wallbreaker and process Guard

hi , i am running Process Guard v. 1.3000 and tried the leaktests
that i was refered to in the help-file.

But Wallbreaker (see
http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/leaktest11.htm

At the 2nd test..... Wallbreaker succeeded !?!

1) Did i overlooked something by the configuration or adding files in PG ?

2) Is there a way to prevent IE (which i normally don't use)
to be started from another Application.

thanks ....
Albert

 

Hi unixmagic, welcome on wilder security forums

I'm the author of Wallbreaker, so i think i can explain your issue, at worst, DCS will correct me.

No, PG protects processes from being terminated or modified, so to speak, from being attacked.
Wallbreaker does not attack any process, it doesn't terminate nor inject code, but rather uses Windows normals functions to launch windows standard executables with parameters.

For the test 2, WB just calls IE executable and gives it an url as paramater (iexplore.exe http://www.google.com) it's a normal windows call, nothing is attacked, so PG has nothing to block.

PG blocks very well leaktests that the firewalls are unable to block such as Copycat which attacks a process to inject code in it.

With windows options, it's may be possible to remove iexplore.exe from "c:\windows\system32\dllcache" and then from "program files", but i guess that windows will copies it again.

It is however possible with any sandboxe or application filtering softwares to deny IE execution.
It's very efficient, and no malware can do anything about it.


So don't worry, PG does it job

 

ok, for the record my Seagate Firewall blocked Internet Explorer,
But i thought that process Guard would do this. (in this testcase)
So for test i allowed IE access (normally not/i use Mozilla)
I've tried to remove IE in the past, but that was not a good idea.
I got a lot of problems, f.i. with explorer.exe
But blocking it with a firewall works for me.

Thanks for the help GKWEB !

 

stay tuned... next PG version is a lot better... trust me

 

I don't know what i can show or not from the current beta, so i show you a screenshot of a part of the main GUI :


enjoy

(good tease isn't it ?)

 

sorry, but i can't see the JPG only the link,
and i am very curious, how can i become a beta-tester ?

 

Hi unixmagic, There is none, that is the tease

But the new version will be Version 2 and not V1.400, so many new features.

As for your question about beta testing. DCS select testers (or teasers in GK's case) that have shown that they are deeply interested in DCS products &, that willingly help other users through their post here and at the DCS forums, there are no technical qualifications as such, many testers are ordinary users so that user friendliness can be taken into account.

HTH Pilli

 

since i am your antipode, i thought that i was looking at the back-side of the picture :>)

But you can at least tell me when the new release is expected.