Discussion in 'LnS English Forum' started by Frederic, Nov 12, 2004.
Yes Def. I love to install porn into my registry.
Any interesting links would be appreciated...
Frederic, are you aware of this issue
No, I wasn't aware for this particular executable, but gkweb told me that he had also some times false detection with ProcessGuard.
If all these applications (including LnS) are handling the same critical Windows API usable for injection, there may be some conflict, explaining this.
I will try to reproduce to see what's happenning, is DCSUSERPROT.EXE part of ProcessGuard, or is it another tool ?
It is part of PG.
Yes, I understand better because you are saying PCAudit2 failed without notifying at all. So I understand your request now.
This is strange, normally you should have be prompted with a name of a new DLL.
However, if all the applications PCAudit2 tries to inject don't have access to internet, then I suppose it will fail before asking for the new DLL.
I tested PCAudit2 again and this time L 'n' S notified me. I think it was just the application it tried to use before did not have internet access. Please disreguard my request.
Just had time to test this beta driver, she works smoothly against Copycat, pcAudit v6.3- and the two DNS testing leaktests. I ran some additional tests also, she appears to do what had been advertised…
Continue the excellent work Frederic!!!
Steps I done was renaming lnsfw1.sys to lnsfw.1.sys.old, applied ActivatedSoonEnable.reg which I had updated specially for this beta driver to include the necessary, and then re-booted the system…
Thanks Phant0m for your support
I haven't upgraded to XP SP2 due to some apps incompatibilities..I was wondering whether it's useful to upgrade the driver..have you extended the windows versions it works on?
why doesn't it work on XP SP1's?
This works great! I have XP Home SP2, running with no problems!
This is not true! The new driver perfectly supports my XP-SP1 system, PCAUDIT2 got no chance
Yes, it may work by chance, I didn't tested on WinXP-SP1 actually
To verify if the new blocking features are supported or not, open the console, ask for the driver logs.
After FW1: If you see lines like this:
They are supported.
If you see a "FOx_KOy!" one feature is not supported.
I do not get any of these console messages at all.
Is it necessary to start one or the other leaktests to see these specific driver log entries??
For my testing I just downloaded the PCAUDIT2 leaktest from gkweb's page on my WinXP-XP1 system and LnS perfectly blocked it.
When would you have to do that?? I am on win2k have installed all the updates adn modified the registry but when going on console I get after FW1
Do I have to run the tests to see the results you say??
Rebooting is the answer to Ruben's and to my question!
So here are the results from my WinXP-SP1:
Yes, you need to look at the driver logs just after Windows has started, otherwise other information in the logs (like application connections) will overwrite this information (since the driver logs is a circular buffer with a limited size).
Sometimes you also need to start some applications before having a FOx_Ok or the FOx_KO.
ok, will try
I pass all the ones in the log but I also have this: ReSLIN! Is that OK? or is something wrong? I guess I just want to know what it means...
And here are my logs for the Win2k-SP4 machine:
Driver Entry Win2k/XP d1.
ReSLIN! (what is this??)
Here's my log. WinXP SP1
Driver Entry Win2k/XP d1.
So...what's not working, Frederic?
Do you advice that I return to the old driver, or that I keep this one?
anyway I think, before releasing a new LnS executable, bundled with the new lnsfw1.sys file, you should test it thoroughly on systems with XP SP1 only..as lots of people out there haven't updated yet..
Just for the record on restart I got the results I was looking for -) Thanks Frederic
=> Copycat leaktest/troyan type won't be detected
=> DNSTester leaktest/troyan type won't be detected
Separate names with a comma.