Jump to content

Recommended Posts

  • Administrators

Built-in rules can be displayed after checking the appropriate box in the rule editor. For communications with no rule the user is asked about action to take.

Link to comment
Share on other sites

I am using interactive mode .

I see in built-in rules a lot of them about svchost.exe.

I thought the built in rules  would cover all svchost.exe requests.

Link to comment
Share on other sites

4 hours ago, MSE said:

I see in built-in rules a lot of them about svchost.exe.

I thought the built in rules  would cover all svchost.exe requests.

The default svchost.exe firewall rules cover the basic services used in internal and external network communication. These are; DNS, DHCP, NTP, SSDP and ICSLAP i.e. UPnP, RPC, RDP, Web Services Discovery, and PNRP. Also note that depending on IDS options selected, these default rules can change.

Additionally, the Eset firewall has an option to use Windows firewall inbound rules which some find useful especially in Win 10 since it includes default rules for Windows app processes.

The primary purpose of the Eset firewall, and any firewall for that matter, is to block unsolicited inbound communication. As far as providing default outbound app and system process rules not directly related to basic network connectivity, that is impractical to do since each PC software configuration is different. The recommended procedure for creating such rules is to enable the firewall's training mode. In this mode all inbound and outbound will be learned and corresponding rules created. After a few days, switch the firewall mode to interactive if you wish to monitor all outbound network traffic in the firewall. This learning procedure can be sped up by booting a few times, opening up all apps the require outbound network connections, running Win Updates, and related like activity.

Another option that can be used is to open the Win firewall and manually duplicate all outbound rules there in the Eset firewall. Note that the Win firewall only includes rules for Win apps and system processes. You will still have to manually create rules for browsers, PDF readers, etc..

Edited by itman
Link to comment
Share on other sites

7 hours ago, itman said:

The recommended procedure for creating such rules is to enable the firewall's training mode. In this mode all inbound and outbound will be learned and corresponding rules created. After a few days, switch the firewall mode to interactive if you wish to monitor all outbound network traffic in the firewall. This learning procedure can be sped up by booting a few times, opening up all apps the require outbound network connections, running Win Updates, and related like activity.

For this we have TinyWall, free, which works exactly the same. (enable the firewall's training mode....)

Link to comment
Share on other sites

23 minutes ago, MSE said:

For this we have TinyWall, free, which works exactly the same.

Not quite by a long stretch. It's a simple two-way firewall designed to be an add-on to the Win firewall. It has no IDS protection. It has been and is buggier than hell: https://www.wilderssecurity.com/threads/gave-up-on-tinywall.396865/ .

Edited by itman
Link to comment
Share on other sites

On 26/2/2018 at 6:50 PM, MSE said:

For this we have TinyWall, free, which works exactly the same. (enable the firewall's training mode....)

What about enabling training mode on the pc that is running Eset? You do have that option. Turn it on, set a time period, restart, do your things, go back to interactive, the rules should be there.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...