Updated programs - Keep Rules

[Protopia 1]

Eset internet security does a pretty good job when you install an update to a traditional Windows Desktop App i.e. in the same directory - it offers you a choice of keeping existing rules or not.

However it does a very bad job for more modern apps which reside in a different directory. In essence it doesn't recognise that this is an update for an existing app, and you have to set new rules every time. This is by far the biggest annoyance with Eset at the moment.

I would like to suggest - AS A MATTER OF HIGH PRIORITY - that Eset adds new functionality for this. So for example, if an App is stored in a directory e.g. "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20062.97.0_x64__8wekyb3d8bbwe\YourPhone.exe" and it is replaced with a more up to date version in e.g. "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe\YourPhone.exe" then when Eset finds the new app wants to access the internet it uses the following algorithm to determine whether it is an upgrade or not, and if it is then it offers the Keep Rules dialog as before:

Look in the directory hierarchy starting at the second level i.e. subdirectories of "C:\Program Files\WindowsApps" and search for matching executables as follows: 1) Directories match except for exactly one directory level; 2) Application names are the same e.g. YourPhone.exe; 3) Executable signature certificates are identical (and valid).

Many thanks.

[Marcos 5,074]

This has been already discussed here several times. If you create a firewall rule with an application specified, the rule will be applied only if the full path is matched.

[Protopia 1]

Marcos - I did a search for "Keep Rules" before I posted this and didn't find anything else. But a better search has come up with a couple:

However, both of these only considered wildcard paths as a solution - which I can understand might create a risk of permissive rule hijacking - and neither of these proposed a workable solution. But they do illustrate that other users find this as annoying as I do.

What makes this post different is that it actually proposes an algorithm to allow Keep Rules for new-style Windows apps that is sufficiently secure as to prevent permissive rule hijacking - and I would hope that ESET will give this proper consideration.

Edited November 22, 2020 by Protopia
Minor tweak.

[Marcos 5,074]

We are aware of the problem with Windows applications and the changing path with each update. There is a plan to come with up a solution to this in long term. Also I can assure you that we value any constructive feedback or suggestion and it's discussed with product managers and developers.

[Protopia 1]

As a tweak to the proposed algorithm, I would suggest that instead of searching within the directory tree 3 leaves below drive root, that instead ESET maintains a list of path prefixes within which the above algorithm would search e.g.:

C:\Program Files (x86)\Java\
C:\Program Files\Hyper-V\
C:\Program Files\Java\
C:\Program Files\WindowsApps\
C:\ProgramData\Microsoft\Windows Defender\Platform\
C:\Users\All Users\Microsoft\Windows Defender\Platform\
C:\Users\*\Appdata\Local

[Protopia 1]

@Marcos Thank you for reassuring me. However, this has been an issue since Windows 8.1 was introduced with new-style apps, so it has been an issue for many years - so when you say "There is a plan to come with up a solution to this in long term" just how many more years does "long term" mean?

[Marcos 5,074]

3 minutes ago, Protopia said:

"There is a plan to come with up a solution to this in long term" just how many more years does "long term" mean?

Unfortunately I'm not a person who decides about priorities and features to work on so I can't promise any dates.