Jump to content

Recommended Posts

Eset internet security does a pretty good job when you install an update to a traditional Windows Desktop App i.e. in the same directory - it offers you a choice of keeping existing rules or not.

However it does a very bad job for more modern apps which reside in a different directory. In essence it doesn't recognise that this is an update for an existing app, and you have to set new rules every time. This is by far the biggest annoyance with Eset at the moment.

I would like to suggest - AS A MATTER OF HIGH PRIORITY - that Eset adds new functionality for this. So for example, if an App is stored in a directory e.g. "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20062.97.0_x64__8wekyb3d8bbwe\YourPhone.exe" and it is replaced with a more up to date version in e.g. "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe\YourPhone.exe" then when Eset finds the new app wants to access the internet it uses the following algorithm to determine whether it is an upgrade or not, and if it is then it offers the Keep Rules dialog as before:

Look in the directory hierarchy starting at the second level i.e. subdirectories of "C:\Program Files\WindowsApps" and search for matching executables as follows: 1) Directories match except for exactly one directory level; 2) Application names are the same e.g. YourPhone.exe; 3) Executable signature certificates are identical (and valid).

Many thanks.

Link to post
Share on other sites
  • Administrators

This has been already discussed here several times. If you create a firewall rule with an application specified, the rule will be applied only if the full path is matched.

Link to post
Share on other sites

Marcos - I did a search for "Keep Rules" before I posted this and didn't find anything else. But a better search has come up with a couple:

However, both of these only considered wildcard paths as a solution - which I can understand might create a risk of permissive rule hijacking - and neither of these proposed a workable solution. But they do illustrate that other users find this as annoying as I do.

What makes this post different is that it actually proposes an algorithm to allow Keep Rules for new-style Windows apps that is sufficiently secure as to prevent permissive rule hijacking - and I would hope that ESET will give this proper consideration.

Edited by Protopia
Minor tweak.
Link to post
Share on other sites
  • Administrators

We are aware of the problem with Windows applications and the changing path with each update. There is a plan to come with up a solution to this in long term. Also I can assure you that we value any constructive feedback or suggestion and it's discussed with product managers and developers.

Link to post
Share on other sites

As a tweak to the proposed algorithm, I would suggest that instead of searching within the directory tree 3 leaves below drive root, that instead ESET maintains a list of path prefixes within which the above algorithm would search e.g.:

C:\Program Files (x86)\Java\
C:\Program Files\Hyper-V\
C:\Program Files\Java\

C:\Program Files\WindowsApps\
C:\ProgramData\Microsoft\Windows Defender\Platform\
C:\Users\All Users\Microsoft\Windows Defender\Platform\
C:\Users\*\Appdata\Local

Link to post
Share on other sites

@Marcos Thank you for reassuring me. However, this has been an issue since Windows 8.1 was introduced with new-style apps, so it has been an issue for many years - so when you say "There is a plan to come with up a solution to this in long term" just how many more years does "long term" mean?

Link to post
Share on other sites
  • Administrators
3 minutes ago, Protopia said:

"There is a plan to come with up a solution to this in long term" just how many more years does "long term" mean?

Unfortunately I'm not a person who decides about priorities and features to work on so I can't promise any dates.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...