Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
EaseUS Todo Backup changing firewall rules
856 views
Skip to first unread message
Dex
Jun 6, 2015, 3:42:51 AM6/6/15
to
EaseUS Todo Backup is changing the built in Windows firewall rules to
allow connections when the PC boots. TodoBackupService.exe, which runs
at start up is changing it, If I set the service to manual the program
wont run when I want it to.
Is there any way to stop it manually changing the rules in Win7 64 bit?
allow connections when the PC boots. TodoBackupService.exe, which runs
at start up is changing it, If I set the service to manual the program
wont run when I want it to.
Is there any way to stop it manually changing the rules in Win7 64 bit?
VanguardLH
Jun 6, 2015, 1:28:55 PM6/6/15
to
Although they make their firewall rule(s) a bit too general for my
taste, their process is only making a local (loopback) connection
(except, of course, for any update check). Since the local connect is
not for malicious or nefarious purpose, just let it create the rules.
If you search on my nym in their forums, you'll see that I used to use
Easeus ToDo Backup (Home and Workstation editions). Most backup
programs, including this one, provide no means for protecting the backup
files. If you use removable media then you cannot schedule unattended
periodic backups. I went back to Acronis True Image which has its
Secure Zone (non-standard partition type and no drive letter assigned).
Paragon's backup program has the same feature (because programmers left
Acronis to work at Paragon and added the same feature); however, I don't
like Paragon's method of making me first perform a full backup before I
can based incremental or differential backups against the full backup
versus Acronis that lets me schedule the backup and it will create the
first full backup, if needed.
With Easeus, I had to get an edition (which meant not the Home edition)
that let me specify pre- and post-commands to a backup job. That let me
use diskpart.exe (in a batch file and feeding a script file to diskpart)
that would online the volume and assign a drive letter so the backup job
could find the storage location for the backup file, and then use
diskpart after the backup job to remove the drive letter and offline the
volume. While an offlined volume and no drive letter helps to prevent
malware and malicious/clumsy users from deleting or encrypting my backup
files, there is still a window of opportunity during the backup job to
access the backup files. At one time, I also used devcon.exe (console-
mode equivalent of Device Manager, devmgmt.msc) to disable the 2nd hard
disk where the backup files were stored but that was a bit overkill plus
devcon is old (not updated for awhile and not for 64-bit versions of
Windows). There is malware that will find files on any drive with a
file system it knows how to read but not having a drive letter is a
major help in protecting the backup files. Having a non-standard
partition type prevents typical disk tools from changing or formatting
the partition. I have suggested Acronis also offline the volume
(possible only if the backup location is on a different HDD than the OS
partition) for further protection. Disabling the device would be
helpful, too (which is just shy of going into the BIOS to disable the
local device).
Dex
Jun 7, 2015, 9:33:13 AM6/7/15
to
On 06/06/2015 18:28, VanguardLH wrote:
> Dex wrote:
>
>> EaseUS Todo Backup is changing the built in Windows firewall rules to
>> allow connections when the PC boots. TodoBackupService.exe, which runs
>> at start up is changing it, If I set the service to manual the program
>> wont run when I want it to.
>>
>> Is there any way to stop it manually changing the rules in Win7 64 bit?
>
> http://forum.easeus.com/viewtopic.php?f=14&t=36254&p=74838#p74838
>
> Although they make their firewall rule(s) a bit too general for my
> taste, their process is only making a local (loopback) connection
> (except, of course, for any update check). Since the local connect is
> not for malicious or nefarious purpose, just let it create the rules.
>
Suppose so, but the rules are not port 6864 and localhost specific, just
> Dex wrote:
>
>> EaseUS Todo Backup is changing the built in Windows firewall rules to
>> allow connections when the PC boots. TodoBackupService.exe, which runs
>> at start up is changing it, If I set the service to manual the program
>> wont run when I want it to.
>>
>> Is there any way to stop it manually changing the rules in Win7 64 bit?
>
> http://forum.easeus.com/viewtopic.php?f=14&t=36254&p=74838#p74838
>
> Although they make their firewall rule(s) a bit too general for my
> taste, their process is only making a local (loopback) connection
> (except, of course, for any update check). Since the local connect is
> not for malicious or nefarious purpose, just let it create the rules.
>
general allow inbound access. Not a happy bunny about programs doing
that. Might go back to Acronis myself if I notice unusual network activity.
Plus with EaseUS being Chinese and the US suffering a major data breach
from China... ;)
VanguardLH
Jun 7, 2015, 11:45:37 AM6/7/15
to
Dex wrote:
> Suppose so, but the rules are not port 6864 and localhost specific, just
> general allow inbound access. Not a happy bunny about programs doing
> that. Might go back to Acronis myself if I notice unusual network activity.
I said the rules are generic. They don't specify a port. It was Easeus
> Suppose so, but the rules are not port 6864 and localhost specific, just
> general allow inbound access. Not a happy bunny about programs doing
> that. Might go back to Acronis myself if I notice unusual network activity.
that claimed port 6864 on localhost was used by their *agent.exe*
process. I never did bother to check by, say, running wireshark to
ensure agent.exe was using that port and not targeting any other host.
You could edit the ports to make them port 6864 specific and can only
reach localhost as a test. I didn't figure they were lying to me.
> Plus with EaseUS being Chinese and the US suffering a major data breach
> from China... ;)
and Russia, and other countries. Lots of crap originates from the USA,
too. You have to know whether or not to trust the author, not their
home/origin country, especially since many companies are multinational.
Dex
Jun 8, 2015, 3:20:53 AM6/8/15
to
On 07/06/2015 16:45, VanguardLH wrote:
> Dex wrote:
>
>> Suppose so, but the rules are not port 6864 and localhost specific, just
>> general allow inbound access. Not a happy bunny about programs doing
>> that. Might go back to Acronis myself if I notice unusual network activity.
>
> I said the rules are generic. They don't specify a port. It was Easeus
> that claimed port 6864 on localhost was used by their *agent.exe*
> process. I never did bother to check by, say, running wireshark to
> ensure agent.exe was using that port and not targeting any other host.
>
I look using Cports and so far just port 6864 and 0.0.0.0
> Dex wrote:
>
>> Suppose so, but the rules are not port 6864 and localhost specific, just
>> general allow inbound access. Not a happy bunny about programs doing
>> that. Might go back to Acronis myself if I notice unusual network activity.
>
> I said the rules are generic. They don't specify a port. It was Easeus
> that claimed port 6864 on localhost was used by their *agent.exe*
> process. I never did bother to check by, say, running wireshark to
> ensure agent.exe was using that port and not targeting any other host.
>
> You could edit the ports to make them port 6864 specific and can only
> reach localhost as a test. I didn't figure they were lying to me.
>
firewall will follow? Whether its the order of creation, alphabetically
or if a rule blocks it all other rules for the same file are ignored?
>> Plus with EaseUS being Chinese and the US suffering a major data breach
>> from China... ;)
>
> You'll find lots of software comes from China, Romania, Bulgaria, India,
> and Russia, and other countries. Lots of crap originates from the USA,
> too. You have to know whether or not to trust the author, not their
> home/origin country, especially since many companies are multinational.
>
rules. They might set a rule during installation but never created or
altered it at boot up. IMO the act of a trojan.
Hope they're not setting a precedent for others to follow.
VanguardLH
Jun 8, 2015, 2:09:37 PM6/8/15
to
Dex wrote:
> If I do have conflicting rules do you know which one the built in
> firewall will follow? Whether its the order of creation, alphabetically
> or if a rule blocks it all other rules for the same file are ignored?
Last I heard, they are obeyed in the order listed.
> If I do have conflicting rules do you know which one the built in
> firewall will follow? Whether its the order of creation, alphabetically
> or if a rule blocks it all other rules for the same file are ignored?
> I cant recall any programs I've tried over the years altering firewall
> rules. They might set a rule during installation but never created or
> altered it at boot up. IMO the act of a trojan.
Windows firewall as 3rd party firewall products will usually prompt
about the additions) during their installation. That's because you have
to grant the installer administrative privileges to do the install.
Once you give a process admin privs, it can modify the registry. The
Windows firewall rules are in the registry.
After installation, you might want to review if there were any changes
in either the Windows firewall and also in Task Scheduler.
0 new messages