D+ alerts are recieved after disabling it

[Guest]

[aditya_dmj]

hello to all

win xp sp3(x86)
cfp 3.025.378

my first install of cfp was without D+ but with recommended leak protection.

after checking the stealth port on grc.com port 0,1 were not found stealth.

understood it can not stealth your port ( I had reprted this appx 3-4 month back in another version)

so no point in having leak protectio so I uninstalled it and reinstalled it witout D+ and leak protection

after reboot I recieved surprisingly few Defense + alert.

after that i moved the slider to disabled now i am not recieving them ,even when slider is moved to paranoid mode

( why it happened?)

2- guard32.dll is present in every loded application, although D+ and leak protection is not installed.

it is also present registry in appinit_dll = gurd32.dll

should these be removed manually

diagnostic does not detect any error

Regards

adi

[DaRtH VaDeR.]

Good Day!

As far as I know, when you install the firewall you have the option to install the firewall with the HIPS fully enabled or the firewall with the HIPS partly enabled... This means the files of the HIPS application will be present even if you disable it manually.... there is no need to delete the pointed files manually, because the HIPS is set to sleep basically...

That you found some  not stealth ed ports is a bit weird in my opinion, if you use the standard configuration you should be well protected.... You can always tighten up the security by changing the sliders and you can use the stealth port wizard to tighten up your security...

Let me know if things worked out for you!

have a nice day!

(V)

[aditya_dmj]

actually my english is poor.

In fact I installed

Firewall ('Leak Protection' option NOT checked)-  This option is only recommended for experienced firewall users that have alternative Host Intrusion Prevention software installed on their systems.  Choosing this option will install ONLY the packeting filtering network and will not offer leak protection - essential for blocking malicious software (like worms and trojans) from making outgoing connection attempts. This isn't to say this option is an unwise choice (the network firewall is one of the strongest available - offering highly effective and configurable inbound and outbound protection) but it is important to realise that, on it's own, it does not offer the leak protection afforded by Defense+.

regarding some ports ( especially port 0,1 ) which are not stealth but are closed I am not much concerned as the ports are in close state= SAFE. ( so nothing to worry much).

but since as I had run the stealth port wizard they(ports) should have been in stealth mode.

As they(ports) were not, so i thought something is wrong with the basic working of program and decided to post here , so that dev. can look into the problem.

regarding removing the entries for guard32.dll from registry or renaming it, I am not going to do it, as i am not the coder , so i really dont know what it does.

after reading in some post i came to know it should not be present in registry if basic firewall is installed only.

diagonastic iresult sre ok

I was in doubt about this particular entry( guard32) so posted here to get the correct answer and work around.

let me very specific are my settings in registry about guard32.dll are correct.

HKLM\SW\MS\WINNT\WINDOWS\appinit=guard32.dll these are my settings

post has become long because of poor english  please bear with me.

Thanks and regards

adi

[gibran]

Leak protection and port stealthing are two different things.
Leak protection is meant to protect against application hijacking that could result in malware gaining internet access without your consent.

Port stealthing is intended to prevent anyone who attempt to portscan your host from internet to know what ports are opened/closed on you PC.

I canot possibly know the reason why Port 0-1 are not stealthed on your PC nor I know for sure if port stealthing can be archieved in all cases (eg if there is a service that listen on ports 0-1).

It could prove useful to post a specific bugreport about port stealthing and add some related infos about your PC configuration (eg if you are behind a NATted LAN or if you use a bridged modem. a netstat -noa output).

[aditya_dmj]

hello to all

My pc configuration is
 Core2duo E6300 1.8Ghz
Ram 1 Gb DDR2 533MHz
MB Intel original 946GZIS

I am not behind any nat, router except the adsl broadband mdem with built in nat and firewall

I am posting the results

Same modem (No configuratin change made) windows firewall test status = passed
same modem(-do-)         Comodo Fw with recomended D+ installed  TEST status = Passed

same modem (-do-)   Comodo Fw without D+ (leak protection there)  Test status = failed on port 0,1

However firwall clears the test if you add this in global rules before stop all

aloww TCP/UDP src any srcport any destany dest port 2-65535

same modem(-do-) comodo Fw without D+(i.e basic firewall only) Test status = failed on port 0,1

same modem checked on my vista laptop home prem with in built firewall test status = passed

To be specific firewall is failing this test only if you are not installing D+ and these results are  reproducible on difrent machines ( tested on neighober machines)

I have attached the output of CFP script

Regards

Adi

[gibran]

Thanks for providing the additional infos although it would have prove useful to crete a different topic about the 0-1 non stealthed port issue.

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW  DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools, COMODO Vulnerability Analyzer  1.1.3.29, Comodo Disk Shield 1.0.1.18, Logitech Setpoint 4.60.122

My pc is located behind a router and NAT is enabled

I specifially installed CFP 3.0.25 Firewall only mode without leak protection.

Shieldup All Service ports test resulted in ThruShealth rating (all ports stealthed).
I did not receive any Defense+ altert either after reboot.


As far I know if there is no port forwarding or uPNP rule in the router settings CFP cannot possibly handle inbound connections originated by grc.com shieldsup.

[panic]

I believe that guard32.dll is there to prevent the firewalls processes being terminated.

Ewen :-)

[aditya_dmj]

hello sir,

sorry for posting incomplete info.

here i am uploading the results of msinfo32.exe , which is having all the details of signed drives, system drivers and loaded modules.

general configuration of my system is

Avast Av 4.8 Home (Only one security suite)

No games
Cfp 3.025.378

all other common every day use software.


Regards

Adi

edit : systeminfo deleted at users request - panic

[panic]

Hi adi,

This is really odd!

Logically, if you're behind a routing type device, when you run the GRC ShieldsUp test, they are basically sending a series of pings to ports of your publicly assigned address. This public IP is assigned to you by your ISP and is attached to the outward facing side of your router device. When you run the GRC test, your request contains your public IP address, as your private IP address (the 192.168.X.X one) is non-routable.

When the GRC server starts the test, the only IP address it knows about, in relation to you, is the public one, which is your router, not your PC. Consequently, the results reflect the answers GRC received from your modem, not from your PC.

I can't explain why you're getting different results when trialling different modes of CFP, as CFP cannot alter the configuration of your modem and the GRC tests never actually get to your software firewall (unless you have specifically forwarded ports).

Odd. I'll keep my eye on this thread.

Cheers,
Ewen :-)

[aditya_dmj]

first i would like to thank you panic for accepting the request i made to you.

ya I also cannot understand these results

however when i test my laptop running vista with the same adsl router modem ,using vista inbuilt firewall tests are passed.

it appears that nat and firewall feature of my modem is either not working.
Oh i forgot to mention one thing my subnet is 255.255.255.0

this means the nat and router on my adsl modem does not acts on my computer alone but on the other hand it provides nat and firewall services to all ISP subscriber falling in subnet.

i think this is the job of ADSl router.

The only problem is these results were reproduced on Acer S series comuter running xp(an old m/c of my neighbour)

any  way i am eagerly waiting for new update of CFP

till then as usual   (L)

regards

adi

[Tags:]