Jorg

OA automatically allows outbound communication

Recommended Posts

Hi there,

I am using the current paid version of OA Firewall and have been using the product now for nearly 3 years.

I just installed a new program, Photoshop CS5, and noticed that it informed me that there were updates available for it. At no point did I get a warning that the program is trying to use the internet or asking me for permission. Even looking in the Firewall tab, there is no mention of Photoshop, ie. neither allowing it or denying it access.

I then tried a few more programs, and amazingly, they all seemed to happily check if there were updates available, without any warning being given to me.

I do NOT have the checkbox ticked that allows automatic internet access to trusted programs. Even though I trust programs, I still would like to know if they try to talk on the internet. I do have the loopback intercept enabled.

I run Windows 7 64 bit with KAV 9.0.0.736 (last years version, as the new KAV does not work with OA). Otherwise there is no security active on my PC.

I turned on logs to see if I can see what is going on, but the logs don't show the program that is trying to communicate, only the type of traffic and the IP of where it is going, so I could see the Photoshop traffic being allowed to leave the machine, but it never showed it as Photoshop.

After uninstalling OA I tried ZA (current version, just downloaded the free trial), and ZA instantly detects that Photoshop is trying to access the internet and asks me if it is ok with me.

I so prefer OA over ZA, as I left ZA 3 years ago to go to OA, but OA not being able to detect outbound communication makes it kinda useless.

Share this post


Link to post
Share on other sites

Hi Jorg,

I so prefer OA over ZA, as I left ZA 3 years ago to go to OA, but OA not being able to detect outbound communication makes it kinda useless.

I think that's for the ease of use. Anyway in my thought OA can detect outbound communication.

ZA instantly detects that Photoshop is trying to access the internet and asks me if it is ok with me.

And OA can do this too. Just go to Options - Firewall, and then uncheck automatically allow trusted programs to access the internet. After that I think OA can do such magic by giving a popup asking you if you allow or block. Also you can uncheck the option - Autoconfigure trusted programs. That'll be more interactive.

My regards,

Tyler

Share this post


Link to post
Share on other sites

Hi,

Do you use OA in advanced mode (there is another option to allow connections for trusted apps) ?

Seems to me that the connection is handled by KAV web filter. To check this you can activate "Intercept loopback interface" (Options/Firewall), delete the created rules for Photoshop and then launch this apps again. OA will notify you about a loopback connection made by Photoshop

Regards,

MaB

Share this post


Link to post
Share on other sites

Hi Tyler,

thanks for the quick reply. I did mention in my original post that I do NOT have the automatically allow trusted programs to access the internet checked. I have used the program for around 3 years now and am pretty familiar with it.

Under XP 32-bit it definitely picks up programs that try to communicate out. I got Windows 7 64-bit just under 2 weeks ago, so I am still feeling my way around the differences between OA 32-bit and 64-bit. I am not sure if that is what is causing the problem. Even when I go into the firewall tab and specifically block a program from using the internet by entering its .exe file, it still allows it to communicate on the internet. I am just amazed that ZA picks it up, so I am sure there is a way to pick it up. ZA did point out though that Photoshop is trying to access the internet via another program, but I was able to block it.

I am in the process now of re-installing Windows 7 to see if that makes a difference, my next attempt at trying to solve this is reverting back to OA 4.0 and seeing if it worked back then.

Jorg.

Share this post


Link to post
Share on other sites

Hi Jorg,

I did mention in my original post that I do NOT have the automatically allow trusted programs to access the internet checked.

Sorry I missed that. Then I guess we should wait for further info. from Dev Team.

My regards,

Tyler

Share this post


Link to post
Share on other sites

I am in the process now of re-installing Windows 7 to see if that makes a difference, my next attempt at trying to solve this is reverting back to OA 4.0 and seeing if it worked back then.

Jorg.

Hey Jorg, I would suggest to turn the UAC off when installing OA.

Share this post


Link to post
Share on other sites

Hi Nick,

thanks for the suggestion. I uninstalled OA, turned off UAC and then reinstalled OA, but once again, it was happily oblivious to any internet traffic from some programs.

I could not revert to version 4.0, as 64 bit is not supported pre 4.5, so that was out of the question too.

It finally dawned on me that perhaps KAV is at fault here, as KAV is of course allowed to access the internet for auto updates, etc. So I uninstalled KAV and all of a sudden I got a ton of messages asking me if it is ok for all sorts of programs to access the internet (which I assume until now have been happily doing so without my knowledge).

My guess is that KAV intercepts the traffic from some programs (not all, as ping was detected by OA and I got popups for it) before OA sees the traffic and then KAV routes the traffic through itself as part of its AV checks and thus that traffic is completely invisible to OA.

I must note here that I am pretty sure this did not happen on 32 bit XP, as I had both running for 3 years and every program I started that I could tell wanted to access the internet always required OA confirmation if it was ok to communicate. So it looks like under 64 bit there is something different in KAV and/or OA that no longer allows them to happily play together.

It is interesting though that ZA was not circumvented by KAV and picked up all outgoing traffic despite KAV running.

Any suggestions on a good AV program that works with OA? This is probably the wrong place to ask if OA++ is as good in the AV department as KAV :)

Share this post


Link to post
Share on other sites

Hi Jorg,

Did you try the suggestions that MaB69 wrote in post 3 in this thread ??

http://support.emsisoft.com/topic/3171-oa-automatically-allows-outbound-communication/page__view__findpost__p__17803

That is very likely to solve the problem.

And about OA++ - it uses the dual Ikarus/Emsisoft AV engine also found in EAM. You will not find a better detection rate anywhere.

Just remember that OA++ functions a little different from your traditional AV.

OA++ monitors your system with its HIPS module and only scans Unknown programs that tries to execute. (no need to scan anything known to be safe or something that can´t execute)

Martin

Share this post


Link to post
Share on other sites

Hi Martin,

I always have the intercept loopback interface turned on (which I had mentioned in my initial post), because otherwise it doesn't even work on 32 bit. And I could not delete any created rules, because OA never created any rules, because it was 100% oblivious to half my programs ever making internet connections. Even when I manually inserted rules to block a whole range of .exe files, none of the rules were ever applied because OA did not notice those programs making internet connections.

As I have never heard of Ikarus or Emisoft prior to their acquisition of OA, I don't have any gut feel if their products are on par with the big name players like KAV, etc. I have been a KAV customer for a long time and was always happy with it, so I never really needed to look around for a change. If the OA++ solution is as secure in preventing viruses from being downloaded from compromised Internet sites as the other big players, I will have no problem changing over to OA++ from my OA license.

Share this post


Link to post
Share on other sites

That sounds strange that KAV should make OA go blind..

Now, i´m not using KAV, so i hope that a KAV user can shed some light on this unpleasent situation.

Your question about OA++ and websites - OA in genreal has Webshield, that will block stuff like ActiveX and so on.

OA++ does not scan your downloads or browser content with its AV module.

But the moment you try to execute anything downloaded, then OA++ will scan the file if it´s an unknown item.

Martin

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.