Michelle911 0 Posted April 20, 2014 Share Posted April 20, 2014 Is it possible to use a wildcard in the target for the program in endpoint security firewall exceptions? I have endpoint security 5.0.2225.0 on windows 7 pro x64 and my firewall set as interactive. I use chrome remote desktop to connect to my system from home. Every time chrome updates I have to re-allow the remote host in the firewall. I'm wondering if there's a way to use a wildcard eption so that it doesn't have to be allowed every time there is an update to chrome. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 20, 2014 Share Posted April 20, 2014 Application modification detection for chrome should be excluded. Might solve your issue. Link to comment Share on other sites More sharing options...
Michelle911 0 Posted April 20, 2014 Author Share Posted April 20, 2014 I have these in application modification detection: "c:\program files (x86)\google\chrome\application\chrome.exe" and "c:\program files (x86)\google\chrome remote desktop". The problem is the version number holds the "remoting_host.exe" file that is needed for remote connection. So it becomes, "c:\program files (x86)\google\chrome remote desktop\35.0.1916.52\remoting_host.exe" (or whatever version it is). So it doesn't work that way unfortunately, unless I'm missing something. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 21, 2014 Share Posted April 21, 2014 (edited) I have these in application modification detection: "c:\program files (x86)\google\chrome\application\chrome.exe" and "c:\program files (x86)\google\chrome remote desktop" Well you cant add directories for application modification detection, so your second option isn't possible. In the list of applications excluded from checking, you will need to add the "remoting_host.exe" No matter if it gets moved to a different directory, the exe will still be located in the modification checking, so if things change, eset will ignore the changes and continue to allow the programs activity. If i am wrong in this being a solution, Google might be giving you an EXE with a totally different signature and hash for the "remoting_host.exe" . This will really create an issue with excluding full time. You can add directories to be excluded from disk level with wild cards *.*, and memory level protection for the antivirus and antispyware, but for network level traffic, ESET may always ask you what you are doing for the interactive mode on new connections with new applications every time by design. Are you able to verify the network addresses being used back and forth with your remote connections ? You may be able to add a subnet as trusted or similar so regardless of the application, it is allowed. I may not have been much help, i would continue to wait for a suggestion from staff on your dilemma. Edited April 21, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Recommended Posts