Uncontrolled firewall rules creation (EIS)

[jeepyebrilo 0]

Hello,

In automatic mode, the firewall creates a huge number of rules. This is because the rule is created for a specific version of each application. After the update, the version of the application changes and the previously existing rule is no longer valid. A duplicate of the rule is created. The rule table grows uncontrollably.

Of course, I can manually create the rules I need.. However, this is not something I would like to do all the time. In policy-based mode, if I create all the rules and do not edit them after updating the applications, I risk sooner or later left without the Internet In an interactive mode, daily adjustments of the rules turn into a test for my nerves.

Why are application rules defined as an absolute path to the executable file? Are there any plans to fix the firewall?

 

Edited December 16, 2020 by jeepyebrilo

[Marcos 5,074]

In automatic mode no rules are created. All outbound communication is allowed and all non-initiated inbound communication is blocked.

In interactive mode you are prompted for an action if a communication with no rule is attempted. From the interactive window you can select to create a rule for future communication. If you include the path to the application as one of the rule parameters, the rule will be valid for the application at the given path. If it's an application with the folder name changing with each update, the rule will not be valid next time and you will be asked about the communication again. There is no way to prevent it as long as a rule is bound to an application.

Rules are created automatically only in learning mode.

In the policy-based mode, existing rules are evaluated and communication which is not allowed by the rules is blocked.

I would recommend using automatic mode without any custom rules (at least not for application where the path changes).