Antileak question

[jason69]

When I have a browser already running and I click a shell link in a gui of particular application, say, the "Online help" or "Help" it connects to the online help site of that application.

Kindly see rules made in Application Rules:

Where the protool is TCP
and direction is Outbound
and remote port is HTTPS
Block

Where the protool is TCP
and direction is Outbound
and remote port is HTTP-83
Block

Where the protool is UDP
and direction is DNS servers
and remote port is DNS
Block

And in the Antileak(see image)



AntiLeak setttings is set to "Advanced" and all at "Prompt".

Now as mentioned above the rule in the AntiLeak is effective only when the browser is not running. OP will indeed block the launch of the browser through the gui link.

Question is how can I block that launch of the webpage tab through the link in the gui when there is an existing browser running.

Current security setup is Eset NOD32 ver5(HIPS disabled), Outpost Firewall Pro ver7.5.2, Malwarebytes Pro(on-demand). KeyscramblerPro(realtime). OS is Windows 7 x32.

[minoka]

Assuming I understood your post correctly:
For ccleaner, your example above, also block DDE Communications to prevent the launch of 'online help'. If report is checked, an alert will be produced (attached pic).

Hope this helps.

[jason69]

Hello minoka,

Thank you for the advice. I am at the office now so I 'll gonna try it out later when I get home. Another question, will blocking DDE attempt also block other web page tab launch on other applications gui, say, VLC, KMPlayer or GlaryUtilities? Sorry for asking as I see also that behavior in KMplayer only that it launches IE instead of Firefox. Same rule above is applied for KMPlayer and GlaryUtilities. Have not tried it VLC.

Thanks for the reply.

jason

[minoka]

Blocking network-enabled app launch and dde communication does the trick for those of my apps that have 'built-in' functions similar to those you describe. Try it and please let us know if this works with your apps.

[jason69]

Hello minoka,

Magnificent! The tip is working out! Thank you

Might I ask a question, well a bit very noob but I just wanna know because some of it cannot be seen in the Outpost user guide I have.

What is DDE communication? Can DDE communication be blocked via the "services"..? I mean is there another way of blockignsuch behavior?

I wanna know because I was first using Eset HIPS and got frustrated of trying to block this and that and it seems not working and making me impatient so I disabled it replaced my firewall with Outpost. Setting OP was okay because I have saved my last config before an just waited for ver7.5.2 but I did not know about this one.

Can you give me some explanations on a very noob question..? Hope it's okay

jason

[minoka]

I am not savvy enough in this field, so you may want to use a search engine ; but basically it is a method by which a program can exchange data with or control another prog. In the ccleaner example, you can see in the alert that clicking help would have launched my firefox browser.
Apparently though, this protocol is being supplanted by OLE (Object Linking and Embedding).
So, one needs pay attention to both.

A couple of links
About Dynamic Data Exchange (Msft)
Agnitum KB article about DDE
Agnitum KB article about OLE

Since you are new to Outpost, you may not know there is quite a bit of documentation in .pdf format available at Agnitum's web site: http://www.agnitum.com/support/docs.php
and a searchable knowledge base: http://www.agnitum.com/support/ or http://www.agnitum.com/support/kb/search.php

Hope this helps.

[jason69]

Thank you and I will do check the links. I have used Outpost before but have not been too tinkery about it. Thanks again.

[minoka]

You are welcome. Have a great weekend!