"Compilation Of Tutorials, Guides, Tips & Updates"

[Undertaker]

Just now, dcs18 said:

Yes, Tonec seems to be bypassing the WFC block rule for the IP 169.55.40.5 — it's under observation and yet to be determined whether it's a WFC bug (have yet to file a report with the Developer.)

It's not only the firewall, it's even bypassing my IPSec policy(last time you told me to learn it)

The IPSec behavior is same as FW, it works for sometime then even it is bypassed.

So, I don't think it's just the firewall.

What setup are you using? And how are you managing the bypass?

 

I see a UDP connection being made to svchost.exe while IDM checks for license, is it possible that it creates a proxy connection through that and connects? That would explain the weird FW behavior.

[dcs18]

Actually, my 9 month old setup was working fine but after hearing about the pop-ups, I was curious and disabled my firewall.

[Undertaker]

In 3 years of this setup, I just received it once when the VP key arrived. This time I am surviving because of a modification in setup which I only made last month. I saw the IDM topic, someone even mentioned it changed hosts file,I think they went on full brute attack mode this time - hosts, firewall, IP, patches.

[dcs18]

Matter of fact, I'm using a tighter and much smaller firewall policy — radically different from the WFC tutorial published, here.

[Undertaker]

Just now, dcs18 said:

Matter of fact, I'm using a tighter and much smaller firewall policy — radically different from the WFC tutorial published, here.

That's why I'm here because I saw this

15 hours ago, dcs18 said:

This bears no effect on my personal configuration — if anyone using the firewall block technique, is facing IDM pop-ups and would like the issue resolved, do let me know.

Although I'm not facing popups but its bypassing my FW.

[dcs18]

The implementation which I have adopted is now very stringent, micro-fine and far more secure — it also allows finer granular control over svchost.exe connections.

[Undertaker]

2 minutes ago, dcs18 said:

The implementation which I have adopted is now very stringent, micro-fine and far more secure — it also allows finer granular control over svchost.exe connections.

Looking forward to it.

[dcs18]

Keep eyes open for also a rule created by IDM named as System — it caused that Visual Protect 3.5+ key.

[Undertaker]

Just now, dcs18 said:

Keep eyes open for also a rule created by IDM named as System — it caused that Visual Protect 3.5+ key.

I have a rule named System but that was created by me, always has been since I started using WFC. But I don't have the VP key,yet. Are you saying System is allowing the connection?

BTW WFC is set to delete unsecure rules and that works perfectly

[dcs18]

It was merely named as System the culprit was svchost.exe firing away at destination port # 53 (which actually is a valid combination for DNS caching) — every friggin' app. and program needs to anyways make a UDP remote call or else they won't be able to connect (regardless of their actual port and IP.)

[Undertaker]

6 minutes ago, dcs18 said:

It was merely named as System the culprit was svchost.exe firing away at destination port # 53 (which actually is a valid combination for DNS caching) — every friggin' app. and program needs to anyways make a UDP remote call or else they won't be able to connect (regardless of their actual port and IP.)

Yes,yes. It's the same here port 53, svchost.exe, UDP and DNS.

[dcs18]

Believe it or not this very same rule was further hardened on all my systems and yet each time the activation credentials are filled-up anew, IDM manages to exploit this same rule — they seem to be using a kind of DNS cache poisoning (thinking of reporting them to Microsoft — would be interesting.)

[Undertaker]

3 minutes ago, dcs18 said:

Believe it or not this very same rule was further hardened on all my systems and yet each time the activation credentials are filled-up anew, IDM manages to exploit this same rule — they seem to be using a kind of DNS cache poisoning (thinking of reporting them to Microsoft — would be interesting.)

When creating svchost.exe and System rule what if we 'apply it to services only' and not to 'Apply it to all programs and services' in the services option? Would that help?

What about other firewalls, are they being bypassed too?

But like I told earlier that probably won't matter because it is also bypassing IPSec

[dcs18]

That is exactly what I'd done and yet got overruled — added a additional condition of DNS Client service but the DNS is exactly the route that IDM has also taken.

[Undertaker]

2 minutes ago, dcs18 said:

That is exactly what I'd done and yet got overruled — added a additional condition of DNS Client service but the DNS is exactly the route that IDM has also taken.

So how are you managing the systems now? What method is being used?

[dcs18]

Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling.

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

[Undertaker]

1 minute ago, dcs18 said:

Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling.

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

Even blocked it on your own system? 

[knowledge-Spammer]

3 minutes ago, dcs18 said:

Have blocked IDM on all client machines (and also blacklisted it from running.)

 

All are running EagleGet and grumbling.

 

Have tried Windows 10 Firewall Control — may lookup COMODO once again if I get the time.

try with Windows 10 Firewall Control

http://www.sphinx-soft.com/Vista/order.html

i have not read all comments what u trying to do ? maybe i can help ?

 

[dcs18]

Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

[Undertaker]

Just now, dcs18 said:

Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

What about router block?

[dcs18]

Just now, knowledge said:

try with Windows 10 Firewall Control

http://www.sphinx-soft.com/Vista/order.html

i have not read all comments what u trying to do ? maybe i can help ?

In the hope of exploiting it's domain blocking capability, I gave it another try — but, found the GUI hopelessly messy (with tiny font everywhere) and had to give up on Windows 10 Firewall Control.

 

I have tried out Windows 10 Firewall Control. many a times but could never stick with it for more than full day.

[Undertaker]

1 minute ago, dcs18 said:

Not on mine — need to figure this out.

 

But, toward the end of a download, I'm getting a deactivation.

I had a scenario like this on my other system. and believe me nothing helped, the only thing that worked was to restore the Acronis backup and then in offline mode I setup the other system like this one to mitigate the exploit. As per my understanding from my two systems, you can prevent it but can't cure it(atleast as of now)

[dcs18]

4 minutes ago, Undertaker said:

What about router block?

Shall give it a try, too — in my case though, doesn't help since not all my clients use routers.

[knowledge-Spammer]

1 minute ago, dcs18 said:

In the hope of exploiting it's domain blocking capability, I gave it another try — but, found the GUI hopelessly messy (with tiny font everywhere) and had to give up on Windows 10 Firewall Control.

 

I have tried out Windows 10 Firewall Control. many a times but could never stick with it for more than full day.

if u can or have time inbox me the program and  what u want to do ill test  and see if ways passed the problems u have ?

i not read all comments but see comment about Firewalls and like to help u guys out if i can in someways ?

[Undertaker]

1 minute ago, dcs18 said:

Shall give it a try, too — in my case though, doesn't help since not all my clients use routers.

I'm gonna give it a try too and lessen the burden on Adguard(which I am using atm). I have 2-3 things in mind - proxy server, router block but all of them, like I said, can be used as precautionary measures rather than curing it.