealarm is working on it not Avast...

    abut as clear as mud...hope this clears it up a bit.

    rrrh1 (arch1)
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    I am afraid not an issue with ZA. All started with AVAST 9, not ZA. But if you say ZA is fixing it, I believe you. Not sure where you got the info anyway...
     
  25. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,148
    thanks , i appreciate it a lot Jarmo!
    a program like cports nirsoftware should detect it?
    in the filter i added include:process:xnview.exe

    even curreport detect connections created by xnview info->check for update
     
Loading...
Thread Status:
Not open for further replies.