Some questions

[DomOBU]

Hello,

I have 2 laptops.
On the 2 laptops there are obsolete versions of CCleaner and Minitool Partition Wizard.

Laptop1: The FW is Comodo FW
Laptop2: the FW is Fort FW.

On Laptop 1, I never get a request to update the software.
On the laptop2, I've had some requests for updates.

For Minitool, one of the programs, experience.exe, did not appear in the list and was not blocked. When does a program appear in the list of programs?
For CCleaner, the 2 programs were blocked with the program rule. How was CCleaner able to access the internet? When you select 'Block' in the program rule, which accesses are blocked? Which protocols are blocked?

Thank you for your feedback.

[tnodir]

For CCleaner, the 2 programs were blocked with the program rule. How was CCleaner able to access the internet?

Use System Informer program's Firewall tab to see which connections are allowed and why by rule filter.

When you select 'Block' in the program rule, which accesses are blocked? Which protocols are blocked?

All access is blocked. See the "Filtering logic".

[tnodir]

I've double checked the CCleaner:

• installed the "CCleaner Free"
• blocked the alerted programs:
  1. "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
  2. "C:\Program Files\CCleaner\CCleaner64.exe"
  3. "C:\Program Files\CCleaner\CCUpdate.exe"
• clicked CCleaner's "Update" tab:
  

[DomOBU]

C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe" does not appear in the list of programs on my laptop.

When does a program appear in the list ?

[tnodir]

When does a program appear in the list ?

On 1-st startup immediately.

[DomOBU]

This is how CCleaner is set up with F Fw.

If I ask for a CC upgrade, here are the network accesses with Task Manager de Luxe and TCPView(Sysinternals):

[DomOBU]

If I set programs to ‘Allow’ and add this application rule, access is blocked.

[tnodir]

Please export backup and send the archived backup folder to my email.

[tnodir]

@DomOBU You have to review your Rules, because of its logic misunderstanding.

For example, you have an allowing "Quad9" global rule, applied before app rules:

area(INET)
9.9.9.9:{
udp(53):dir(OUT)
}

This rule's logic is: ALLOW the connection, if

• the remote IP address belongs to Internet (i.e. it's not in the Options: "Local Network Addresses")
• OR ( (the remote IP address is 9.9.9.9) AND (protocol is UDP) AND (direction is outgoing) )

So, any connection of any program to Internet will be allowed, because this rule is global and applied before program's logic. The program will be allowed, even if it explicitly blocked in the Programs window.

---

If you did mean to create a rule for DNS 9.9.9.9, then the rule should be:

9.9.9.9:udp(53):dir(OUT)

[DomOBU]

Thanks for your answer.

1. if I understand your answer correctly, you should not put area(INET) in the setting if the remote @ is an internet @.Is that the way to understand your answer?
2. If I set programs to ‘Allow’ and add this application rule (see above), access is blocked. Why then ?

[tnodir]

So, any connection of any program to Internet will be allowed, because this rule is global and applied before program's logic.

I'm wrong here. The allowed global apps will examine app's rule.

Only blocked apps by global rule (before apps) will block and not examine app's rule.

[tnodir]

1. if I understand your answer correctly, you should not put area(INET) in the setting if the remote @ is an internet @.Is that the way to understand your answer?

I mean, that the area(INET) should be used when needed.

Again, your allowing global rule:

area(INET)

allows all connections to Internet.

2. If I set programs to ‘Allow’ and add this application rule (see above), access is blocked. Why then ?

The logic of app with blocking rule and with Allow action:

• global rule allowed the connection
• app's rule blocked it

The logic of app without rule and with Block action:

• global rule allowed the connection
• app's action should block it, but it didn't because of bug in the driver

Let me fix the logic of block action after global allow..

[tnodir]

Or should we just allow the app, when it allowed by global rule, applied before app rules?

Without checking app's rule and action.

I think, it'll be simpler to understand for users.

[DomOBU]

I have removed area(INET) from the Quad9 global rule and re-set CCleaner with a blocked rule. This setting blocks the CCleaner upgrade. Super.

[tnodir]

BTW, you have other rules with area(...) too, as I remember.

[DomOBU]

Unfortunately, with this change, the other programmes will no longer have access to the Internet.

[tnodir]

Unfortunately, with this change, the other programmes will no longer have access to the Internet.

Yes, you have to rework all your Rules (especially Globals).

Let's review them one by one: show here your rule and describe why did you create it.

[DomOBU]

For QUAD9, with 9.9.9.9:udp(53):dir(OUT):area(INET) the update of CCleaner is blocked and the other programs work.

[tnodir]

9.9.9.9:udp(53):dir(OUT):area(INET)

Why do you need the :area(INET) here? Just remove it.

---

Please show other global rules and describe why do you need it.