Bugs to Report

Scott_B · August 6, 2006, 8:55am

Ok, I have been testing quite alot lately, and I have several bugs to report. here they are.

All DCC is blocked with mIRC. (I havent tested Gaim or Miranda yet) Incoming and outgoing.

1b) identd is also blocked.

Sometimes active connections are not shown in the activity window. This includes svchost, system, and DkService.exe (Diskeeper v9). It appears this happens in conjunction with verification engine, and Launchpad. When those 2 things connect, all other info dissapears.
Some hidden processess can bypass the firewall, recently had an unknown trojan (which I’ve submitted) that completely bypassed the firewall. Another computer had incurred a downloader trojan and was able to kill the firewall process repeatedly, the error givin was unable to initialize graphical interface.
why does CPF constantly access HKCU.gif , HKCR.gif , HKCR.gif\Content Type , HKCU\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif etc etc?
the Scan For Known Application Wizard can sometimes crash and give wrong results. Fills the list with the same detected module to infinity.

ok, the rest is going on the wish list…

Scott_B · August 6, 2006, 6:05pm

Another bug, completely blocks all Gene6 incoming ftp traffic. It allows the server and the administrator, but doesn’t allow incoming connections.

nothing shows in the connection monitor.

egemen · August 6, 2006, 7:11pm

What version of CPF r u using? And what is this trojan? How do you know it bypassed the firewall?Please tell us how it happened.

The other ones are cnfiguration problems not bugs. Except the scan for known applications. Can you describe it more accurately for us to reproduce?
Thx,
Egemen

Scott_B · August 7, 2006, 7:42am

Current Beta version is the version I’m using of course.

These are not configureation problems… the applications have been set to allow all connections (tcp/udp) . If I set the main traffic control to allow all, it works just fine. These connections do NOT show at all in the application monitor.

So, I don’t think this is any misconfig.

There are no alerts for telnet or remote login attempts. And I have these attempts logged by other means (peerguardian). That goes for http connection attempts also. Unfortuneately there is no way to view or log this activity with CPF…

I know the trojan bypasses the firewall becuase I had a log of the connections in peer guardian… it was a downloader trojan, 27k in size. Very nasty one… it downloaded and installed about 30 spywares and a rootkit or 2 which were progressively more difficult to remove. I ended up reformatting the machine to save time.

panic · August 7, 2006, 8:18am

If you look at the network monitor rule for ALLOW - IP you can turn on “Enable logging if this rule is fired”. This will then record ALL activity against this rule.

Ewen

Scott_B · August 7, 2006, 7:21pm

All right thanks, I will turn logging on there and see what find…