GordonFreeman Posted August 22, 2016 Share Posted August 22, 2016 Well, i use Windows firewall to block internet connection for some programs, it works well when i block by example a folder called MySoftware in program files: C:\Program Files\MySoftware\abc.exe C:\Program Files\MySoftware\internet.exe The problem: If "abc.exe" have an FileCopy command/line/etc to another location of "internet.exe" file, then run it, the internet connection works fine. (because not blocking C:\Program Files\MySoftware\internet.exe) Anyone have an idea & ways of how can i fix it Sorry for my not good english and thanks in advance Frabjous Installation Link to comment Share on other sites More sharing options...
orbs Posted August 22, 2016 Share Posted August 22, 2016 other firewall products may offer blocking an exe by its checksum or other properties; but that just opens an arms race between the offending program and your firewall. starting an arms race is never a good idea. i believe your best bet would be to examine the outbound traffic and block by target, port or protocol. if that is not sufficient, use a more advanced firewall that can block a request by its contents. and if you are really paranoid, switch from blacklist to whitelist. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
GordonFreeman Posted August 22, 2016 Author Share Posted August 22, 2016 Thanks orbs, but blocking the traffic (with hosts file or wildcarded hosts like) mean in a lot of research and something can pass. I think in remove write permission but it will turn some programs unusable (if not will be the best solution i think). Whitelist also looks lot of research because i use a lot of programs. But i will search a little more methods to find a solution. Thanks Frabjous Installation Link to comment Share on other sites More sharing options...
orbs Posted August 22, 2016 Share Posted August 22, 2016 are you dealing with a specific offending program, or are you looking for a general solution? Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
GordonFreeman Posted August 22, 2016 Author Share Posted August 22, 2016 3 minutes ago, orbs said: are you dealing with a specific offending program, or are you looking for a general solution? A general solution Frabjous Installation Link to comment Share on other sites More sharing options...
orbs Posted August 22, 2016 Share Posted August 22, 2016 good luck then. except using whitelist, i tend to think any method you may come up with can be circumvented. if you want to play around, here's a thought - for any folder you wish to block, follow these steps: 1) deploy a real-time monitor for filesystem events and process events on all files in that folder. 2) whenever any file in this folder creates a process, and that process creates a new file, block that new file too. 3) rinse and repeat. yeah, as i said... good luck. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
iamtheky Posted August 22, 2016 Share Posted August 22, 2016 (edited) or sanitize your input and verify the origin of the file before allowing it to run? is that doable for the offending executables? wait im understanding it is not and that is the issue...i shud reed. is abc yours? or are you just watching both? seems that run("cmd /c powershell (Get-Process -Name $name).path") could be added at some point when it is known inet would be called. Edited August 23, 2016 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
GordonFreeman Posted August 23, 2016 Author Share Posted August 23, 2016 I think the best way is whitelist EXEs i use. Thanks orbs. I found this help: http://superuser.com/questions/811147/how-to-whitelist-which-programs-can-access-the-internet @iamtheky Sorry i dont understand your proposal. abc just an example, can be any exe of a software. Anyway, thanks by the help Frabjous Installation Link to comment Share on other sites More sharing options...
iamtheky Posted August 23, 2016 Share Posted August 23, 2016 that powershell command returns the path of the executable. If you have an expected place for stuff to be ran from, then having a list of the paths would make identifying outliers easy, no? ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now