Author Topic: Solution to the "indirect relativeness"/"indirect access" bugs?  (Read 997 times)

0 Members and 1 Guest are viewing this topic.

Offline locksmith

  • Member
  • *
  • Posts: 9
Re: Solution to the "indirect relativeness"/"indirect access" bugs?
« Reply #3 on: September 23, 2013, 09:50:46 PM »
Ignore the last message. The app at hand is .NET, and the behavior of what's going on is more complex. I'm still trying to understand it, but the first message in this thread is valid.

Offline locksmith

  • Member
  • *
  • Posts: 9
Re: Solution to the "indirect relativeness"/"indirect access" bugs?
« Reply #2 on: September 23, 2013, 08:56:17 PM »
Another strange thing. I tried creating a restrictive set of rules to see if App A above might somehow be communicating through another path I didn't notice. But no. It seems to be able to communicate with the internet with only an "indirect access" rule for App C and no further in/out rules at all.

Offline locksmith

  • Member
  • *
  • Posts: 9
Solution to the "indirect relativeness"/"indirect access" bugs?
« Reply #1 on: September 23, 2013, 05:02:37 PM »
I'm running the latest v2 on Win8 x64. I've been trying it for a few days, and GUI concerns aside it's been fine. Lightness and control are more important than GUI, as long as I don't have to deal with the GUI much after the initial setup.

But now I've hit a case where I can't block a certain app without it affecting unrelated other apps. Also, more and more the popups make no sense, usually "indirect relativeness" or "indirect access" popups. There's no relation to the actual apps involved in communication, popups mention applications that aren't running, and other oddities. It seems like the bug or bugs that have been discussed in threads from past years such as:
http://www.smokey-services.eu/forums/index.php?topic=1926.0
http://www.smokey-services.eu/forums/index.php?topic=1944.0
http://www.smokey-services.eu/forums/index.php?topic=12543.30

For example, I wanted to block "App A", a newly installed app. But it could access the internet even though I never saw popups about it nor authorized it. I've pinpointed it to an "indirect access" rule for unrelated "App B" (standalone app, not part of the OS, not related to networking). I've blocked App B's rule (it didn't need access anyway), and App A was blocked successfully. The problem is, other things stopped being able to communicate, like the web browser.

Even stranger, while the block rule for App B was definitely active with its lightbulb icon, this app wasn't really running nor loaded by anything (I searched for handles with Process Explorer). I disabled App B's block rule, and got a popup: "App B made 'indirect relativeness'... PID: n/a...". The empty PID also suggests it isn't running.

I tried restarting the computer. Now, when running App A (the one I want to block) I received a popup: "Application App C made write to other's memory and probably tries to access the Internet via another application PID: 2412 (PID: 1232 App A)". App C is different from App B that was mentioned above, and this time it was actually running (there's also a PID). But App A isn't mentioned as the one trying to communicate, but the one communicated through. Still, the behavior was the same as before with App B: blocking the rule for App C blocked App A but also unrelated other apps.

I also got popups for actual App A communication, with sensible target IP and ports, but they only showed right when I exited App A after it communicated successfully anyway. Creating block rules for these App A communications, or for App A in general, didn't block App A at all.

Is there any way to get things to make sense and work?


 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks