outpost blocking email client

Hi, On a machine WinXPpro, outpost firewall(internal OS firewall disabled) is sometimes blocking my email client thunderbird with reason "blocked by process memory control" identifing that winlogon.exe is trying to write data into thunderbird. First I tought that I've got some spyware tryin to send some packets by smtp, but scaning with common antispyware programs didnt take any result. thunderbird have rules for an email client of course.

that any got some idea what is going on and how can I prevent it? Maybe some global rules that I cant reconize is responsible for that?

Reply to
k1sage
Loading thread data ...

Why not just using the Windowws-Firewall instead of Outpost? The latter has security design flaws anyways.

Yours, VB.

Reply to
Volker Birk

Try

formatting link

Reply to
bassbag

bassbag napisal(a):

THX For rest of you who gets this problem two topics i recomended which resolve my problem:

formatting link
?t=16912&highlight=winlogon.exe ...typicaly of course it was some malware as I tought scaning with newest hijackthis with analyzer on network shows me infected file and coresponding entry in registry

Reply to
k1sage

Did you notice, that Outpost has security design flaws like possible privilege elevation because of system services which open windows and vulnerability to the SelfDoS attack? Are you sure, that you want to use Outpost in spite of those design flaws?

Do you know, that "removing" malware requires a method like Tripwire or flattening and rebuild, or you never can be sure that this really works?

From your second link:

| Sounds like you guys have been infected by Trojan.Nebuler aka | Backdoor.Eterok.B.

If you didn't use a Tripwire like provision before being infected, then you never will be able to securely remove all installed malware:

formatting link
| Symantec publishes the instructions for removal.

The provisions Symantec recommend never can work: there is no way to securely remove Trojan.Nebuler aka Backdoor.Eterok.B *AND* all loaded and added malware, which came through this backdoor. If you didn't use Tripwire or another provision which does the same /before/ you were infected, your only chance to get back security is to flatten and rebuild your box. Please also read:

formatting link
Yours, VB.

Reply to
Volker Birk

Practically every software firewall has design flaws,or bugs .

formatting link
(click each firewall for bug report)

Windows firewall hasnt been exempt from bugs either.

formatting link
formatting link
I personally like a router and application firewall regardless ,whereas some like a router and just windows firewall.Its your call. me

Reply to
bassbag

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.