wallbreaker and process Guard

Discussion in 'ProcessGuard' started by averhuls, Mar 11, 2004.

Thread Status:
Not open for further replies.
  1. averhuls

    averhuls Guest

    hi , i am running Process Guard v. 1.3000 and tried the leaktests
    that i was refered to in the help-file.

    But Wallbreaker (see:)
    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/leaktest11.htm

    At the 2nd test..... Wallbreaker succeeded !?!

    1) Did i overlooked something by the configuration or adding files in PG ?

    2) Is there a way to prevent IE (which i normally don't use)
    to be started from another Application.

    thanks ....
    Albert
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi unixmagic, welcome on wilder security forums :)

    I'm the author of Wallbreaker, so i think i can explain your issue, at worst, DCS will correct me.

    No, PG protects processes from being terminated or modified, so to speak, from being attacked.
    Wallbreaker does not attack any process, it doesn't terminate nor inject code, but rather uses Windows normals functions to launch windows standard executables with parameters.

    For the test 2, WB just calls IE executable and gives it an url as paramater (iexplore.exe http://www.google.com) it's a normal windows call, nothing is attacked, so PG has nothing to block.

    PG blocks very well leaktests that the firewalls are unable to block such as Copycat which attacks a process to inject code in it.


    With windows options, it's may be possible to remove iexplore.exe from "c:\windows\system32\dllcache" and then from "program files", but i guess that windows will copies it again.

    It is however possible with any sandboxe or application filtering softwares to deny IE execution.
    It's very efficient, and no malware can do anything about it.


    So don't worry, PG does it job ;)
     
  3. averhuls

    averhuls Guest

    ok, for the record my Seagate Firewall blocked Internet Explorer,
    But i thought that process Guard would do this. (in this testcase)
    So for test i allowed IE access (normally not/i use Mozilla)
    I've tried to remove IE in the past, but that was not a good idea.
    I got a lot of problems, f.i. with explorer.exe
    But blocking it with a firewall works for me.

    Thanks for the help GKWEB !
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    stay tuned... next PG version is a lot better... trust me ;)
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I don't know what i can show or not from the current beta, so i show you a screenshot of a part of the main GUI :


    enjoy :D

    (good tease isn't it ?)
     

    Attached Files:

  6. averhuls

    averhuls Guest

    sorry, but i can't see the JPG only the link,
    and i am very curious, how can i become a beta-tester ?
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi unixmagic, There is none, that is the tease ;)

    But the new version will be Version 2 and not V1.400, so many new features.

    As for your question about beta testing. DCS select testers (or teasers in GK's case) that have shown that they are deeply interested in DCS products &, that willingly help other users through their post here and at the DCS forums, there are no technical qualifications as such, many testers are ordinary users so that user friendliness can be taken into account.

    HTH Pilli
     
  8. averhuls

    averhuls Guest

    since i am your antipode, i thought that i was looking at the back-side of the picture :>)

    But you can at least tell me when the new release is expected.

    :D
     
Thread Status:
Not open for further replies.