Cannot block application update opening web page

I have a small application that I initially allowed to access the internet for update. All it does is open their web page and I guess that’s not harmful. As it’s a screen recorder I don’t want to allow any access to the Internet. I went into Network Security Policy and deleted the permission. I defined the application as a new Blocked application. It still opens the web page.

Hello :slight_smile: and Welcome to the forums.

To block an application from opening a webpage, you may simply go to Defense+ > computer security policy > find the app > Edit > Edit/Modify “Run an executeable” > Blocked applications > Add > (Open your browser that it opens when it shows the website) > Browse By Running Process > find the process “opera.exe for Opera” “Firefox.exe” for firefox" “iexplore.exe” for Internet Explorer etc etc
then Select Apply/OK until you get back to the CIS window and you may close it

Did this help?

Jake

No it did not help. Already blocked it, see last two sentences of my post.

When I was messing around trying to block, some filename to do with “documents and settings” appeared in the text box. It was too long to read, could not be copied nor selected nor did a mouseover show the full path. So I’ve no idea what that was, really useful.

I remove the url link for the web page in the Program Files folder but that did not help.

I ran sysinternals Filemon when the app called up the web page. There was a bunch of stuff but here are three of the lines (which were not consecutive):

10:49:13 PM screenrecorder.:2352 OPEN C:\WINDOWS\system32\urlmon.dll.123.Config NOT FOUND Options: Open Access: 001200A9
10:49:13 PM screenrecorder.:2352 QUERY INFORMATION C:\Program Files\Qualcomm\Eudora\EuShlExt.dll SUCCESS Attributes: A
10:49:13 PM screenrecorder.:2352 QUERY INFORMATION C:\Documents and Settings\Owner\http:\www.nbxsoft.com NAME INVALID Attributes: Error

The Eudora was rather curious as it’s my default email.

Just to clarify, did you actually try what Jacob suggested, or did you just figure you had already blocked it?

Unless I am reading this wrong, you’ve blocked the application so it can’t connect to the internet. However, the application isn’t connecting to the internet, your web browser is. This is why Jacob explained how to stop the application from being able to open your web browser. However, from the looks of what Filemon displayed, I’d also block access to your email reader…

You were right to ask. I had blocked in the Network Security Policy. Using Defence+ seems a strange way to stop accessing the Internet. If the firewall is blocking the application as I had set up, it should stop access by all means including use of other apps. If the subject app had sent an email without showing me, how would I know the event had occurred so I could block it? Suppose it had quickly closed the browser so I did not notice? My previous experience was with ZoneAlarm and all you had to do was to block the app and that was it.

Edit: I add that the web page is still appearing. I have Firefox listed in “Blocked Applications” of the “Run an Excecutable” dialog. In the Access Rights I have tried “Ask” and “Block” but neither work. I’ve cleared History for the past few days in case it’s calling up the page from memory rather than from the Internet.

What version of CIS are you using?

5.0.163652.1142

Lets pretend that Your Screen Recorder is called screen.exe

CIS > Defense+ > Defense+ Settings > Make sure create rules for safe application is Checked
CIS > Firewall > Firewall Settings > Make sure create rules for safe application is checked

Lets Edit screen.exe rules
CIS > Defense+ > Computer Security Policy
highlight screen.exe > Edit (It should be a custom policy) > Cusomtize
Block DNS Client Service
Modify Run An Executable > Blocked Applications > Add Your Browsers (Including iexplore.exe)
Apply/Ok
Modify Interprocess Memory Accesses > Blocked Applications > Add Your Browsers (Including iexplore.exe
Apply/Ok Until You are back at CIS

Firewall > Network Security Policy > Purge > Click Yes / Ok > Find Screen.exe > Edit > Use a predifened Policy > Blocked Application

hope this helps!

Jake

Your instructions certainly helped in my understanding of the settings. To date the website is still being accessed. I note FYI that when the app starts there is a dialog asking if I want to do an update. Normally I would say No but for the purposes of testing the blocking I am clicking Yes for an update.

A couple of things you did not mention:

I checked the Run an Executable as Ask (with browsers blocked)
I checked the Interprocess Memory Accesses to Allow (with browsers blocked)

As I previously commented re Zonealarm, I sort of expected the
Firewall > Network Security Policy > Purge > Click Yes / Ok > Find Screen.exe > Edit > Use a predifened Policy > Blocked Application
to stop all internet access from the app. Otherwise, do I have to list my newsreader, email client etc in those Blocked Application dialogs. The idea is to stop the app accessing the Internet by all means. It could just as easily send an email.

Edit: I went back to the application several hours later and now it seems the web page is being blocked. I made no changes in the interim.