9 replies to this topic

[login123]

Good firewall, not a serious complaint, more of an observation.

FYI

Feedback.exe phones out to 67.15.231.71, which is www.agnitum.com. If you block it, it tries about every 3 seconds. I think the data sent includes a considerable amount of information about your system, but would welcome a correction if I am wrong about that.

I don't like the idea, don't want to send data without knowing it. My computer, I'll decide, thank you very much.

I blocked it using a rule made by the firewall itself, and then by using the hosts file to redirect agnitum.com to 0.0.0.0. Both methods worked. Using the firewall rule is of course less restrictive, as redirecting agnitum.com prevents all access to the site. Everything still works OK whether you let feedback.exe connect or not.

There are quite a lot of data in the .zip file, most of which I don't recognize. Most of that is not included here, but some of the system data being sent:

TRGDDumpBlob
...
00011020: Phoenix Technologies, LTD
00011046: /2005
00011067: Compaq Presario 061
0001107B: EL427AA-ABA SR1711NX xxxxx
00011096: xxxxxxxxxxxx
000110AA:
000110C2: ASUSTek Computer INC.
000110D8: Amberine M
000110E8:
0001110A: 1111
00011137: Socket 939
00011146: AMD Athlon(
00011154: ) 64 X2 Dual Core Processor 4800+
0001119F: Socket 939
000111AE: AMD Athlon(
000111BC: ) 64 X2 Dual Core Processor 4800+
... etc

[Andavari]

You can simply block that feedback.exe file from even launching on your system using Local Security Policy by inputting a software restriction policy (if you have the right build of Windows). This is done via Administrative Tools, and you'd still be able to access Agnitum's site without blocking it.

How to do it (XP Pro instructions though), this works with any suspicious or annoying .EXE file:

1. Go Into:
   Control Panel ->
     Administrative Tools ->
       Local Security Policy ->
         Software Restriction Policies ->
           Additional Rules


2. Now right-click and select: New Path Rule


3. Choose the path of "Feedback.exe".

   Now set the security level to: Disallowed

   For file information copy and paste this in (example):
   Outpost Firewall Free

   For the description copy and paste this in (example):
   Blocks Outpost Firewall Free from phoning home to agnitum.com.


4. Done, now close the Local Security Policy editor.

[login123]

Thanks. Working on that right now.

edit: no luck yet, I have xp home, and local security policy is not an option in xp home admin tools. Doug Knox security console won't do it either. Easiest solution so far is to set a rule preventing feedback.exe from phoning out using either udp or tcp.

Thank you, though, for the help.

[Andavari]

login123, on Nov 13 2009, 05:09 AM, said:

I have xp home

Yeah that's why I wrote "if you have the right build of Windows."

[Tom AZ]

login123, on Nov 12 2009, 09:26 AM, said:

Feedback.exe phones out to 67.15.231.71, which is www.agnitum.com. If you block it, it tries about every 3 seconds. I think the data sent includes a considerable amount of information about your system, but would welcome a correction if I am wrong about that.

Isn't it possible just to block Outpost Feedback in your Startups?

I use Outpost Firewall Pro (not free) and there is an option in the general settings menu to either allow or not allow something called ImproveNet, which I'm sure is what Feedback.exe is all about. Supposedly, its anonymously sharing information about new applications and malware.

[login123]

Hi, Tom AZ. Good idea. Thank you.

Here is how the settings are configured right now. Down at the very bottom you can see in red the log entry which is made every 3 seconds by outpost.



and this is the individual setting for feedback.exe:



If you see something I can change to make it work, let me know. If I can't figure out how to do it with this free version, will try to shut off feedback.exe startup using autoruns.

edit: Autoruns wouldn't stop it. Gonna try editing the registry directly. May be a while before I get back on here.

[Tom AZ]

Hey,Login123 . . . I have ImproveNet unchecked in Settings and have disabled Outpost Feedback in Startup. As a result, I have nothing in my log files and Feedback.exe doesn't even show up in the Applications section of OP.

If Autoruns didn't work for you, here's a free app called Starter you could try. This is what I used and it worked for me. Actually, I've used this little program for several years. As I recall, Hazel (mod) might also use it.

[login123]

OK, thanks very much, will go get starter and try it out.

What do you mean when you say you have "disabled Outpost Feedback in Startup"? How do you do that? Is it something done in windows, or is it in the Outpost options, or what?

Another approach, it worked:
1. Right click on the outpost icon in the system tray, select the option to "disable self-protection".
2. Find feedback.exe and rename it feedback._xe
3. Re-enable self-protection
4. Restart and wallah, no more log entries every 3 seconds.

Everything seems to be working fine, no smoke, no loud grinding noises...

[Tom AZ]

Probably what you've done works just fine -- just more steps. All I did was use the "Starter" program, click on the Startups tab in that program and remove the check mark from the box of Outpost Feedback. That's it.

[login123]

Thanks for the help, I will download Starter now and try it.