New Beta Driver addressing additional vulnerabilities/Leaktests.

Discussion in 'LnS English Forum' started by Frederic, Nov 12, 2004.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Is EVID4226 the workaround for running P2P-applications using the WinXP-SP2 ?

    Thomas :)
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    FO5_xx is for Copycat type detection.

    If some of FOx_yy are missing perhaps it's because the ActivatedSoon flag is not enabled .
    Another possibility is: no check were performed yet in the driver against possible usage of the vulnerabilities. You should try to start Copycat to see if FO5_xx is appearing or not in the console, or start PCAudit2 to get some FO4_xx.

    Frederic
     
  3. amano

    amano Guest

    Thanks. The second case is the cause. ;)

    After starting copycat and pcautit v6 after windows startup and then asking for the driver logs, I get

    FO4_KO1
    FO5_OK

    So the pcaudit driver fails as expected, since my WinInet.dll is updated to latest patch. The "cumulative IE updates" starting from February 8th update the WinInet.dll to versions that make the pcaudit driver fail.

    Hmm. Who tried simply downgrading this file? Would that break my system?
     
  4. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    My WinInet.dll version is 6.0.2900.2861 (3 Mar 2006) and I have FO4_Ok in my driver logs. So maybe the problem is fixed?
     
  5. RetupmocSoft

    RetupmocSoft Registered Member

    Joined:
    May 8, 2005
    Posts:
    29
    Well, EVID4226 is control how many half-open connections. (WinXP2)

    in WinXP, WinXPSP1, no define of half-open, maybe 16M connections.
    but WinXPSP2, it's default value is tight to 10 only.

    many of P2P want to open as many as possible to "exchange" information,
    so.....half-open connection limit at 10 is not enough.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Interesting, it wasn't working a while ago, but it's working just fine now. Perhaps a Windows Update? This does leave concerns about patching the file to allow something through.
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes this is interesting ;)

    Thanks for the report.

    Frederic
     
  8. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
  9. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    Sometimes MS updates like to change the connections back to 10. So you may have to run EVID4226 again if you aren't getting the same P2P performance all of a sudden. But be sure to never set it higher than 100. More than 100 can be a security risk and anything higher is not needed.
     
  10. amano

    amano Registered Member

    Joined:
    Jun 17, 2006
    Posts:
    1
    Yep. Now audit 2 is blocked again. I tested version 4.01 and version 6.33.

    My wininet.dll is from the cumulative Internet Explorer update from the June patch day (6.0.2900.2904 - 10.05.2006). It blocks the test and in the console it displays UFO4_OK.

    Again the line just displays in the console after having started the audit2 leaktest. It wouldn't be displayed otherwise (and my computer is freshly set up).

    Great that microsoft (wanted or unwantet) solved your problem. I hope that you didn't spend too much development time for this one.

    BTW, wininet.dll (6.0.2900.2861 - 04.03.2006) was released on April 11th, monthly patch day.

    Strange that alfa1 hasn't the same result with the same wininet.dll version. Or might the copycat protection be disabled otherwise on his computer?
     
    Last edited: Jun 17, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.