Leaktest failure of LNS with Process Explorer

Discussion in 'LnS English Forum' started by Thomas M, Mar 5, 2006.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    While reading another thread at dslreports I found this nice leaktest for LnS:

    When you start Process Explorer (Sysinternals) and right click on one of your currently running processes/programs, there is an option called "Google...". What it does is that it opens a window of your standard browser and looks up the process name at google.com. So assuming process explorer.exe is not listed at all in your application filtering:
    A.) When your standard browser is NOT open/active, you will be asked by the application filtering window of LnS, if you want to allow "process explorer" to start your standard browser :) nice!
    B.) If your browser IS ALREADY open/running, process exlorer will start the google search without any pop-up warning of LnS. It can not prevent this outbound request :( not nice!

    1.) Can somebody confirm?

    2.) The solution would be (a.) to choose a standard browser, which is not allowed in your application/internet filtering list; (b.) if you have to allow your standard browser for some reason, open this browser as short as possible (don't leave it open when not in use)

    Thomas :)
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Yes, this is known issue.

    It depends on the browser you are using, some browsers will re-create systematically a new process and they will be detected (these ones are safer to be used with Look 'n' Stop).
    Some other browser (like IE) will re-use the existing process and since the initial parent process is Ok Look 'n' Stop will allow the connection :(

    Frederic
     
  3. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Thanks a lot Frederic for the explanation!

    To the others: Would "ProcessGuard" be an additional layer of protection for this one ?

    Thanks for help,
    Thomas :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.