New Beta Driver addressing additional vulnerabilities/Leaktests.

Discussion in 'LnS English Forum' started by Frederic, Nov 12, 2004.

Thread Status:
Not open for further replies.
  1. ArtLonger

    ArtLonger Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    9
    Hello, Frederic.

    After installation LnSfw1-d2 beta-driver (03 dec 2004) all programs, started by me it is direct (with Desktop, from menu...), became children processes of a explorer.exe.

    And after closing programs, they do not disappear from the left window on page "App filtering": http://artlonger.fromru.com/temp/beta2app.gif

    It not problems, to work do not prevent. But has decided to tell :)
     
    Last edited: Dec 17, 2004
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi ArtLonger,
    Do you mean you were using the Lnsfw1-d1 before with no problem (this would be strange) ? or did you try the lnsfw1-d2 directly (this is Ok).

    If you added the ActivatedSoon Flag, it is normal to have now explorer.exe seen as starting the other applications. This is not the case in standard mode because explorer.exe is started before Look 'n' Stop and the driver is not yet configured.

    Try reinstalling Look 'n' Stop on top of your current installation.

    Frederic
     
  3. ArtLonger

    ArtLonger Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    9
    No, beta 1 driver i did not use. I have understood.
    But for Explorer.exe special control children programs probably are necessary. Otherwise is necessary to resolve ALL...

    And installation on top current has helped - doubles in the list are not present.
    Thanks!
     
  4. ArtLonger

    ArtLonger Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    9
    After several reboot, doubles appear again... :-(
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    You may have a virus, changing looknstop.exe.

    Frederic
     
  6. ArtLonger

    ArtLonger Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    9
    Hello, Frederic.

    Oh. It not the virus, it's my experiments...
    The program very excellent, but interface not so beautiful... (i'm sorry)
    I have made new icons, look:
    http://artlonger.fromru.com/temp/bitmap.zip

    Thanks
     
  7. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    sorry guys..but where is this d2 beta driver you're talking about? I couldn't find it mentioned anywhere else in the forum!
     
  8. ArtLonger

    ArtLonger Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    9
  9. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
  10. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    Frederic - Can you make this thread a sticky please.
     
  11. Skank!

    Skank! Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    31
    Location:
    New Zealand
    "DNSTester" & "TooLeaky" are still getting past me fior some reason...
    Can someone please suggest how I can configure LNS to stop this please??
     
  12. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    One computer has all of the above. The other only has:
    "FO2_Ok
    FO2_2_Ok
    FO3_Ok

    Should I see all the lines in the driver log?
     
  13. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Do you exclusively see these entries, or do the other driver logs come out like:
    FOx_KOy

    Correction:
    I remember that only machines running WinXP-SP2 or Win2K-SP4 get full protection for these leak tests.

    Thomas :)
     
    Last edited: Mar 3, 2005
  14. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    I must have been asleep when I posted my last thread because I never noticed the beta driver was updated from d1 to d2. I agree with with manuangi that the beginning of this thread should have the link for d2 instead of d1. Can you change it Frederic.
     
  15. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    I have some strange characters in my console driver logs after FW: and before FW1: as shown on attached image. Why are they there ?

    Another thing is that I don't see the line

    FO_Ok

    in my logs. It just lists

    FO2_Ok
    FO2_2_Ok
    FO3_Ok
    FO4_Ok
    FO5_Ok

    How come ?

    EDIT: I'm on XP Home SP2 using the latest LnS beta drivers and LnSSvc.
     

    Attached Files:

  16. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    One more thing re. the Console - the scroll position is set to the end every time a new entry is added. This can make it difficult to analyse some of the entries near the beginning because it keeps moving to the newly added entries at the bottom. Would it be possible to add a checkbox to the console so that this behaviour could be enabled/disabled by the user.
     
  17. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Good point! In this thread Frederic is the only one to report this driver log! I do not see it either.

    Maybe Frederic can help ??

    Thanks,
    Thomas :)
     
  18. Skank!

    Skank! Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    31
    Location:
    New Zealand
    "Too Leaky" is still getting past LNS for me..
    What am I doing wrong please peoples??
     
  19. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    On one computer I am missing FO_OK. The other lines are there.

    On the other computer I only have FO2_Ok, FO2_2_Ok and FO_Ok.

    Neither computer has "FOx_KOy!".
     
  20. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Just checked my LnS, with both the beta-drivers installed, LnSService and Phant0m``'s ruleset:

    FO2_OK
    FO2_2_OK
    FO4_KO1
    FO3_OK
    FO5_OK

    So FO4 seems troubled. And I'm missing FO_OK? o_O
     
  21. Lucazade

    Lucazade Guest

    My driver log says:

    FW:
    Driver Entry Win2k/XP p1
    WAN Miniport (IP) - Look 'n' Stop Driver
    VIA Rhine III Fast Ethernet Adapter - Look 'n' Stop Driver
    FW1:
    Driver Entry Win2k/XP d2.
    FO2_Ok
    FO2_2_Ok
    ReSLIN!
    FO4_Ok
    FO3_Ok
    FO5_Ok

    I'd like to know the meaning of ReSLIN! and the absence of FO_Ok .
    Thanks
     
  22. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    "FO_Ok" is present when the feature "Watch DNS Calls" (from advanced options) is enable and correctly activated.
    But this feature has to be deacticated when the flag CheckDNSQ is enabled. So it is perfectly normal to have "FO3_Ok" and no "FO_Ok".

    "ReSLIN!" is the detection of an internal event that should not occur.
    Having one at the beginning is not so problematic. If many of these events would occur it will be annoying.
    In case of another major issue, it is just interesting to know if just before, this event occured.

    Frederic
     
  23. ttchoice

    ttchoice Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    6
    yeah!!!
    been waiting for it too long!
    thx a lot!
    waiting for the Final one~~~ :D
     
  24. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Hi Frederic, thanks for the explanation of FO_OK.
    Can you tell what is the matter with FO4_KO1?
     
  25. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    This is linked to the following activation and detection:

    "CheckHSRE"=dword:00000001 => for PCAudit type detection

    The driver was not able to install the detection routine (for an unknown reason).

    I would be interest to know if you are the only one with this error.
    What is your Windows version ? did you install all SP and IE updates ?

    Frederic
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.