Internet Explorer differences between XP & Vista.

Split from: x64 release for Windows XP & Vista.

Hi Robert,

I've tried to reproduce the issues you are mentioning, but I was not successful so far.

For the ruleset loading issue (1.), maybe it is specific to the ruleset you are using. Could you send it to me (at lnssupport@soft4ever.com) ?

For Internet Explorer (2.), my understanding is you got the "Application tried to start another application which connects" alert, because you are saying there is the "Direct connection allowed" checkbox. In that case, yes you need to tick this checkbox, otherwise the application will be just allowed to start the other one but not to connect directly, and it happens explorer/internet explorer requires both rights. Note that this problem has nothing to do with the fact the internet filtering is enabled or not.

For your 3rd point, I confirm it may be required to allow internet explorer/explorer (iexplore.exe/explorer.exe) to have both rights (start another application, and connects directly). If you change the option, a simple refresh may not work because the same blocked connection could be reused by the process (and there is a kind of cache mechanism). It is better to quit the application and restart it to see a change.

Regards,

Frederic

 

Re: x64 release for Windows XP & Vista.

Hi Frederic,

First of all, thanks for putting in the effort.

I just came back to post that I managed to resolve issue 1.
Something weird must have happened to the file while copying it to the floppy disk. All line breaks were lost, so the file was one continous stream of characters. I solved it by creating a small disk partition and sharing it between the Win XP 32-bit and Vista 64-bit installation. Normally these are completely hidden from eachother, hence the need for the floppy disk. (Or sending it to a web email address.)
If you still want the file, I can send it to you.

Regarding issue 2, I get that after starting up/rebooting the PC, booting into Vista x64, logging in, and starting IE7 myself. Note : I have "about:Tabs" as my IE7 home page.

With this I mean, that after typing for example "hotmail" over "about:Tabs" in the address bar, and hitting [CTRL]+[ENTER], I get the LnS popup with 3 options (instead of 2). After answering it with "Just for this session" and [Authorize] I instantly receive the error page. Split second.
I get the LnS popup with 3 options ("Just for this time", "Just for this session", and "Direct connection allowed") only on the very first net access. Subsequent attemtps during the same session give me the popup with 2 options.
Selecting "Just for this session" on the very first net access with IE7 is fatal for that boot. I have to reboot, or to prevent a reboot, stop and restart LnS.
So I thought.
I discovered this evening that waiting 30 seconds or so longer, after deselecting "Internet filtering enabled", resolves the problem.
The connection attempt has timed out, but a refresh grants access to the internet. This prompted me to check the log, and I was shocked how many entries were in there. (shot : http://i5.tinypic.com/6hdyln9.jpg.) It's almost flooded with entries. Normally not so in Win XP. I turned on sound, selected "Internet filtering enabled", deleted the IE7 entry from the application filtering tab, and rebooted. Went through the same procedure and was treated to a barrage of "ding" sounds after hitting [CTRL]+[ENTER]
Then I deslected "Internet filtering enabled". It took a long time, until after the "ding" sounds almost stopped before resolving the problem. I guess poor LnS was too busy. Luckily I had anti-flood threshold enabled.
The "UDP: Any other UDP packet" entries for [192.168.2.1] (my modem/router) are normally not there in Win XP.

Regarding issue 3, Same starting procedure and conditions as per issue 2.
But I opened LnS before starting IE7 myself. I type "hotmail" over "about:Tabs" in the address bar and hit [CTRL]+[ENTER]. Receive the LnS popup with 3 choices and 2 buttons which I answer with "Just for this session" + [Authorize]. An IE7 entry is added with red stop sign and double green arrow icons. Looks like LnS is blocking IE7 immediately after selecting "Just for this session" + [Authorize]. At least on my Vista installation.

Apologies for this War and Piece story.

Robert

 

Re: x64 release for Windows XP & Vista.

Hi Robert,

Thanks for the additional information.

For the ruleset, yes, if the CR+LF were no longer there, it will not load properly. It's not required to send me the file.

For the 2nd issue, the log helped me to understand the problem is actually related to the internet filtering and not to the application filtering alerts as I initially thought.
The log is showing blocked packets with port numbers above 49000, so probably you are using an old ruleset in which the local ports are set to the range 1024-5000 for the two rules:
"UDP: Allow DNS..."
"TCP: Allow standard internet..."
Just edit these rules and change the criteria from "Range A-B" to "Local In". Maybe some additional rules you created need to be updated too.

This was a change in the 2.06 version to support Vista, because Vista started to use local ports between 49152-65535 instead of the usual 1024-5000 for the previous versions of Windows.

We will look into the 3rd issue, after the 2nd is fixed and you get a cleaner log (only the LLMNR and SSDP alerts should remain).

Regards,

Frederic

 

Re: x64 release for Windows XP & Vista.

Hi Frederic,

Thanks for confirming the resolution of the first one.

Regardinding #2, as per your suggestion, I changed the port ranges of rules "TCP : Authorize most common Internet services" and "UDP : Authorize name resolution (DNS)" from 1024 - 5000 into 49152 - 65535.
The log now looks like this after a reboot : http://i4.tinypic.com/5z58tc5.jpg
At the time of the screenshot, the "dings" have just stopped.
Thanks for your help on this one.

#3
But when I start IE7 as described earlier, it's still not going anywhere.
The entry in the "Application filtering"-tab for IE7, is created with the stop sign and the double green arrows. Singel-clicking the stop sign to make it green and then refreshing, just gives me the "waiting for" message in the IE7 status bar. Unchecking the entry (and leaving it as green dot and green arrows) to make IE7 request for permission again, also just gives me the "waiting for" message. Probably the caching mechanism as you explained earlier.

BEG EDIT:
I forgot to mention this, and it's not so important anyway.
But LnS fails to register with Windows Security Center on my box.
END EDIT

Robert

 

Re: x64 release for Windows XP & Vista.

Hi Robert,

There should be no stop sign for IE and explorer. Also check Services.exe and svchost.exe are allowed to connect.

Does the problem appear only after you blocked IE ? (in that case, I suggest you exit IE7 and you restart it after changing the blocking setting)
Or is the problem systematic and actually IE has never worked at all as soon as Look 'n' Stop is started.

Yes, this is a known issue under Vista, the registration to the security center works only if Look 'n' Stop is started as Admin.
A service will be required to have this working. If possible this will be part of the next update.

Frederic

 

Re: x64 release for Windows XP & Vista.

I'm not explaining very well.
I think some pictures will make this clearer.

Shot 1 : PC just turned on, booted into Vista x64, opened LnS, opened IE7

http://i8.tinypic.com/54cc6rq.jpg

Shot 2 : "hotmail" and [CTRL]+[ENTER] in the IE7 address bar, LnS popup shows. Selected "Just for this session", will click "Authorize" next

http://i5.tinypic.com/4kverk8.jpg

Shot 3 : Clicked "Authorize". Immediate error page in IE7. Lns "Application filtering" tab has new IE7 entry. IE7 is blocked, instead of allowed for this session.

http://i16.tinypic.com/63jqis9.jpg

Shot 4 : Single-clicked the red stop sign to grant access. [CTRL]+[F5] in IE7. "Waiting for " message in IE7. Even after 10 minutes it's still like that.

http://i12.tinypic.com/4ujtqo9.jpg

From now on it's game over for IE7 during this session.
"Direct connection allowed" or no selection and just clicking "Authorize" do not resolve the issue anymore.
You suggested earlier :

I managed to get IE7 going again during the same session only once, by doing this (this = closing IE7, or did you mean LnS with "the application" ?). Even closing IE7 and removing the entry, and retrying doesn't work.
Stopping LnS then restarting it, followed by selecting "Direct connection allowed" (or no selection) and clicking "Authorize" is the only thing that works during the same session.

The other way to get IE7 going again is to reboot, followed by selecting "Direct connection allowed" (or no selection) and clicking "Authorize".

I do not want to grant IE7 direct connection rights.

I wish I could give a better explanation, sorry.

Robert

P.S. I do not know why (optimization?), but tinypic.com does makes the screenshots blurrier then they are. Hope they are still clear.

 

Re: x64 release for Windows XP & Vista.

This is normal, you need to allow IE7 to connect directly.
In that special case, IE7 is the parent of the application and also the application to connect to internet, so both rights are required.
Note that the "direct connexion" is simply the same right you give when the standard Alloc/Block popup for an application opens.

Yes, I think IE7 process is still flagged as "to be blocked" since you didn't allow it the very first time.
Yes, what I meant is closing IE7. Normally if the process is really stopped and a new one is created, Look 'n' Stop should apply the new attributes if they were modified. It's only in the case of the same process trying to connect again this kind of problem could happen.

Ok, in that case, closing/restarting Look 'n' Stop reinitializes also the attributes.

You have to, otherwise it can't connect and display the web page.
Not sure what you meant by "(or no selection)". When the dialog box of your shot2 is displayed, you need to select the "Direct connection" otherwise it can't connect.

Frederic

 

Re: x64 release for Windows XP & Vista.

But that is not the same behaviour as in Windows XP (x86) I'm experiencing.

In XP without a LnS "Application filtering" rule for IE7 :
I get the Lns popup with 2 options "Just this time" and "Just for this session".

• selecting neither and clicking "Authorize", grants IE7 net access without future intervention by the LnS popup. It looks like LnS translates this (behind the scenes) into "Direct connection allowed for this and future sessions" ?
  The newly added application filtering rule (green go sign, double green arrows) survives log offs and reboots.
  Log offs and reboots do not cause future intervention by the LnS popup.
• selecting "Just for this session" and clicking "Authorize", grants IE7 net access for the duration of the current session. ("Direct connection allowed" is assumed ?)
  The newly added application filtering rule (green go sign, double green arrows) does not survive log offs and reboots.
  Log offs and reboots cause future intervention by the LnS popup.

In Vista without a LnS "Application filtering" rule for IE7 :
I get the Lns popup with 3 options "Just this time", "Just for this session" and "Direct connection allowed".

• selecting "Direct connection allowed" and clicking "Authorize", grants IE7 net access without future intervention by the LnS popup.
  The newly added application filtering rule (green go sign, double green arrows) survives log offs and reboots.
  Log offs and reboots do not cause future intervention by the LnS popup.
• selecting "Just for this session" and clicking "Authorize", blocks IE7 net access for the duration of the current session. ("Direct connection allowed" is not assumed ?)
  The newly added application filtering rule (stop sign, double green arrows) does not survive log offs and reboots.
  Log offs and reboots cause future intervention by the LnS popup.
• selecting neither and clicking "Authorize", same behaviour as selecting "Just for this session" above.
  My mistake, I said in a previous reply that this would also grant IE7 net access.

In XP it's possible to change the new rule's behaviour and persistence, by unchecking or deleting it during the same/current session and making the opposite selection before Authorize.

I I understand.
But why is this different from IE7 on XP ?
IE7 in XP doesn't offer me to select "Direct connection allowed" when there is no "Application filtering" rule for it yet.
It always implies "Direct connection allowed" when I click the "Authorize" button. With or without a selection made.

Isn't "Direct connection allowed" only necessary when IE7 (or one of its components) is started by another program/process ?
There would first be a 3-option popup for this other process (the parent), and then a 2-option popup for IE7 (the child).
Just as is the case with starting WMP without a "Application filtering" rule being present for it.
I would first get the 3-option popup for Windows Explorer (denying it (WE) direct access, but granting it to start other connecting programs just for this session.)
Then I would get a second 2-option popup for WMP (granting it net access just for this time.)

Robert

 

Re: x64 release for Windows XP & Vista.

Hi,

I did some tests under XP, Vista x86 and Vista x64.
Just to confirm that the difference is between XP and Vista, not between x86 and x64 (so I will probably create a new thread with that discussion, to not keep it in the x64 announce).

Under XP, Look 'n' Stop detects Explorer.exe starting IExplore.exe
Under Vista, Look 'n' Stop detects IExplore starting IExplore.exe.
I don't know why it is different.

As a result:
- under XP you have two dialog boxes, one for Explorer (the parent connection) and one for IExplore (the direct connection)
- under Vista you get only one dialog box (the parent connection)

The "Direct Connection allowed" checkbox is there to avoid an additional dialog box (the direct connection one) when the parent application, is also the application which will connect directly.

Most of the time the parent application just starts another application that will connect, but the parent connection doesn't connect directly, so not checking the "Direct connection allowed" is Ok.
For the particular case if IExplore under Vista, since it is detected as parent and application connecting, the checkbox must be checked.

Hope this clarifies the way it works normally in the case you select the right choice initially.

Now for the problem you encounter after blocking the connection (if you don't tick the "Direct Connection allowed" check box) and trying to allow it after.
I was not able to reproduce that. What I've reproduced under Vista (x86 and x64) is:
- if I don't tick the "Direct connection allowed" check box, then the error appears immediatley in Internet Explorer
- if I open Look 'n' Stop, and I select Internet Explorer to connect directly (by removing the stop sign and having the green icon), and if I keep Internet Explorer open and I try a refresh, the page doesn't open, and I get the "Waiting for..." message in the status bar of Internet Explorer.

But the difference is: as soon as I stop Internet Explorer and restart it (so it creates a new process) then the page displays properly. There is no need to reboot or to stop/restart Look 'n' Stop.

I don't know why it is different for you. Anyway IExplore has to be allowed as parent and as connecting directly, so normally there is no reason to enter this special conditions, after the right attributes are set.

Regards,

Frederic

 

Hi,

Thanks for explaining. At least now I know what´s happening (I think ). It was confusing.

Well first I thought it was consistently asking for direct connection because I was using the 32-bit IE7 version. It has to be completely separate from the OS to run on the emulation layer.
But when the 64-bit version showed exactly the same behaviour, I got lost. And now that you confirmed the difference is between XP and Vista, it might be that IE7 on (any number of bits of) Vista is now completely separate. Or MS just makes it pretend it is. Of course this is just a wild guess.

The last problem, has to be my problem then. I'm still completely confused by this one. In the end, I could try a clean re-install because right now I'm just learning and playing around a bit with Vista. There is absolutely nothing to lose.

Oops, I'm clogging up the X64 announce thread again.
Please accept my apologies. I should stop making these long replies.

Robert

 

I don't know either what the issue could be. Perhaps, the process remains in memory anyway, even if you exit from the GUI.
Not sure, it has to be investigated further, since anyway Internet Explorer has to be allowed... So blocking, and then allowing it, is not something you will do every day.

No problem I've created a new thread.

Frederic

 

I think I know what caused this issue.

To rid off it, I was going to format the partition and re-install Vista.
Although not really needed, I did a quick check for things to keep.
I bumped into the 5 screenshots below.

This program has potentially unwanted behaviour :
IE7 Start page : http://i6.tinypic.com/2qlfqzl.jpg

IE7 Start page : http://i10.tinypic.com/4kcj1ac.jpg

LnS lnsfw1.sys : http://i8.tinypic.com/66w44n6.jpg

LnS lnsfw.sys : http://i18.tinypic.com/6bnsto7.jpg

LnS looknstop.exe : http://i17.tinypic.com/2m5ktvn.jpg

But in my enthusiasm to disable Windows Defender, I also cleared its history. I wish I hadn't. It was almost like a reflex.
I noticed that there were more recent entries for LnS and the IE7 start page.

But the issue is resolved now, and I'm reluctant to enable Windows Defender again.

I also notice that since installing LnS, it takes very long for the network to become available after logging in.
I first see a red X accross the network connections icon (2 monitors) in the system tray for a very long time (varying between 20 - 30 seconds), than a yellow circle with an exclamation mark in it for a shorter time, then eventually the blue globe.
Don't know what can be the cause of this.
Will see if the disabling Windows Defender resolved this. (Rebooting after right after this.)

Robert


[START EDIT]
Just rebooted. The delay is still there.
But I think the real cause is that Windows is attempting to find a bluetooth peripheral device driver for my mobile phone.
It will not find it and throw a popup eventually, just when the network connection starts showing a globe.
But there are no 64-bit drivers for it yet.
On the next reboot I'll tell it (AGAIN) to give up. I already do that each time.
[END EDIT]