Windows Firewall Configuration - Truly Block EVERYTHING...

Discussion in 'Windows 10' started by CODYQX4, Aug 24, 2015.

  1. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60
    #241 ThomasMann, Aug 28, 2016
    Last edited by a moderator: Apr 20, 2017
  2. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    391
    931
    10
    #242 shewolf, Aug 28, 2016
    Last edited by a moderator: Apr 20, 2017
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60
    There is software called Process Hacker, the third tab is called Network and will show all connections in real time.
     
  5. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    #245 ofernandofilo, Aug 29, 2016
    Last edited by a moderator: Apr 20, 2017
    Right, I know the tool. But what is calling the domain? Who is making the connection? Which process? Sometimes the name of domain showed it is not the real one.

    If you run this, what is shown?
    Code:
    ping down.baidu2016.com
    cheers
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60
  7. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,730
    6,695
    270
    Id like to see what you are seeing if possible. I don't know how anything could get through the HOSTS and IP Block :g:
     
  8. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    #248 ofernandofilo, Aug 29, 2016
    Last edited: Aug 29, 2016
    This is looking to me a case of solving the wrong name. It is quite common to happen, especially when it resolves to the first entry name in the HOSTS file.

    But it may be something more serious such as a rootkit, but I sincerely doubt that is the case.

    I really need to see the ping as above, and a list shown in which programs are supposedly communicating with servers reported. Also I suggest that instead of using Process Hacker to show the domains accessed to, do so to show the pure and simply IPs.

    Please post pics, logs, or the results of tests.

    cheers
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,730
    6,695
    270
    something is trying but its not getting out. Thats not actually connecting. Something installed on that system is trying hard to get out, its jut not getting anywhere.
     
  10. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    #251 ofernandofilo, Aug 29, 2016
    Last edited by a moderator: Apr 20, 2017
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60

    Right... and as I did not tell anything to get out, there is something there, that is not supposed to be there doing that.
    And that is what I am trying to get rid off. As Zemana ztells me, it is a company that hijacks browsers to aim specific ads at users. Which I have never noticed as my ABP for Ff works just fine ...

    If it was a little simpler to paste pictures herem, than uploading to another website I could also post the beginning of that same page and you would see, thet there are, immedately after starting the computer, already six other other connection to the same adress DO GET OUT!
     
  12. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60
  13. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    #254 ofernandofilo, Aug 29, 2016
    Last edited: Aug 30, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,216
    193
    60
  15. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    211
    128
    10
    #256 ofernandofilo, Aug 30, 2016
    Last edited: Aug 30, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. doubtfire

    doubtfire MDL Junior Member

    May 26, 2015
    68
    4
    0
    Do Win 10 hosts file blocks to M$ servers actually work?

    iirc correctly, there's some backdoor workaround they added such that microsoft apps dont use the hosts file, is that still true?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    16,242
    24,691
    340
    A lot is hardcoded in several DLLs, so blocking via hosts file is futile. Rerouting IPs via systems IP tables seems to work properly (blocks even Skype for me).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. KingAlex

    KingAlex MDL Novice

    Mar 21, 2016
    46
    3
    0
    Hello :)

    I have TinyWall :) Care to share settings here for Win 10?

    Thanks :)
     
  19. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,385
    14,074
    210
    #260 Mr.X, Apr 3, 2018
    Last edited: Apr 3, 2018