How can our signed installer add firewall rules or whitelist our app?

[SandyEggoScott 0]

Our Windows desktop app installer adds exception rules for our app to Windows Defender Firewall, but many of our users have third-party security software installed, and lots of them show up on our support channel after trying to use our app and getting frustrated at their inability to connect.

Even though we warn them about third-party firewalls, many of them don't know how to whitelist a program, and we have to ask which product they have and then walk them through the process.

Does ESET offer some means for a signed installer (or app running with elevated privileges) to programmatically add firewall exception rules like we already do for Windows Defender Firewall?

[Marcos 5,072]

In default automatic mode, all outgoing communication is allowed and all non-initiated incoming communication is blocked. To allow incoming communication, a rule must be created (e.g. manually, via the firewall troubleshooting wizard, interactive or learning mode). Unlike Windows firewall, we do not allow to create rules programmatically (which is often misused by malware that enables its own communication through the Windows firewall by the way).

[SandyEggoScott 0]

Thanks for the quick reply.
 

Quote

To allow incoming communication, a rule must be created (e.g. manually, via the firewall troubleshooting wizard, interactive or learning mode).

Q1: Beyond our providing step-by-step instructions, is there anything we can do to make this easier for the user? (e.g. a script?)
 

Quote

we do not allow to create rules programmatically (which is often misused by malware that enables its own communication through the Windows firewall by the way).

Understandable. I was hoping that a signed installer or elevated process might have some API access...

Q2: What can we do (programmatically) to detect that ESET is active (vs. just being installed)? On first installation of our software, we can advise the user to take action, but we don't want to give them ESET instructions if ESET isn't the active firewall.

[itman 1,659]

59 minutes ago, SandyEggoScott said:

Q1: Beyond our providing step-by-step instructions, is there anything we can do to make this easier for the user?

There appears to be a misunderstanding on how the Eset firewall works.

By default, the Eset firewall will allow all existing Win 10 inbound firewall rules unless an existing firewall rule exists that blocks this network traffic. Since your app installer creates these Win 10 inbound rules, there should be no issue in regards to the Eset firewall.

The only issues that could arise is:

1. The Eset user for some reason disabled the above default option.

2. The Eset user is running the firewall in non-default Interactive or Policy mode. If this was the case, he should have enough Eset knowledge to add this app inbound network traffic to his existing rules as it presents.

Edited December 27, 2021 by itman

[SandyEggoScott 0]

> Since your app installer creates these Win 10 inbound rules, there should be no issue in regards to the Eset firewall.

Thank you itman. That's good to know. In that case, we may not have to do anything. 🙂