outpost blocking email client

Hi,
On a machine WinXPpro, outpost firewall(internal OS firewall disabled)
is sometimes blocking my email client thunderbird with reason "blocked
by process memory control" identifing that winlogon.exe is trying to
write data into thunderbird.
First I tought that I've got some spyware tryin to send some packets by
smtp, but scaning with common antispyware programs didnt take any result.
thunderbird have rules for an email client of course.

that any got some idea what is going on and how can I prevent it? Maybe
some global rules that I cant reconize is responsible for that?

Re: outpost blocking email client

k1sage <"kis[delete]age"@interia.pl> wrote:
> On a machine WinXPpro, outpost firewall(internal OS firewall disabled)
> is sometimes blocking my email client thunderbird with reason "blocked
> by process memory control" identifing that winlogon.exe is trying to
> write data into thunderbird.
> First I tought that I've got some spyware tryin to send some packets by
> smtp, but scaning with common antispyware programs didnt take any result.
> thunderbird have rules for an email client of course.
> that any got some idea what is going on and how can I prevent it? Maybe
> some global rules that I cant reconize is responsible for that?

Why not just using the Windowws-Firewall instead of Outpost? The latter
has security design flaws anyways.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: outpost blocking email client

In article , k1sage <"kis[delete]
age"@interia.pl> says...
> Hi,
> On a machine WinXPpro, outpost firewall(internal OS firewall disabled)
> is sometimes blocking my email client thunderbird with reason "blocked
> by process memory control" identifing that winlogon.exe is trying to
> write data into thunderbird.
> First I tought that I've got some spyware tryin to send some packets by
> smtp, but scaning with common antispyware programs didnt take any result.
> thunderbird have rules for an email client of course.
>
> that any got some idea what is going on and how can I prevent it? Maybe
> some global rules that I cant reconize is responsible for that?
>
Try http://www.outpostfirewall.com/forum/
me

Re: outpost blocking email client

bassbag napisal(a):

>>
> Try http://www.outpostfirewall.com/forum/
> me

THX
For rest of you who gets this problem two topics i recomended which
resolve my problem:
http://aumha.net/viewtopic.php?t=19087&postdays=0&postorder= asc&start=0
http://outpostfirewall.com/forum/showthread.php?t=16912&high light=winlogon.exe

....typicaly of course it was some malware as I tought
scaning with newest hijackthis with analyzer on network shows me
infected file and coresponding entry in registry

Re: outpost blocking email client

k1sage <"kis[delete]age"@interia.pl> wrote:
> > Try http://www.outpostfirewall.com/forum/
> For rest of you who gets this problem two topics i recomended which
> resolve my problem:

Did you notice, that Outpost has security design flaws like possible
privilege elevation because of system services which open windows and
vulnerability to the SelfDoS attack? Are you sure, that you want to use
Outpost in spite of those design flaws?

> ...typicaly of course it was some malware as I tought
> scaning with newest hijackthis with analyzer on network shows me
> infected file and coresponding entry in registry

Do you know, that "removing" malware requires a method like Tripwire or
flattening and rebuild, or you never can be sure that this really works?

From your second link:

| Sounds like you guys have been infected by Trojan.Nebuler aka
| Backdoor.Eterok.B.

If you didn't use a Tripwire like provision before being infected, then
you never will be able to securely remove all installed malware:
http://en.wikipedia.org/wiki/Tripwire_%28software%29

| Symantec publishes the instructions for removal.

The provisions Symantec recommend never can work: there is no way to
securely remove Trojan.Nebuler aka Backdoor.Eterok.B *AND* all loaded
and added malware, which came through this backdoor. If you didn't use
Tripwire or another provision which does the same /before/ you were
infected, your only chance to get back security is to flatten and
rebuild your box. Please also read:

http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

Re: outpost blocking email client

In article , k1sage <"kis[delete]
age"@interia.pl> says...
> bassbag napisal(a):
>
> >>
> > Try http://www.outpostfirewall.com/forum/
> > me
>
> THX
> For rest of you who gets this problem two topics i recomended which
> resolve my problem:
> http://aumha.net/viewtopic.php?t=19087&postdays=0&postorder= asc&start=0
> http://outpostfirewall.com/forum/showthread.php?t=16912&high light=winlogon.exe
>
> ...typicaly of course it was some malware as I tought
> scaning with newest hijackthis with analyzer on network shows me
> infected file and coresponding entry in registry
>
Practically every software firewall has design flaws,or bugs .
http://www.matousec.com/projects/windows-personal-firewall-
analysis/results.php

(click each firewall for bug report)

Windows firewall hasnt been exempt from bugs either.
http://news.com.com/Windows+Firewall+flaw+may+hide+open+port s/2100-7355_
3-5845850.html
http://www.techworld.com/security/news/index.cfm?NewsID=4337

I personally like a router and application firewall regardless ,whereas
some like a router and just windows firewall.Its your call.
me