Jump to content

Wildcards in firewall exceptions


Michelle911

Recommended Posts

Is it possible to use a wildcard in the target for the program in endpoint security firewall exceptions? I have endpoint security 5.0.2225.0 on windows 7 pro x64 and my firewall set as interactive. I use chrome remote desktop to connect to my system from home. Every time chrome updates I have to re-allow the remote host in the firewall. I'm wondering if there's a way to use a wildcard eption so that it doesn't have to be allowed every time there is an update to chrome.

Link to post
Share on other sites

I have these in application modification detection: "c:\program files (x86)\google\chrome\application\chrome.exe" and "c:\program files (x86)\google\chrome remote desktop".  The problem is the version number holds the "remoting_host.exe" file that is needed for remote connection. So it becomes, "c:\program files (x86)\google\chrome remote desktop\35.0.1916.52\remoting_host.exe" (or whatever version it is). So it doesn't work that way unfortunately, unless I'm missing something. 

Link to post
Share on other sites
I have these in application modification detection: "c:\program files (x86)\google\chrome\application\chrome.exe" and "c:\program files (x86)\google\chrome remote desktop"

 

Well you cant add directories for application modification detection, so your second option isn't possible.

In the list of applications excluded from checking, you will need to add the "remoting_host.exe"

 

No matter if it gets moved to a different directory, the exe will still be located in the modification checking, so if things change, eset will ignore the changes and continue to allow the programs activity.

 

If i am wrong in this being a solution, Google might be giving you an EXE with a totally different signature and hash for the "remoting_host.exe" .

This will really create an issue with excluding full time.

 

You can add directories to be excluded from disk level with wild cards *.*, and memory level protection for the antivirus and antispyware, but for network level traffic, ESET may always ask you what you are doing for the interactive mode on new connections with new applications every time by design.

 

 

Are you able to verify the network addresses being used back and forth with your remote connections ? You may be able to add a subnet as trusted or similar so regardless of the application, it is allowed.

 

I may not have been much help, i would continue to wait for a suggestion from staff on your dilemma.  :)

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...