Jump to content

"Compilation Of Tutorials, Guides, Tips & Updates"


dcs18

Recommended Posts

Undertaker
Just now, dcs18 said:

Yes, Tonec seems to be bypassing the WFC block rule for the IP 169.55.40.5 — it's under observation and yet to be determined whether it's a WFC bug (have yet to file a report with the Developer.)

It's not only the firewall, it's even bypassing my IPSec policy(last time you told me to learn it)

The IPSec behavior is same as FW, it works for sometime then even it is bypassed.

So, I don't think it's just the firewall.

What setup are you using? And how are you managing the bypass?

 

I see a UDP connection being made to svchost.exe while IDM checks for license, is it possible that it creates a proxy connection through that and connects? That would explain the weird FW behavior.

Link to comment
Share on other sites


  • Replies 7.3k
  • Views 1.1m
  • Created
  • Last Reply

Actually, my 9 month old setup was working fine but after hearing about the pop-ups, I was curious and disabled my firewall. :P

Link to comment
Share on other sites


Undertaker

In 3 years of this setup, I just received it once when the VP key arrived. This time I am surviving because of a modification in setup which I only made last month. I saw the IDM topic, someone even mentioned it changed hosts file,I think they went on full brute attack mode this time - hosts, firewall, IP, patches. :lol:

Link to comment
Share on other sites


Matter of fact, I'm using a tighter and much smaller firewall policy — radically different from the WFC tutorial published, here.

Link to comment
Share on other sites


Undertaker
Just now, dcs18 said:

Matter of fact, I'm using a tighter and much smaller firewall policy — radically different from the WFC tutorial published, here.

That's why I'm here because I saw this

15 hours ago, dcs18 said:

This bears no effect on my personal configuration — if anyone using the firewall block technique, is facing IDM pop-ups and would like the issue resolved, do let me know.

Although I'm not facing popups but its bypassing my FW.

Link to comment
Share on other sites


The implementation which I have adopted is now very stringent, micro-fine and far more secure — it also allows finer granular control over svchost.exe connections.

Link to comment
Share on other sites


Undertaker
2 minutes ago, dcs18 said:

The implementation which I have adopted is now very stringent, micro-fine and far more secure — it also allows finer granular control over svchost.exe connections.

Looking forward to it.

Link to comment
Share on other sites


Keep eyes open for also a rule created by IDM named as System — it caused that Visual Protect 3.5+ key.

Link to comment
Share on other sites


Undertaker
Just now, dcs18 said:

Keep eyes open for also a rule created by IDM named as System — it caused that Visual Protect 3.5+ key.

I have a rule named System but that was created by me, always has been since I started using WFC. But I don't have the VP key,yet. Are you saying System is allowing the connection?

BTW WFC is set to delete unsecure rules and that works perfectly

Link to comment
Share on other sites


It was merely named as System the culprit was svchost.exe firing away at destination port # 53 (which actually is a valid combination for DNS caching) — every friggin' app. and program needs to anyways make a UDP remote call or else they won't be able to connect (regardless of their actual port and IP.)

Link to comment
Share on other sites


Undertaker
6 minutes ago, dcs18 said:

It was merely named as System the culprit was svchost.exe firing away at destination port # 53 (which actually is a valid combination for DNS caching) — every friggin' app. and program needs to anyways make a UDP remote call or else they won't be able to connect (regardless of their actual port and IP.)

Yes,yes. It's the same here port 53, svchost.exe, UDP and DNS.

Link to comment
Share on other sites


Believe it or not this very same rule was further hardened on all my systems and yet each time the activation credentials are filled-up anew, IDM manages to exploit this same rule — they seem to be using a kind of DNS cache poisoning (thinking of reporting them to Microsoft — would be interesting.) :lol:

Link to comment
Share on other sites


Undertaker
3 minutes ago, dcs18 said:

Believe it or not this very same rule was further hardened on all my systems and yet each time the activation credentials are filled-up anew, IDM manages to exploit this same rule — they seem to be using a kind of DNS cache poisoning (thinking of reporting them to Microsoft — would be interesting.) :lol:

When creating svchost.exe and System rule what if we 'apply it to services only' and not to 'Apply it to all programs and services' in the services option? Would that help?

What about other firewalls, are they being bypassed too?

But like I told earlier that probably won't matter because it is also bypassing IPSec

Link to comment
Share on other sites


That is exactly what I'd done and yet got overruled — added a additional condition of DNS Client service but the DNS is exactly the route that IDM has also taken.

Link to comment
Share on other sites


Undertaker
2 minutes ago, dcs18 said:

That is exactly what I'd done and yet got overruled — added a additional condition of DNS Client service but the DNS is exactly the route that IDM has also taken.

So how are you managing the systems now? What method is being used?

Link to comment
Share on other sites


Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling. :P

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

Link to comment
Share on other sites


Undertaker
1 minute ago, dcs18 said:

Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling. :P

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

Even blocked it on your own system? 

Link to comment
Share on other sites


knowledge-Spammer
3 minutes ago, dcs18 said:

Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling. :P

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

try with Windows 10 Firewall Control

http://www.sphinx-soft.com/Vista/order.html

i have not read all comments what u trying to do ? maybe i can help ?

 

Link to comment
Share on other sites


Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

Link to comment
Share on other sites


Undertaker
Just now, dcs18 said:

Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

What about router block?

Link to comment
Share on other sites


Just now, knowledge said:

try with Windows 10 Firewall Control

http://www.sphinx-soft.com/Vista/order.html

i have not read all comments what u trying to do ? maybe i can help ?

In the hope of exploiting it's domain blocking capability, I gave it another try — but, found the GUI hopelessly messy (with tiny font everywhere) and had to give up on Windows 10 Firewall Control.

 

I have tried out Windows 10 Firewall Control. many a times but could never stick with it for more than full day.

Link to comment
Share on other sites


Undertaker
1 minute ago, dcs18 said:

Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

I had a scenario like this on my other system. and believe me nothing helped, the only thing that worked was to restore the Acronis backup and then in offline mode I setup the other system like this one to mitigate the exploit. As per my understanding from my two systems, you can prevent it but can't cure it(atleast as of now)

Link to comment
Share on other sites


4 minutes ago, Undertaker said:

What about router block?

Shall give it a try, too — in my case though, doesn't help since not all my clients use routers. :(

Link to comment
Share on other sites


knowledge-Spammer
1 minute ago, dcs18 said:

In the hope of exploiting it's domain blocking capability, I gave it another try — but, found the GUI hopelessly messy (with tiny font everywhere) and had to give up on Windows 10 Firewall Control.

 

I have tried out Windows 10 Firewall Control. many a times but could never stick with it for more than full day.

if u can or have time inbox me the program and  what u want to do ill test  and see if ways passed the problems u have ?

i not read all comments but see comment about Firewalls and like to help u guys out if i can in someways ?

Link to comment
Share on other sites


Undertaker
1 minute ago, dcs18 said:

Shall give it a try, too — in my case though, doesn't help since not all my clients use routers. :(

I'm gonna give it a try too and lessen the burden on Adguard(which I am using atm). I have 2-3 things in mind - proxy server, router block but all of them, like I said, can be used as precautionary measures rather than curing it.

Link to comment
Share on other sites


  • Matrix locked this topic

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...