Block An Application From Launching Another Application Etc.

Raul90
edited May 2014 in Firewall

Hi,


How can I block a browser launch triggered by an application?


There are certain applications nowadays that are nasty enough to have a trigger to launch the default browser (or IE for that matter). KMPlayer does that and up to this moment I can block such browser launch via Comodo D+ and Emsisoft OA Advanced setting. This game and all the other games there has a trigger to launch the default browser and go to it's website when you exit the game.


Allow me to share with you how I block it with the firewalls I have used(still using at this moment). It has a "game.exe" which I block via,


Emsisoft Online Armor Premium


Programs>Advanced Options>Permissions>Start Applications>


Allow Except>C:\Program Files\Internet Explorer\iexplore.exe


Allow Except>C:\Program Files (x86)\Mozilla Firefox\firefox.exe


Use DNS API = Block


set global hooks = Block


remote code = Block


remote code modification = Block


Comodo Firewall with D+


HIPS Rules>


Custom Ruleset> Access Rights>


Blocked COM Interfaces = InternetExplorer.Application1


HIPS Rules>


Custom Ruleset> Access Rights>Run as executable


Exclusions>Modify>Blocked File/Folders> File Group>Browsers


In Outpost Firewall Pro,


Application rules>Antileak settings>


DDE Communication = Block


Network Enabled Application launch = Block


DNS API request = Block


Low-level network access = Block


OLE automation control = Block


Does BD IS have hips? Or is it a Behavioral Blocker? I cant seem to see how this behavior can be blocked with your firewall...Your firewall reminds me of Avast's...which too cannot block such behavior.


How can I set a block rule for that behavior? A rule to block an application triggering another application to launch...


CbNtn39.png


NZ9KaAj.png


Can't seem to block that specific site also in BD firewall....or for that matter the IP address/range.....? How can I do that in BD firewall?


Please help me out on this. There are other issues that I have especially the slow boot time I have experienced when I installed BD IS 2014 but I will post it in the"General subforum".


Thanks :)

Comments

  • Nesivos
    Nesivos
    edited May 2014
    I don't think this is possible. This is a custom feature from what I understand. smile2.png


    There could be an app or dll file in the program folder that launches the browser when you exit the program. You would need to contact the app's developer to find out.


    Therefore if you can identity the app or dll file you can use the BD Firewall to block that app or dll file from accessing the Internet.


    Obviously this solution depends on there being a unique app or dill file within the program folder that launches the browser when you exit the program in question. This method also should work with blocking a program's uninstaller app from opening the browser as part of the program uninstall.

  • Nesivos
    Nesivos
    edited May 2014
    There could be an app or dll file in the program folder that launches the browser when you exit the program. You would need to contact the app's developer to find out.


    Therefore if you can identity the app or dll file you can use the BD Firewall to block that app or dll file from accessing the Internet.


    Obviously this solution depends on there being a unique app or dill file within the program folder that launches the browser when you exit the program in question. This method also should work with blocking a program's uninstaller app from opening the browser as part of the program uninstall.


    There is also another solution. You can use CurrPorts (free) by Nirsoft to identity all open ports on your computer. If you have it open before you close KMPlayer you will see a new port open when KMPlayer closes and takes you to their website. You can then block that port or range of ports if applicable. That will only work if the KMPlayer or another app does not otherwise use the port for updates etc.

  • There is also another solution. You can use CurrPorts (free) by Nirsoft to identity all open ports on your computer. If you have it open before you close KMPlayer you will see a new port open when KMPlayer closes and takes you to their website. You can then block that port or range of ports if applicable. That will only work if the KMPlayer or another app does not otherwise use the port for updates etc.


    @rourkem,


    Thanks for the reply. I really was looking into possibilities but there was none that I could find.


    @Nesivos,


    I think that blocking those ports used by the application (KMPlayer) isn't a viable solution as as you said that it may also be using those ports for updates or the application may just use another port or range of ports to call home. Identifying the "app" or "dll" which is the trigger is I think the best.


    May I ask if you were to create that rule, say, let's name it trigger.dll, how will you create that rule in BD firewall?


    If I may add, I posted also here, http://forum.bitdefender.com/index.php?sho...mp;#entry214776 Question About Bd Firewall Etc.., there is a pop-up (nag pop-up to upgrade to professional version )there from Glary Utilities that I would like to block.


    How can I block that in BD firewall?

  • Raul90
    edited May 2014

    To follow,


    Obviously this solution depends on there being a unique app or dill file within the program folder that launches the browser when you exit the program in question. This method also should work with blocking a program's uninstaller app from opening the browser as part of the program uninstall.


    I was checking out old notes about MyPlaycity.com games and there was an image prompt I saw about bass.dll being blocked by Outpost Firewall. Checking out,


    C:\Program Files (x86)\MyPlayCity.com\Around The World in 80 Days


    I saw that there is a "bass.dll". Now I was to try to block it but it would not show. Please see image below.


    wHmc2xJ.png


    Any ideas?

  • I was fiddling with the game and was trying out how can I block bass.dll but could not find a way to do it :(


    So I tried to block the IP range of the host site which is myplaycity.com. Using the myplaycity.com CIDR and made a rule to DENY connections to the it. It still connected. When I exit the game it launched Firefox. Connection to the site was established. Now I just set this rule earlier prior booting to the BD AV 2014 Plus with CIS7 partition so a restart/reboot was done. Now I rebooted again and checked the behavior. It was the same.


    myplaycity_IP CIDR details


    tpbVjON.png


    Adapter rule


    ZXxxBtd.png


    Browser launch with game exit


    1e4JeUw.png


    Browser launch connected


    E0ouZeH.png


    I tried if the behavior will be the same for another game from myplaycity.com, Star Defender 3. It was the same. The IP range is not blocked and gets connected. Browser launch still cannot be blocked because there seems to be no way of doing it in BD firewall.


    Star Defender game


    HDThwmM.png


    x59XxpV.png


    2v7Qy45.png