Open full view…

Better Windows Service Detection

Sat, 25 Sep 2021 02:49:35 GMT

The blocker does not recognize all of the default services installed by windows: In particular these two: WPNUserService(unique string here) CDPUserService(unique string here) This leaves you to create multiple rules based on svchost.exe and the outbound IP rather than a neater rule that just says allow all access for this service. If there are any devs on this forum is it possible for them to add detection of all services that are inbuilt to allow rules to be built against them. I'm guessing they haven't added it as it isn't as simple as matching the service name as its randomized, the app would probably have to check against the process commandline. The WPN and CDP services each have a service and a user service with the following commandlines. The UnistackSvcGroup services are ones with the randomized service names. “C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService” and “C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService” “C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc” and “C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc” Thanks in advance...

Mon, 27 Sep 2021 22:58:04 GMT

Hello, can you tell us more about your system (version) and the situation? As *WPNS* and *CDPS* get usually detected by NetLimiter.