We have recently collected several post (including GRC web site) that states that PC Tools firewall does not block applications. These post uses test applications that provide a false score and confuse you to think they by-passed the firewall rules and hence damage PC Tools Firewall Plus reputation. Below is a general explanation to the scenario.
1. When an application tries connects to the Internet and the firewall does not have rules for it, it will pop up a message to the user to authorize the connection;
2. If the user does not allow the application to connect, the firewall engine will return an HTML reply to the application that will state that the application was blocked, this HTML page will provide details about the FQDN that the application tried to connect to. The reason the firewall returns an HTML reply is to make sure users see a visible reply (from browser based UI) and will know why the connection was refused.
The problem: Those flawed test applications try to connect to the Internet and do not validate that the page that is receive is actually generated by the firewall and assume automatically that if they connect to a website and receive any HTML reply then that the reply came from the web site. Obviously this is not the case and the users are fully protected.
Example of a post:
The original non-translated post can be found from this link."Win7. PC Tools Firewall Plus ver 184.108.40.206. I installed the product and decide to test it.
1. The test application is FireWallTest.exe. I launched it and got a request to create a rule. I pressed Block and set the checkbox "Remember this settings". Another one request and I did the similar. The result is that connection established and test was failed.
I opened application settings page. For FireWallTest.exe I got a rule: IN "?", OUT "?". I manually set "Block" for FireWallTest.exe. I launched again and got the result that connection could be established and test passed.
Why? I choose Block in the popup window.
2. I created a rule for firefox.exe. Than I renamed FireWallTest.exe into Firefox.exe and rename original file. Than I launched it. I got a message that binary code of Firefox.exe has been changed. I cleared the checkbox remember this settings and click Block button. The result the connection has been established, test has been failed.
I returned original firefox.exe. Than I launched it and it could not connect to the internet. It displayed a page: "Your request to visit website www.bluhbluhbluh has been blocked. The website has been denied because the Firewall application rules are set to block this application: Total Commander 32 bit". I opened application settings and just select the firefox rule without changed The rule content is: IN allow trusted, OUT allow all. Actually, I did not change anything, but we when I refresh the page, all worked fine.
It is strange, what is happen?"
The user name who made the post: Booomer
1) Actually PC Tools Firewall Plus blocks the connection FireWallTest.exe with its server. I checked this with the sniffer ( packet monitor, like WireShark). During blocking of connection, PC Tools Firewall Plus sends back a HTML page that states that the application has been blocked. FirewallTest.exe does not checked WHAT the content of the page is. After receiving the blocking HTML response from the firewall, FirewallTest.exe writes down that the test has failed. Actually, there is no connection with the remote server. I could not make the FirewallTest.exe to write down that the test has failed even with block all for IN/OUT in the application rule. Probably, in your case it was the first launch of the application just after reboot and FirewallTest.exe could not resolve the IP address from the host name.
2) Probably the launch renamed FirewallTest.exe and got a popup that Total Commander 32 bit tries to connect to the internet using firefox.exe and you clicked Block. In this case all applications which is launched with Total Commander 32 bit will be blocked. If the checkbox "Remember the settings" was checked, you should remove the rule for Total Commander 32 bit and you will be asked again. Otherwise you should close Total Commander 32 bit. Unfortunately, I could not repeat this scenario.
Results 1 to 1 of 1
04-21-2010, 05:14 AM #1
Test Application Fails PC Tools Firewall protection with low scoreThanks,
PC Tools - Essential tools for your PC