Leaktest failure of LNS with Process Explorer

Discussion in 'LnS English Forum' started by Thomas M, Mar 5, 2006.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    While reading another thread at dslreports I found this nice leaktest for LnS:

    When you start Process Explorer (Sysinternals) and right click on one of your currently running processes/programs, there is an option called "Google...". What it does is that it opens a window of your standard browser and looks up the process name at google.com. So assuming process explorer.exe is not listed at all in your application filtering:
    A.) When your standard browser is NOT open/active, you will be asked by the application filtering window of LnS, if you want to allow "process explorer" to start your standard browser :) nice!
    B.) If your browser IS ALREADY open/running, process exlorer will start the google search without any pop-up warning of LnS. It can not prevent this outbound request :( not nice!

    1.) Can somebody confirm?

    2.) The solution would be (a.) to choose a standard browser, which is not allowed in your application/internet filtering list; (b.) if you have to allow your standard browser for some reason, open this browser as short as possible (don't leave it open when not in use)

    Thomas :)
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Yes, this is known issue.

    It depends on the browser you are using, some browsers will re-create systematically a new process and they will be detected (these ones are safer to be used with Look 'n' Stop).
    Some other browser (like IE) will re-use the existing process and since the initial parent process is Ok Look 'n' Stop will allow the connection :(

    Frederic
     
  3. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Thanks a lot Frederic for the explanation!

    To the others: Would "ProcessGuard" be an additional layer of protection for this one ?

    Thanks for help,
    Thomas :)
     
Thread Status:
Not open for further replies.