Ok, I have been testing quite alot lately, and I have several bugs to report. here they are.
All DCC is blocked with mIRC. (I havent tested Gaim or Miranda yet) Incoming and outgoing.
1b) identd is also blocked.
Sometimes active connections are not shown in the activity window. This includes svchost, system, and DkService.exe (Diskeeper v9). It appears this happens in conjunction with verification engine, and Launchpad. When those 2 things connect, all other info dissapears.
Some hidden processess can bypass the firewall, recently had an unknown trojan (which I’ve submitted) that completely bypassed the firewall. Another computer had incurred a downloader trojan and was able to kill the firewall process repeatedly, the error givin was unable to initialize graphical interface.
why does CPF constantly access HKCU.gif , HKCR.gif , HKCR.gif\Content Type , HKCU\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif etc etc?
the Scan For Known Application Wizard can sometimes crash and give wrong results. Fills the list with the same detected module to infinity.
Current Beta version is the version I’m using of course.
These are not configureation problems… the applications have been set to allow all connections (tcp/udp) . If I set the main traffic control to allow all, it works just fine. These connections do NOT show at all in the application monitor.
So, I don’t think this is any misconfig.
There are no alerts for telnet or remote login attempts. And I have these attempts logged by other means (peerguardian). That goes for http connection attempts also. Unfortuneately there is no way to view or log this activity with CPF…
I know the trojan bypasses the firewall becuase I had a log of the connections in peer guardian… it was a downloader trojan, 27k in size. Very nasty one… it downloaded and installed about 30 spywares and a rootkit or 2 which were progressively more difficult to remove. I ended up reformatting the machine to save time.