Installed CPF 2.3.1.20 BETA on XP SP2.
Let the wizard allow everything on the local segment.
It seemed to be working correctly for half a day, when all of a sudden CPF started blocking everything.
I cannot even access my router on 192.168.1.1
Reboots do not help.
Setting the firewall to “Allow Everything” does not help.
Check you r logs and see if your getting flooded / attacked. This condition could arise if your IP was being constantly probed and CPF would detect this and put itself into energency mode by shutting down all comms for a set period and then retesting. If the attack is continuing, emergency mode stays on.
Once in a while CPF will say that some application tried to use IE to access the net. If I then block it, nothing else will be able to access the net until I reboot.
“iexplore.exe has tried to use svchost.exe through OLE Automation”. If this is the case, you dont need to block this attempt because both applications are safe.
But if CPF asked you some unsafe application tried to use iexplore.exe and you blocked it, only that particular instance of IE will be blocked. This should not resist if you close and start another IE instance.
Blocking svchost.exe can cause such symptoms. Make sure you dont have a blocking rule for svchost.exe in your application rules. And If CPF reports OLE Automation for svchost.exe, unless there is no unsafe application in the security considerations, you can safely allow.
Well, if you had just installed IZarc, updated it or changed it’s configuration then it would have messed with explorer.exe via OLE. CPF is just warning you of that fact. It’s like this… IE’s parent is explorer and something just OLEed explorer, since you tried to use IE (or even something else that uses IE)… hence the warning.
I raised this issue in another topic CPF Confused?. Different program… But, I’ll think you’ll agree the same thing.
It’s been some time since I did low-level Win32 programming but I don’t remember anything special about the parent-child relationship (except inheriting some handles when the child process starts, but I think that it would take a really flaky application to exploit that).
Also, as I recall, SendMessage(), PostMessage() and friends do not care about parent/child relationship.