locked
A FLAW in the firewall (CURRENT VERSION) as of September 4th, 2008 RRS feed

  • Question

  •  Check out the ADVANCED tab under the firewall settings, take a look at the number of times (via EDIT) you see the exact same version, path, and program name. Then verify (either by EXPLORER or SEARCH) that each occurrance of the same file is where it says it is and the versions match.

     

    Then REMOVE/DELETE the different version and/or path to the duplicated program name.  I was surprised to see three sets of IEXPLORER.EXE in there (1 for v7, 1 for v8 SP1 and a 3rd for this weeks v8 SP2) and a number of original setup files for Direct X still in C:\WINDOWS\TEMP OR TMP, AND AGAIN IN C:\WINDOWS\SYSTEM32\DIRECTX (DIMPUT).

     

    I also noticed a number of other temporary setups and deleted programs still listed as havinf passthru access to the Internet. You think the boys in the think tank would have written a better detection subroutine that actually determines when a dupe exists when in fact it has been deleted, updated, or simply removed from the system? Once that had or has been done, it should at least remove the Microsoft programs from the firewalls permission sets.

     

    And it does it on 3rd party software thats been updated and or removed too!

     

    BTW: This is both a question and a comment. Why did it miss the temp files and the different versions along with the deleted items too?

     

    I just removed 8 of em and one more point, how come no one has addressed the issue of the trojan named WIN32/SIGALIT ?? It isn't new, but yet it keeps getting stuck in either a restore point on any hard drive (usually on the Layered App Socket Server executable. Thats LASS.EXE +RP### where ### is the restore point on C:, D:, or above!

     

    Alex M ..

     

     

    Thursday, September 4, 2008 10:44 AM

Answers

  • These are not duplicates, but new executables that were allowed through the firewall. There's generally no reason for you to delete these entries.

     

    The same holds true for setup files that were granted access. They won't be removed as the list is cumulative. If you uninstall a program, it won't be removed from this list either, as there is no hook between this list and any uninstaller.

     

    I can't answer your malware question except to advise you to contact support if OneCare missed or can't remove malware completely.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    -steve

    Thursday, September 4, 2008 3:53 PM
    Moderator