New Beta Driver addressing additional vulnerabilities/Leaktests.

Discussion in 'LnS English Forum' started by Frederic, Nov 12, 2004.

Thread Status:
Not open for further replies.
  1. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Yes Def. I love to install porn into my registry.
     
  2. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,111
    Any interesting links would be appreciated... :D
     
  3. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,111
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Hi Defenestration,

    No, I wasn't aware for this particular executable, but gkweb told me that he had also some times false detection with ProcessGuard.

    If all these applications (including LnS) are handling the same critical Windows API usable for injection, there may be some conflict, explaining this.

    I will try to reproduce to see what's happenning, is DCSUSERPROT.EXE part of ProcessGuard, or is it another tool ?

    Frederic
     
  5. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    It is part of PG.
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Yes, I understand better because you are saying PCAudit2 failed without notifying at all. So I understand your request now.
    This is strange, normally you should have be prompted with a name of a new DLL.
    However, if all the applications PCAudit2 tries to inject don't have access to internet, then I suppose it will fail before asking for the new DLL.

    Frederic
     
  7. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I tested PCAudit2 again and this time L 'n' S notified me. I think it was just the application it tried to use before did not have internet access. Please disreguard my request.
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Just had time to test this beta driver, she works smoothly against Copycat, pcAudit v6.3- and the two DNS testing leaktests. I ran some additional tests also, she appears to do what had been advertised…

    Continue the excellent work Frederic!!! :D
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Steps I done was renaming lnsfw1.sys to lnsfw.1.sys.old, applied ActivatedSoonEnable.reg which I had updated specially for this beta driver to include the necessary, and then re-booted the system…

    Code:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lnsfw1]
    "ActivatedSoon"=dword:00000001
    "CheckDNSQ"=dword:00000001
    "CheckHSRE"=dword:00000001
    "CheckVAEUDTF"=dword:00000001
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Thanks Phant0m for your support :cool:

    Frederic
     
  11. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    I haven't upgraded to XP SP2 due to some apps incompatibilities..I was wondering whether it's useful to upgrade the driver..have you extended the windows versions it works on?
    why doesn't it work on XP SP1's?
     
  12. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    This works great! I have XP Home SP2, running with no problems! *puppy*
     
  13. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    manuangi,
    This is not true! The new driver perfectly supports my XP-SP1 system, PCAUDIT2 got no chance :cool:

    Thomas :)
     
  14. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Hi,

    Yes, it may work by chance, I didn't tested on WinXP-SP1 actually :oops:
    To verify if the new blocking features are supported or not, open the console, ask for the driver logs.
    After FW1: If you see lines like this:
    "FO2_Ok
    FO2_2_Ok
    FO_Ok
    FO3_Ok
    FO4_Ok
    FO5_Ok"
    They are supported.
    If you see a "FOx_KOy!" one feature is not supported.

    Frederic
     
  15. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Hello Fredric,
    I do not get any of these console messages at all.
    Is it necessary to start one or the other leaktests to see these specific driver log entries??


    For my testing I just downloaded the PCAUDIT2 leaktest from gkweb's page on my WinXP-XP1 system and LnS perfectly blocked it.

    Thomas :)
     
    Last edited: Nov 30, 2004
  16. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    When would you have to do that?? I am on win2k have installed all the updates adn modified the registry but when going on console I get after FW1

    D:\Programme\Dfu\Opera 7\Opera.exe
    C:\Winnt\explorer.exepc

    Do I have to run the tests to see the results you say??

    Ruben
     
  17. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Rebooting is the answer to Ruben's and to my question!

    So here are the results from my WinXP-SP1:

    FW1:

    FO2_Ok
    FO2_2_KO5
    FO3_KO2
    FO5_Ok
    FO4_Ok

    Thomas :)
     
    Last edited: Dec 1, 2004
  18. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Yes, you need to look at the driver logs just after Windows has started, otherwise other information in the logs (like application connections) will overwrite this information (since the driver logs is a circular buffer with a limited size).
    Sometimes you also need to start some applications before having a FOx_Ok or the FOx_KO.

    Frederic
     
  19. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    ok, will try

    Ruben
     
  20. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Frederic,

    I pass all the ones in the log but I also have this: ReSLIN! Is that OK? or is something wrong? I guess I just want to know what it means...
     
  21. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    And here are my logs for the Win2k-SP4 machine:

    FW1:

    Driver Entry Win2k/XP d1.

    FO2_Ok
    FO2_2_Ok
    FO3_Ok
    FO5_Ok
    FO4_Ok

    ReSLIN! (what is this??)

    Thomas :)
     
  22. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    Here's my log. WinXP SP1

    FW1:
    Driver Entry Win2k/XP d1.

    FO2_Ok
    FO2_2_KO5
    FO3_KO2

    FO4_Ok
    FO5_Ok



    So...what's not working, Frederic?
    Do you advice that I return to the old driver, or that I keep this one?

    thank you!
     
  23. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    anyway I think, before releasing a new LnS executable, bundled with the new lnsfw1.sys file, you should test it thoroughly on systems with XP SP1 only..as lots of people out there haven't updated yet..
     
  24. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Just for the record on restart I got the results I was looking for :)-) Thanks Frederic

    Win2ksp4

    Ruben
     
  25. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    => Copycat leaktest/troyan type won't be detected

    => DNSTester leaktest/troyan type won't be detected

    Frederic
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.