Jump to content
An upgrade will take place on October 22, 2020 at 11:30 AM CEST (09:30 AM GMT). The Forum will not be accessible for a short period of time. ×

Xbox pass: Firewall asks constantly about new rule by a game


Recommended Posts

I have xbox pass with several games downloaded, as example: "Gears of war 5", and when I launch it, prompts constantly about create new rule (and save a lots identical rules)

The path is so strange, look a this: \\?\Volume{04150100-99d9-ae47-b1da-3f7d184a946d}\GearGame\Binaries\WinStore\Gears5.exe.

I am not sure why, maybe it's a protection or sandbox for the game, I don't know, but I think it is related with the asks.

p.jpeg?fv_content=true&size_mode=5

And I can't play the game because there is not connection :( (timeout I guess)

Thanks

Link to post
Share on other sites
  • Administrators

Obviously you have switched the firewall to interactive mode. By default, all outbound communication is allowed without asking.

If the path to the application changes, you can only create a rule for the remote IP address and remote port.

Link to post
Share on other sites

yes, I want to do in interactive mode.

The path doesn't change, it's the same but it is a "virtual path", so, I think eset is not prepared for this kind of path, does it make sense?

Screenshot_1.thumb.jpg.e81829e091849fcd56ae76deb79f1443.jpg
 

Link to post
Share on other sites

I have the same problem, very annoying to have to disable the firewall or set it to auto to play this.

Can we not just create a firewall rule for something like "*\Gears5.exe" ?

Thanks

Link to post
Share on other sites
1 hour ago, davidpitt said:

Can we not just create a firewall rule for something like "*\Gears5.exe" ?

This subject has come up many times in the past. The Eset firewall doesn't support wildcard notation for executables. If one insists on using Interactive mode, one will be getting an alert whenever the app .exe changes path name; real or virtual.

Link to post
Share on other sites
32 minutes ago, itman said:

This subject has come up many times in the past. The Eset firewall doesn't support wildcard notation for executables. If one insists on using Interactive mode, one will be getting an alert whenever the app .exe changes path name; real or virtual.

Yeap, but, in this case the virtual path does not change, it's the same, but the rule does not recognize I thing by it is a virtual one

Link to post
Share on other sites
28 minutes ago, Crystian said:

Yeap, but, in this case the virtual path does not change, it's the same, but the rule does not recognize I thing by it is a virtual one

To begin with, files the begin with "\\?\ are not virtual files. This is how Windows reference files locate in the C:\Windows\WinSxS directory. You can try specifying that path but it will still be an effort in futility since the file names for Win Store apps and the like are constantly changing.

And its not just Win Store apps that have constantly changing names. Win system apps including Windows Defender do likewise. One reason Eset included the specification in Network Protection to allow Win firewall inbound apps was to accommodate this activity. And many of the above apps do auto updating of the Win firewall to accommodate this. I have previously mentioned about Eset also using the Win firewall outbound rules likewise to accommodate this activity. It appears that this is something that the Eset firewall in its present Interactive mode isn't capable of handling.

 

 

Link to post
Share on other sites

This all sounds to me like ESET just needs to update their product to play nice with Windows Store or \\?\ paths??

Or to add the option of allowing wildcard paths for processes. We've migrated all of our business AV solutions from ESET to Sentinel One... that allows wildcard paths... just saying :)

Link to post
Share on other sites
5 hours ago, davidpitt said:

Or to add the option of allowing wildcard paths for processes. We've migrated all of our business AV solutions from ESET to Sentinel One... that allows wildcard paths... just saying

I would say "hell would freeze over" first before Eset ever adds full wildcard support to either the firewall or HIPS. It has been a feature requested for years by multiple Eset users and "panned" by Eset with statements like "it will most likely be added in an upcoming future release," etc..

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...