ZAbypass

[Guest]

[korben]

Net Sec Policy : block
Comp Sec Policy: isolated

Fail

any ideas why? I know I'm missing some of the settings from Proactive... I've got it configured the way useres of the forum had suggested, yet I need to work it out w/t Proactive since when it is ON I simply cannot acces this file but that's not the point.

[EricJH]

What test are you failing? What does ZAbypass mean?

[gleach]

bypass zone alarm firewall tool

[korben]

the full name of the test is Bypassing Personal Firewall (Zone Alarm Pro)
it's designed for ZAP but apparently should work with ANY other

[Quill]

Hi Korben, the leaktest uses DDE to try and bypass the firewall. Would you mind providing a little more information, please.

The Net Sec Block was applied to what? I assume the Com Sec Policy was applied to  zabypass.exe?

Thanks

[korben]

Quill is here!

Yes, you are right as for zabypass.exe

Basically what I did was apply my knowledge gathered during other tests/leaks but it didn't work this time.

on a side note, still new thing to me so sometimes you guys post assuming I know what you're talkin about and sometimes I post assuming it's obvious - but I'm learning thanks to you so dont give up on me lol

[Quill]

If we start speaking gibberish, just tell us, especially me

[korben]

Roger that!

hehe

so? what am I supposed to do with comodo FW to PASS the freakin test?

[EricJH]

Where can I download the test?

[Bad Frogger]

http://www.testmypcsecurity.com/securitytests/zabypass.html

[Quill]

Hi korben, see the attached screen shots for what happens when I run zabypass:

The first alert zabypass is making a call to csrss.exe (the client server subsystem) This is not terribly significant in itself, but it would probably make me want to see what happens next.

The second alert has zabypass making a call to firefox (substitute your browser here) Personally, unless I knew specifically what zabypass was, it would be stopped at this point.

The third alert is the most strange, firefox making a call to a COM (Component Object Model) interface. That would definitely set my radar off.

The documentation says zabypass uses the DDE-IPC protocol, well DDE is not COM but IPC messaging is part and parcel of both. Without knowing exactly what zabypass is doing behind the scenes, it's hard to know how it uses IPC (Inter Process Communication) exactly.

 

[korben]

Appreciate the input, mate! 

It's still rather complicated... 

let me break it down like this 

I use Installer_Updater config, I run the zabypass.exe, I change the config to Proactive and... trying to run the test I clearly see that nothing happens, i.e. no popup window appears, which is good, right?

Perhaps in the near future I will find some time to analyze the issue in detail.

[Quill]

Apologies, I'm not sure I follow the first part of your break down. zabypass is just a single executable, there's nothing to install. That aside, I'm surprised you don't receive any kind of pop-up when it attempts to access the Internet. What are your security settings for the firewall and D+, aside from running proactive.

[layman]

I did this test and CIS easily passed it. You said you use 'installer updater' configuration do that mean you selected 'installer' in the predetermined policy when the alert came up??? If yes, defense+ will definitely give it a clean chit.

When the exe try to inject it into IE block it... but once injected you get the alert that IE (which is safe) try to connect internet, which nobody will doubt for that matter... But blocking it to connect definitely works.

[korben]

I followed these instructions:

http://forums.comodo.com/feedbackcommentsannouncementsnews_cis/configuring_cis_for_maximum_security_with_zero_alerts_disccusion-t41405.0.html

[Tags:]