novice 20 Posted February 26, 2018 Share Posted February 26, 2018 I am being asked to create some firewall rules for svchost.exe. I thought this are built-in rules. Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 201 Posted February 26, 2018 Most Valued Members Share Posted February 26, 2018 Not if you are using interactive mode , are you using that ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted February 26, 2018 Administrators Share Posted February 26, 2018 Built-in rules can be displayed after checking the appropriate box in the rule editor. For communications with no rule the user is asked about action to take. Link to comment Share on other sites More sharing options...
novice 20 Posted February 26, 2018 Author Share Posted February 26, 2018 I am using interactive mode . I see in built-in rules a lot of them about svchost.exe. I thought the built in rules would cover all svchost.exe requests. Link to comment Share on other sites More sharing options...
itman 1,789 Posted February 26, 2018 Share Posted February 26, 2018 (edited) 4 hours ago, MSE said: I see in built-in rules a lot of them about svchost.exe. I thought the built in rules would cover all svchost.exe requests. The default svchost.exe firewall rules cover the basic services used in internal and external network communication. These are; DNS, DHCP, NTP, SSDP and ICSLAP i.e. UPnP, RPC, RDP, Web Services Discovery, and PNRP. Also note that depending on IDS options selected, these default rules can change. Additionally, the Eset firewall has an option to use Windows firewall inbound rules which some find useful especially in Win 10 since it includes default rules for Windows app processes. The primary purpose of the Eset firewall, and any firewall for that matter, is to block unsolicited inbound communication. As far as providing default outbound app and system process rules not directly related to basic network connectivity, that is impractical to do since each PC software configuration is different. The recommended procedure for creating such rules is to enable the firewall's training mode. In this mode all inbound and outbound will be learned and corresponding rules created. After a few days, switch the firewall mode to interactive if you wish to monitor all outbound network traffic in the firewall. This learning procedure can be sped up by booting a few times, opening up all apps the require outbound network connections, running Win Updates, and related like activity. Another option that can be used is to open the Win firewall and manually duplicate all outbound rules there in the Eset firewall. Note that the Win firewall only includes rules for Win apps and system processes. You will still have to manually create rules for browsers, PDF readers, etc.. Edited February 26, 2018 by itman Link to comment Share on other sites More sharing options...
novice 20 Posted February 26, 2018 Author Share Posted February 26, 2018 7 hours ago, itman said: The recommended procedure for creating such rules is to enable the firewall's training mode. In this mode all inbound and outbound will be learned and corresponding rules created. After a few days, switch the firewall mode to interactive if you wish to monitor all outbound network traffic in the firewall. This learning procedure can be sped up by booting a few times, opening up all apps the require outbound network connections, running Win Updates, and related like activity. For this we have TinyWall, free, which works exactly the same. (enable the firewall's training mode....) Link to comment Share on other sites More sharing options...
itman 1,789 Posted February 26, 2018 Share Posted February 26, 2018 (edited) 23 minutes ago, MSE said: For this we have TinyWall, free, which works exactly the same. Not quite by a long stretch. It's a simple two-way firewall designed to be an add-on to the Win firewall. It has no IDS protection. It has been and is buggier than hell: https://www.wilderssecurity.com/threads/gave-up-on-tinywall.396865/ . Edited February 26, 2018 by itman Link to comment Share on other sites More sharing options...
MasterTB 8 Posted February 28, 2018 Share Posted February 28, 2018 On 26/2/2018 at 6:50 PM, MSE said: For this we have TinyWall, free, which works exactly the same. (enable the firewall's training mode....) What about enabling training mode on the pc that is running Eset? You do have that option. Turn it on, set a time period, restart, do your things, go back to interactive, the rules should be there. Link to comment Share on other sites More sharing options...
Recommended Posts