 jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | [In the process of a new leaktest...] Firewalls... I'm working on a new leaktest that attempts to terminate all firewalls before launching...
Anyone have a list of firewalls' process names?
--
Word of advice: Never trust a doctor whose office plants have died... P.S.: Thank you, Optimized, for making me premium! |
|
BPremium,MVM
join:2000-10-28 | Got ya thinking, didn't I 
-- B |
|
BPremium,MVM
join:2000-10-28 | reply to jdong
There's a similar list at »www.unixwiz.net/backstealth/, apparently from a DSLR contributor a year ago...
-- B
P.S. All I did was Google "personal firewall process names". There are a few other leads there. |
|
| reply to jdong
Here's a few:
Zone Alarm - zonealarm.exe & vsmon.exe
Sygate - smc.exe
AtGuard Personal Firewall - Iamapp.exe & Iamserv.exe
ConSeal PC Firewall - CFIADMIN.EXE, FRW.EXE, CFIAUDIT.EXE, CFINET.EXE, CFINET32.EXE, PCFWallIcon.EXE
Tiny Personal Firewall v4 - umxagent.exe (main engine) & umxldra.exe (User mode executive module DLL loader)
Tiny Personal Firewall (pre v4) - UMXLDRW.exe
Norton Personal Firewall - NISSERV.EXE & NISUM.EXE
--
Aim low, shoot high.
[text was edited by author 2003-07-07 18:56:28] |
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | reply to jdong
thanks. |
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | reply to jdong
I got this list from BugBear.b
ZONEALARM.EXE
WFINDV32.EXE
WEBSCANX.EXE
VSSTAT.EXE
VSHWIN32.EXE
VSECOMR.EXE
VSCAN40.EXE
VETTRAY.EXE
VET95.EXE
TDS2-NT.EXE
TDS2-98.EXE
TCA.EXE
TBSCAN.EXE
SWEEP95.EXE
SPHINX.EXE
SMC.EXE
SERV95.EXE
SCRSCAN.EXE
SCANPM.EXE
SCAN95.EXE
SCAN32.EXE
SAFEWEB.EXE
RESCUE.EXE
RAV7WIN.EXE
RAV7.EXE
PERSFW.EXE
PCFWALLICON.EXE
PCCWIN98.EXE
PAVW.EXE
PAVSCHED.EXE
PAVCL.EXE
PADMIN.EOUTPOST.EXE
NVC95.EXE
NUPGRADE.EXE
NORMIST.EXE
NMAIN.EXE
NISUM.EXE
NAVWNT.EXE
NAVW32.EXE
NAVNT.EXE
NAVLU32.EXE
NAVAPW32.EXE
N32SCANW.EXE
MPFTRAY.EXE
MOOLIVE.EXE
LUALL.EXE
LOOKOUT.EXE
LOCKDOWN2000.EXE
JEDI.EXE
IOMON98.EXE
IFACE.EXE
ICSUPPNT.EXE
ICSUPP95.EXE
ICMON.EXE
ICLOADNT.EXE
ICLOAD95.EXE
IBMAVSP.EXE
IBMASN.EXE
IAMSERV.EXE
IAMAPP.EXE
FRW.EXE
FPROT.EXE
FP-WIN.EXE
FINDVIRU.EXE
F-STOPW.EXE
F-PROT95.EXE
F-PROT.EXE
F-AGNT95.EXE
ESPWATCH.EXE
ESAFE.EXE
ECENGINE.EXE
DVP95_0.EXE
DVP95.EXE
CLEANER3.EXE
CLEANER.EXE
CLAW95CF.EXE
CLAW95.EXE
CFINET32.EXE
CFINET.EXE
CFIAUDIT.EXE
CFIADMIN.EXE
BLACKICE.EXE
BLACKD.EXE
AVWUPD32.EXE
AVWIN95.EXE
AVSCHED32.EXE
AVPUPD.EXE
AVPTC32.EXE
AVPM.EXE
AVPDOS32.EXE
AVPCC.EXE
AVP32.EXE
AVP.EXE
AVNT.EXE
AVKSERV.EXE
AVGCTRL.EXE
AVE32.EXE
AVCONSOL.EXE
AUTODOWN.EXE
APVXDWIN.EXE
ANTI-TROJAN.EXE
ACKWIN32.EXE
_AVPM.EXE
_AVPCC.EXE
_AVP32.EXE
--
Word of advice: Never trust a doctor whose office plants have died... P.S.: Thank you, Optimized, for making me premium! |
|
| reply to jdong
Re: [In the process of a new leaktest...] Firewall The results will be 'interesting' to see, but I wouldn't call such a test a firewall leak test. |
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | said by Tuulilapsi:
The results will be 'interesting' to see, but I wouldn't call such a test a firewall leak test.
Well, I only called it a 'leak test' because some firewalls, like Sygate, claim to be 'immune' to this...
--
Word of advice: Never trust a doctor whose office plants have died... P.S.: Thank you, Optimized, for making me premium! |
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | reply to jdong
Re: [In the process of a new leaktest...] Firewalls... Hmm, hate Borland...
Would you mind if I wrote the leaktest for the .NET framework? |
|
 Khaine
join:2003-03-03
Australia | reply to jdong
That means I have to download the stupid .NET Framework junk 
oh well go for it jdong, I'd be intrested to see what you do, and how you do it  |
|
 VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | reply to jdong
.NET is not a good idea, I made a small slow program that will kill every process you posted here, it's slow on my pc, takes about 20 seconds.
Then pings dslreports, to simulate a Trojan. Ping is strong enough example I think.
It doesn't check if process exist, it just kills the process if it exist.
Look forward to your program, hope you don't use .NET though.
--
TrojanHunter Stands For Privacy!!!!!!! |
|
|
|
| reply to jdong
"I'm working on a new leaktest that attempts to terminate all firewalls before launching... Anyone have a list of firewalls' process names?"
So all that's needed to defeat your test is rename the file? ...
|
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1 | said by Wayne DCS:
"I'm working on a new leaktest that attempts to terminate all firewalls before launching... Anyone have a list of firewalls' process names?"
So all that's needed to defeat your test is rename the file? ...
Umm, renaming your firewall is a pain. Besides, I can just terminate everything except:
a)Begins with "System"
b)Begins with "Kernel"
c)Begins with "KRNL"
==============================
About .NET: Well, I'll give the Win32 API a little more faith... then maybe I'll go .NET... if you are really that opposed to .net.
--
Word of advice: Never trust a doctor whose office plants have died... P.S.: Thank you, Optimized, for making me premium! |
|
jdongEat A Beaver, Save A Tree.Premium
join:2002-07-09
Rochester, MI
kudos:1
| reply to jdong
»New 'Leaktest': Firewall Termination!
Beta #1 released 
Not too sure how well it works.... don't have my VM set up yet. It did end task my NAV tray icons...
---Edit----
By the way, this is not .NET. I finally managed to get it working in Borland C++Builder6
--
Word of advice: Never trust a doctor whose office plants have died...
P.S.: Thank you, Optimized, for making me premium!
[text was edited by author 2003-07-08 14:27:33] |
|
