camelia 6 Posted October 31, 2020 Share Posted October 31, 2020 Hello, I have a lot of duplicated rules, can I deleted them and keep the latest rules created Or is better do nothing with them? I will love to delete the dups, but I am not going to move a finger before I have an advice for the experts here in this forum. Thanks Camelia For example I have 6 rules of WinStore.App.exe WinStore.App.exe WinStore.App.exe(2) WinStore.App.exe(3) WinStore.App.exe(4) WinStore.App.exe(5) WinStore.App.exe(6) Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted October 31, 2020 Most Valued Members Share Posted October 31, 2020 1 hour ago, camelia said: Hello, I have a lot of duplicated rules, can I deleted them and keep the latest rules created Or is better do nothing with them? I will love to delete the dups, but I am not going to move a finger before I have an advice for the experts here in this forum. Thanks Camelia For example I have 6 rules of WinStore.App.exe WinStore.App.exe WinStore.App.exe(2) WinStore.App.exe(3) WinStore.App.exe(4) WinStore.App.exe(5) WinStore.App.exe(6) I belive you can delete them but don't think leaving them will cause any issues such as space etc. As you can see from the folder path each location has a slightly different version name. The problem with Windows Store apps is their folder location and I believe exe. name changes with each version number. For example is the folder name was app 1.0 the new folder might be app 1.5 and so on. As the location and so on change eset treats it like a new app and a new rule gets made. camelia 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted October 31, 2020 Administrators Share Posted October 31, 2020 Correct. The rules are not duplicate since the path to the application is different. camelia 1 Link to comment Share on other sites More sharing options...
camelia 6 Posted November 1, 2020 Author Share Posted November 1, 2020 On 10/31/2020 at 3:03 AM, Marcos said: Correct. The rules are not duplicate since the path to the application is different. Are this services duplicates? Five rules of DoSvc, all same path: C:\Windows\System32\svchost.exe Allow communication for svchost.exe/DoSvc Allow communication for svchost.exe/DoSvc (1) Allow communication for svchost.exe/DoSvc (2) Allow communication for svchost.exe/DoSvc (3) Allow communication for svchost.exe/DoSvc (4) Allow communication for svchost.exe/DoSvc (5) Thanks Camelia Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted November 1, 2020 Administrators Share Posted November 1, 2020 Unfortunately without seeing all parameters of particular rules it's not possible to tell if they are identical or not. Please provide logs collected with ESET Log Collector. camelia 1 Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 1, 2020 Share Posted November 1, 2020 (edited) 4 hours ago, camelia said: Are this services duplicates? Five rules of DoSvc, all same path: C:\Windows\System32\svchost.exe First, monitoring Win 10 individual services via Eset firewall is somewhat an effort in futility. Eset attempted that a while back in a prior release and quickly abandoned it. Hence, why all Eset default firewall rules for svchost.exe are not service specific. Why? Because there are many hidden services used by Windows that are not specifically listed or controllable via Control Panel -> Admin Tools -> Services. In regards to DoSvc, it is Win 10's Delivery Optimization service used to speed up downloading of Win Updates primarily but also used for other Microsoft apps. If Win 10 is not restricted in some form on how updating is performed, you can end up with what is described here: https://social.technet.microsoft.com/Forums/windows/en-US/b94d8e74-58de-451a-b137-7ec2028adc27/delivery-optimization-service-downloading-something-and-using-all-my-bandwidth . Win 10 introduced runtimebroker.exe via BITS processing that allows one service to spawn multiple instances of another service/process. This is in effect what your Eset firewall rule set shows in regards to DoSvc service. Also what service is actually started in regards to DoSvc is C:\WINDOWS\System32\svchost.exe -k NetworkService -p. My advice - quit globally monitoring individual service outbound network traffic via Eset firewall. Edited November 1, 2020 by itman camelia 1 Link to comment Share on other sites More sharing options...
camelia 6 Posted November 4, 2020 Author Share Posted November 4, 2020 On 11/1/2020 at 6:11 AM, Marcos said: Unfortunately without seeing all parameters of particular rules it's not possible to tell if they are identical or not. Please provide logs collected with ESET Log Collector. 😱😱😱😱 Warning Presents! (All > Original binary from disk) Camelia eis_logs.zip Link to comment Share on other sites More sharing options...
Recommended Posts