Jump to content
JitzyJT

Deny Internet access for running process

Recommended Posts

Posted (edited)

Hello ESET,

 

I would like to know how to deny internet access for a particular running process using eset firewall. 

I also would like to know how to deny internet access for a particular Microsoft Store app. The path leading to "C:\Program Files\WindowsApps" doesn't give permission to manually add them.

Instead is it possible for firewall to block it from the running process?

 

For example below is a screenshot of a store app running in the memory "Disney Magic Kingdoms" and the process name is "_dk_entrypoint_precompiled.exe". Now I can't block it the traditional way since the user have no access to the folder ("C:\Program Files\WindowsApps\DisneyMagicKingdoms") by default.

So I want to know if I can block that process running in memory using eset firewall?

SNAG-0005.thumb.png.4a88b40f0f056d0e5caba1b1f1e6a201.png



Windows default firewall could do it.

Edited by JitzyJT

Share this post


Link to post
Share on other sites

Via the network connections panel you can temporarily block communication for a process:

image.png
 

Quote

Now I can't block it the traditional way since the user have no access to the folder ("C:\Program Files\WindowsApps\DisneyMagicKingdoms") by default.

I don't understand. Only users with administrator rights can create rules. And such users have access to folders in Program files.

Share this post


Link to post
Share on other sites
45 minutes ago, Marcos said:

Via the network connections panel you can temporarily block communication for a process:

image.png

Is that the only way to block internet connection for running processes?

Because when that process starts again it can access internet unless I do what you mentioned. I want to know if I can deny internet access for a process permanently.

 

 

49 minutes ago, Marcos said:

I don't understand. Only users with administrator rights can create rules. And such users have access to folders in Program files.

I'm the admin of my Windows account and I have admin rights and I can access any folders inside "Program Files" except for "Windows Apps" folder.

SNAG-0006.png.8d264d0e5a4b6cba9bb4d7f23baea375.pngSNAG-0007.png.ab243cc5bddbe1a4e7a32492345daa01.png

 

 

Share this post


Link to post
Share on other sites
3 minutes ago, JitzyJT said:

Is that the only way to block internet connection for running processes?

Because when that process starts again it can access internet unless I do what you mentioned. I want to know if I can deny internet access for a process permanently.

 

 

I'm the admin of my Windows account and I have admin rights and I can access any folders inside "Program Files" except for "Windows Apps" folder.

SNAG-0006.png.8d264d0e5a4b6cba9bb4d7f23baea375.pngSNAG-0007.png.ab243cc5bddbe1a4e7a32492345daa01.png

 

 

Do you use the apps? If not rather than just blocking it does it not let you uninstall them?

You can block most normal apps but I believe Windows store apps are different although I could be wrong. Part of the problem is they sometimes create new folders for each version.

It also looks like a permission issue stopping you from accessing the folder but unsure why. Does the security tab link in the message do anything?

Share this post


Link to post
Share on other sites

You can create a blocking firewall rule for specific applications. As for WindowsApps, not sure what's special about it since I can't get there either from explorer after elevating rights via UAC but can get there through a file manager after elevation.

Share this post


Link to post
Share on other sites
Posted (edited)
12 minutes ago, peteyt said:

Do you use the apps? If not rather than just blocking it does it not let you uninstall them?

Thank you @peteyt

Yes I do use uwp apps and yes it will let me uninstall them. I use normal Windows "Apps & Features" setting to uninstall most of the apps. Some Windows own apps cannot be uninstalled like that. For that I use powershell commands. It's not a problem though.
 

 

12 minutes ago, peteyt said:

It also looks like a permission issue stopping you from accessing the folder but unsure why. Does the security tab link in the message do anything?

It's indeed a permission issue. I can access the folder through another app called Minitool Partition Wizard. But I get the "Access Denied" popup if I try to open the folder directly by going through my C drive or browse it through ESET.
 

SNAG-0009.thumb.png.c6e1539b166cd3f91dd51412941d2aea.pngSNAG-0010.png.4d403824e6a007b11e65c4b931b8bbb9.png

Edited by JitzyJT

Share this post


Link to post
Share on other sites
3 minutes ago, JitzyJT said:

Thank you @peteyt

Yes I do use uwp apps and yes it will let me uninstall them. I use normal Windows "Apps & Features" setting to uninstall most of the apps. Some Windows own apps cannot be uninstalled like that. For that I use powershell commands. It's not a problem though.
 

 

It's indeed a permission issue. I can access the folder through another app called Minitool Partition Wizard. But I get the "Access Denied" popup if I try to open the folder directly by going through my C drive or browse it through ESET.
 

SNAG-0009.thumb.png.c6e1539b166cd3f91dd51412941d2aea.pngSNAG-0010.png.4d403824e6a007b11e65c4b931b8bbb9.png

Found this not sure if its any good but apparently has methods https://www.maketecheasier.com/access-windowsapps-folder-windows-10/

Share this post


Link to post
Share on other sites
7 minutes ago, Marcos said:

You can create a blocking firewall rule for specific applications. As for WindowsApps, not sure what's special about it since I can't get there either from explorer after elevating rights via UAC but can get there through a file manager after elevation.

Exactly @Marcos

If i use a file manager or some space explorer apps I can access the folder and it's contents but not possible through explorer or from ESET.

That's why I asked about denying access through the running process tab. But I need a permanent way to deny access for it

Share this post


Link to post
Share on other sites

As a workaround you could temporarily switch to interactive mode, run the desired Windows app, create a blocking rule and then switch back to automatic mode. However, creating rules for Windows apps is not recommended since the folder name changes with each update of the app and therefore you'd have to create a new rule each time an app updates.

Share this post


Link to post
Share on other sites
Posted (edited)

Before ESET I have used Bitdefender, Kaspersky and Comodo. None of these apps could access the folder through explorer just like eset.

BUT all these security solutions had an option to  deny internet access "permanently" for a running process through their firewall module. 

I'm wondering if eset could do it as well. The workaround through network connections is only temporary

Edited by JitzyJT

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

As a workaround you could temporarily switch to interactive mode, run the desired Windows app, create a blocking rule and then switch back to automatic mode. However, creating rules for Windows apps is not recommended since the folder name changes with each update of the app and therefore you'd have to create a new rule each time an app updates.

Thank you @Marcos

I'll try that. I do know after each update the apps folder name changes and I have to do it again. 

Share this post


Link to post
Share on other sites
Just now, JitzyJT said:

Thank you @Marcos

I'll try that. I do know after each update the apps folder name changes and I have to do it again. 

Id also check that link above which might allow you to get proper access to the folder.

There's even a quick fix download but I'd use that one at your own risk

Share this post


Link to post
Share on other sites
6 minutes ago, peteyt said:

Id also check that link above which might allow you to get proper access to the folder.

There's even a quick fix download but I'd use that one at your own risk

I'll check it out. 

Thanks @peteyt

Share this post


Link to post
Share on other sites
24 minutes ago, peteyt said:

Found this not sure if its any good but apparently has methods https://www.maketecheasier.com/access-windowsapps-folder-windows-10/

Thank you @peteyt

I followed the "Manual" instructions in that page and took ownership of the folder and it's contents.

Now I can access it through ESET firewall to create rules.Don't even have to change to interactive mode in the firewall module.

SNAG-0011.png.88d294fe2cd8e7cfbd2948bf31b84d46.pngSNAG-0012.png.01664e17ca9982e92dfa6026a57262d1.png

 

It works!!!

Now I want to know if there is any security concern for taking ownership of the "Windows Apps" folder andit's contents since Windows didn't want to allow access by default.

Share this post


Link to post
Share on other sites

But I would really appreciate if ESET have a feature in their firewall module to deny access to running processes on user demand "permanently"

Share this post


Link to post
Share on other sites
3 hours ago, JitzyJT said:

Thank you @peteyt

I followed the "Manual" instructions in that page and took ownership of the folder and it's contents.

Now I can access it through ESET firewall to create rules.Don't even have to change to interactive mode in the firewall module.

SNAG-0011.png.88d294fe2cd8e7cfbd2948bf31b84d46.pngSNAG-0012.png.01664e17ca9982e92dfa6026a57262d1.png

 

It works!!!

Now I want to know if there is any security concern for taking ownership of the "Windows Apps" folder andit's contents since Windows didn't want to allow access by default.

Can't help you with that one sorry. A bit weird that it would be blocked. Could just be extra security 

The only thing is if the folder changes it may need re blocked as some apps have the version numbers as the folder e.g. app version 1.1 so when the version gets updated its now in folder 1.2 and eset was set to block or allow 1.1 

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, JitzyJT said:

Now I want to know if there is any security concern for taking ownership of the "Windows Apps" folder andit's contents since Windows didn't want to allow access by default.

The problem here initially is the Eset GUI was being denied access to the Windows Apps folder when you tried to select a file in that folder.

The solution to this and like access situations is to first copy/create the full path name to the desired .exe and paste it into the Eset firewall rule. This eliminates the Eset GUI permissions issue since the GUI is not trying to physically access the folder.

Make sure you reset Windows Apps folder back to its original default permissions.

Edited by itman

Share this post


Link to post
Share on other sites
42 minutes ago, itman said:

The problem here initially is the Eset GUI was being denied access to the Windows Apps folder when you tried to select a file in that folder.

The solution to this and like access situations is to first copy/create the full path name to the desired .exe and paste it into the Eset firewall rule. This eliminates the Eset GUI permissions issue since the GUI is not trying to physically access the folder.

Make sure you reset Windows Apps folder back to its original default permissions.

Thank you @itman for all your valuable inputs you share in this forum.

I did exactly what you mentioned and reverted everything back to default and the rule still works until the app gets updated. But now I know I can access the folder using a file manager and then copy the path name and then paste it on the Eset firewall module "Rules" tab.


SNAG-0013.png.b4d4f9652a64b7c164658eaeaa046be0.png

Thanks for telling me that. I wonder why I didn't think about that in the first place!!!!

Now I don't have to change the permissions of Windows Apps folder every time the desired uwp app gets updated. 

 

@Marcos You can close this thread as I have the solution now. 

 

 

Share this post


Link to post
Share on other sites
9 hours ago, itman said:

The problem here initially is the Eset GUI was being denied access to the Windows Apps folder when you tried to select a file in that folder.

The solution to this and like access situations is to first copy/create the full path name to the desired .exe and paste it into the Eset firewall rule. This eliminates the Eset GUI permissions issue since the GUI is not trying to physically access the folder.

Make sure you reset Windows Apps folder back to its original default permissions.

What are the actual risks of changing the permissions and the reason it isn't accessible?

I mean I could understand if the system folder was like this by default for safety but the windows app folder is confusing considering the main windows program folder is accessible 

Share this post


Link to post
Share on other sites
12 hours ago, peteyt said:

What are the actual risks of changing the permissions and the reason it isn't accessible?

Quote

Windowsapps folder is where all the Modern apps data is stored. If you install any apps from the Windows Store is also stored in the same location. This folder is not provided full permissions so that if anything wrong happens by mistake, you might face issues with the modern apps.

https://answers.microsoft.com/en-us/windows/forum/windows_rt-files/what-is-cprogram-fileswindows-apps-hidden-folder/783b5a18-c44d-46f7-b638-e98054b7c2a8

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

It's very generic though. I mean why not block access to the main windows program folder in that case in case anything goes wrong or am I missing something 

Share this post


Link to post
Share on other sites
4 hours ago, peteyt said:

I mean why not block access to the main windows program folder in that case in case anything goes wrong or am I missing something 

You really have to ask Microsoft "the rhyme an reasoning" behind this. My best guess is to make it difficult for malware to drop a bogus Store app there.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...