CCleaner Calling Home - Kaspersky Firewall Fail

[seek]

I was surprised to see this happening to CCleaner (5.54.6939). Even after not allowing any automatic updates and blocking its access with the help of Kaspersky Internet Security (2019) firewall the program somehow manages to get past both restrictions. I only became aware when I checked router firewall log. Which in turn is the only safe haven against this kind of meddling.

 

Could you check the same flaw?

[masterupc]

I rather use Comodo CIS... it's a little hard to handle but it works like a charm... and it's free... well, if that really matters... xD

[nOkialpha]

now softwares are using DNS cache poisoning

may be some update breaks the kis/kts firewall

no calls with endpoint version

[seek]

Wish I had Endpoint! :)

What really disturbing is how users, even paid ones, are getting targeted for data.

Just feel sad to see such practices deployed by CCleaner.

Also surprised to see how KIS failed to block the access.

I think Avast has cornered them and ruined a descent product. :(

[knowledge-Spammer]

removed befor mods do it

[IamBidyuT]

"""blocking its access with the help of Kaspersky Internet Security (2019) firewall """

 

Based on your screenshot it looks like you've not restricted it through kaspersky firewall (as GREEN color).

[IamBidyuT]

For ex: If i need to disable my AMD driver auto-update check, Network restriction should be applied this way (which in result would show RED color in the Network rules column, which is in your case GREEN) .

 

 

[a61a]

put the updater to untusted section , and also check hidden network access in (Rights tab)

[qwerty77]

Just delete the emergency updater file. It won't make the program unusable.

[mp68terr]

Ccleaner is a mess now... Which version (cleaning, not spying) would be recommended?

[neeraj]

18 hours ago, mp68terr said:

Ccleaner is a mess now... Which version (cleaning, not spying) would be recommended?

I have version 5.39 installed and it doesn't spy on me. Yet. 🙄

[seek]

On 12/26/2018 at 4:18 PM, IamBidyuT said:

For ex: If i need to disable my AMD driver auto-update check, Network restriction should be applied this way (which in result would show RED color in the Network rules column, which is in your case GREEN) .

 

 

 

Permissions are inherited so here you see a faded red color instead of a bold one. The green color is on Trusted group of programs. Also note there has been no data transmitted ever since its installation.

 

 

On 12/27/2018 at 9:21 AM, mp68terr said:

Ccleaner is a mess now... Which version (cleaning, not spying) would be recommended?

 

I have 5.25. It's very old but does the job.

[Jack3]

There's a very good way to prevent Ccleaner from autoupdating, developed by comss.ru' staff. Start Task Scheduler. Open Task Scheduler Library. Choose Ccleaner Update, right click - delete. Go to C:\Program Files\CCleaner and delete CCUpdate.exe https://www.comss.ru/page.php?id=5394 This solved it for me.

[nOkialpha]

On 12/26/2018 at 1:30 PM, seek said:

Wish I had Endpoint! :)

What really disturbing is how users, even paid ones, are getting targeted for data.

Just feel sad to see such practices deployed by CCleaner.

Also surprised to see how KIS failed to block the access.

I think Avast has cornered them and ruined a descent product. :(

endpoint key

https://www.nsaneforums.com/topic/309918-kaspersky-endpoint-security-11-final-for-windows/?do=findComment&comment=1410234

 

Endpoint Download Index

http://aes.kaspersky-labs.com/

yes avast ruined Ccleaner instead of improving Ccleaner they are doing unnecessary things.

as suggested by some users Delete CCupdate.exe. ccupdate has no importance in functioning of ccleaner.

[seek]

 

7 hours ago, Jack3 said:

There's a very good way to prevent Ccleaner from autoupdating, developed by comss.ru' staff. Start Task Scheduler. Open Task Scheduler Library. Choose Ccleaner Update, right click - delete. Go to C:\Program Files\CCleaner and delete CCUpdate.exe https://www.comss.ru/page.php?id=5394 This solved it for me.

 

I have already disabled many programs through Task Scheduler already.

 

4 hours ago, nOkialpha said:

endpoint key

https://www.nsaneforums.com/topic/309918-kaspersky-endpoint-security-11-final-for-windows/?do=findComment&comment=1410234

 

Endpoint Download Index

http://aes.kaspersky-labs.com/

yes avast ruined Ccleaner instead of improving Ccleaner they are doing unnecessary things.

as suggested by some users Delete CCupdate.exe. ccupdate has no importance in functioning of ccleaner.

 

Endpoint keys getting blocked quickly and that would be a risky trade-off. I surely will try though.

[seek]

On 12/25/2018 at 2:17 PM, nOkialpha said:

now softwares are using DNS cache poisoning

may be some update breaks the kis/kts firewall

no calls with endpoint version

 

Just finished testing with Endpoint. Does not work! This begs the question though. Are there any alternatives to CCleaner?

 

[nOkialpha]

18 hours ago, seek said:

 

Just finished testing with Endpoint. Does not work! This begs the question though. Are there any alternatives to CCleaner?

  

now i can't say why it is not working for you

Ccleaner alternative is R-wipe & Clean

 

https://www.nsaneforums.com/topic/329731-r-wipe-clean-200-build-2221/

 

 

[seek]

On 1/1/2019 at 12:34 PM, nOkialpha said:

now i can't say why it is not working for you

Ccleaner alternative is R-wipe & Clean

 

https://www.nsaneforums.com/topic/329731-r-wipe-clean-200-build-2221/

 

I went back to tried and tested good old version 5.25!

Went all the way back and reinstalled entire PC this time.

No callback to home so far. Hope it stays that way.

Lost the Endpoint license though.

 

Thank you to everyone for taking the time out.

 

Windows 10 1809 won't allow execution of above version once you have installed latest Windows Updates, so only have to use the latest one by CCleaner. This is unfortunate to see MS unnecessarily revoking permission of perfectly fine app.

[Ecarion]

On 12/31/2018 at 6:40 PM, seek said:

Are there any alternatives to CCleaner ?

As you can see, there is a lot of choice.

I had accept to reply this time that's why you are lucky today. But I rather to warn you, the next time I might decide to refuse. Damn right, that's correct this information is very very very easy to find...

 

PS  : Did you take the time to make a little research ? Too busy or lazy ? Nothing personal and no offense but sometimes there is just too many lazy people in just one day or a week...

Basically, I made the choice to be nice this day. So you must don't forgot it, neither my advice and my warning : avoid to pretend you didn't know the fact you can use one search engine (such as DDG, etc).

 

On 12/27/2018 at 10:21 AM, mp68terr said:

Ccleaner is a mess now... Which version (cleaning, not spying) would be recommended?

There is another way :

1. Create one rules (inside the firewall) to block totally the program
2. Download the good file ! Because I assume you aren't aware about the CCleaner-Portable (which is always available (on this page)  CCleaner-Builld) and doesn't have any toolbar (adware, neither the file CCupdate.exe, etc)

[mp68terr]

2 hours ago, Ecarion said:

On 12/27/2018 at 10:21 AM, mp68terr said:

Ccleaner is a mess now... Which version (cleaning, not spying) would be recommended?

There is another way :

1. Create one rules (inside the firewall) to block totally the program
2. Download the good file ! Because I assume you aren't aware about the CCleaner-Portable (which is always available (on this page)  CCleaner-Builld) and doesn't have any toolbar (adware, neither the file CCupdate.exe, etc)

I always download the portable version from the builds page.
1. The FW blocks connections by default. Ccleaner is never allowed to connect to the network.
2. Even if ccupdate.exe is not listed, updates and privacy/data collections are displayed in the options. Unchecking these options does not mean that they are not applied anyway. For these reasons I would not call the portable version as a  'good file' anymore.
Still wondering which version is recommended, likely one released before or just after ccleaner was sold.

[Ecarion]

3 hours ago, mp68terr said:

Unchecking these options does not mean that they are not applied anyway.

Really ? From my point of view, it can't be.

Because even if that's true, CCleaner is a very popular software. Then could explain me why there is nothing (article, warning, etc) over the internet ?

3 hours ago, mp68terr said:

Ccleaner is never allowed to connect to the network.

For that reason it's my opinion ? As you can guess, the answer is just there (you just have to read this quote once more).

• Which firewall do you use ?
• You don't trust the firewall ? Could give us any real good reason ?
• Did you check your rules ? Don't you think perhaps you have made a mistake ?

3 hours ago, mp68terr said:

The FW blocks connections by default.

Don't you think you are a little parano ?

In this case, you can use a software like WireShark. Otherwise you can also replace the firewall by another one.

Do you believe CCleaner is a malware ?  Unless you can give use a good prove, there is nothing to be worry about.

Like you said, it's block that's why it won't agree with you. Basically, I don't see how it could be ? No it can't bypass the firewall.

 

[Walkeros]

ditch ccleaner, its just a data mining tool for avast now, there are better alternatives

[mp68terr]

Hi @Ecarion,

The FW is comodo FW. AFAIK and according to the settings, the user has to authorize the traffic, otherwise it's blocked.

Regarding Ccleaner leaking data, I think that it has been discussed here on nsaneforums, data going through even if the related options are not selected. This leak is indeed supposed to be blocked by the FW.

[seek]

15 hours ago, Ecarion said:

As you can see, there is a lot of choice.

I had accept to reply this time that's why you are lucky today. But I rather to warn you, the next time I might decide to refuse. Damn right, that's correct this information is very very very easy to find...

 

PS  : Did you take the time to make a little research ? Too busy or lazy ? Nothing personal and no offense but sometimes there is just too many lazy people in just one day or a week...

Basically, I made the choice to be nice this day. So you must don't forgot it, neither my advice and my warning : avoid to pretend you didn't know the fact you can use one search engine (such as DDG, etc).

 

 

That's the problem you see. There are too many out there. So I had asked about it. And why are you being so rude by the way? I don't know if you were joking or serious. @Crazycanuk How such behavior is allowed by someone so experienced like @Ecarion?

 

7 hours ago, Walkeros said:

ditch ccleaner, its just a data mining tool for avast now, there are better alternatives

 

I removed CCleaner and opted for a manual and a tiresome cleaning. Please share which one is your preferential alternative to CCleaner. That would help.

[Niagara73]

I have solved this kind of issue with CCleaner (or any other program), by blocking it using the Windows Firewall.

The rule is simple to make: Block outbound program CCupdate.exe (and delete it from your CCleaner folder. :)

Another rule for CCleaner64.exe or CCleaner.exe depend if you are using windows 64 or 32 bit.

I use also the Comodo Firewall 11.0.0.6744,  but was tired to see the outbound logs filled by CCleaner.