FeMaster
-
Posts
31 -
Joined
-
Last visited
Posts posted by FeMaster
-
-
On 9/2/2017 at 4:20 PM, itman said:
The Eset default firewall setting is "Automatic" which allows all outbound traffic unless you specifically created an outbound ask/block rule.
Call me strange, but I like the interaction of knowing when new things want to reach out, so Automatic is not desirable setting for me. I'm going to try one last ditch effort to create broad rules, when prompted by the pop ups, to just allow access out to the specific email server IPs on the requested ports for ANY application. This is really not what I wanted to do, as it leaves the door open for anything to reach out to those email servers, but if it stops the annoyance, I guess I will have to live with it.
Thanks everyone.
-
11 hours ago, Marcos said:
Wildcards are not supported in firewall rules. Otherwise one could create a rule for svchost.exe for instance but since this is also a typical file name used by malware the rule would also be applied to both malicious and innocuous svchost.exe.
While I completely understand the reasoning behind the inability to do this, there has got to be something that can be done about problem files like this. Can outbound traffic filtering be turned off and only filter inbound? Ideally I'd prefer keep both inbound and outbound, but the nagging has really started to rub me the wrong way. I'd really prefer not change the mode from interactive either.
-
Eset Smart Security Version 10.1.219.0, Firewall set to Interactive Mode.
I have been having an ongoing problem (for months now, even back on version 9.xx) with firewall rule creation involving only one specific file, HxTsr.exe (Microsoft Outlook Communications). I've created probably close to 50 rules to allow this file outbound access to the various email websites run my Microsoft (office365.com. hotmail.com. outlook.com, etc.) but a few days later it's popping up again asking for permission to allow outbound traffic.
I've determined that the problem lies with the files' path. It seems that the file gets updated very frequently, and each time it gets updated, it's path changes relative to it's current version number. For example, the current path to the file as I write this is: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\HxTsr.exe
The problem is, I can create rules till my fingers bleed, but every time the file is updated, the relative path changes and negates all previous rules I've created.
I need a solution to this dilemma so that I am not constantly nagged every couple days to re-create firewall rules for this file, and then having to remember to go back into the rules and delete all the old ones that are no longer valid. Is there a way to create a rule for a specific file name, no matter what it's relative path may be, or perhaps a way to just ignore the file name all together?
Thanks for any incite into this!
Microsoft Outlook Communications (HxTsr.exe) Firewall Rules
in ESET Internet Security & ESET Smart Security Premium & ESET Security Ultimate
Posted
Like I said before though, it's not the actual email client (which happens to be Outlook 2013) that is the problem, it's the other file from Microsoft (HxTsr.exe) that is causing all the havoc. Creating rules for this specific file is fruitless as the file path constantly changes, based on the file version, which seems to be updated every few days. Any rule created for the file is made worthless every time the path to it changes, hence my original request.
The file also doesn't look for access to the email servers on typical email ports, it only goes out on remote ports 80 and 443. It most commonly connects to outlook.office365.com, but occasionally to autodiscover.hotmail.com, and one other that slips my mind right now. Not sure what it's looking for or doing on those servers, but it's not retrieving email, that's for sure.