Jump to content

Recommended Posts

Posted

I am in Interactive FW Mode- After a reboot I got a popup asking if I wanted to allow something like puuninstall.exe (?), that was discovered two weeks ago.

I foolishly said yes, and created a permanent rule (remember)!?

 

Now I can't find the rule to find out the exact name of what I allowed, so I can research it!-

-Where is it, and how do I delete the rule if it's malware?

-VSS is Disabled, but does ESS have some kind of rollback...?

-Any other recommendations?

 

BTW- I think I'd be safer in Automatic Mode, and let ESS decide what actions to take!

Posted (edited)

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Edited by SweX
  • Administrators
Posted

As Swex wrote, if you cannot find the rule in the rule editor then the rule wasn't created.

  • Solution
Posted

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Thank you for the info!-

I found the Good rule iPuninstall.exe-  It belongs to my recently updated LastPass password manager, so I'll leave it!

I also ran all my on-demand AV scans, and they were clean.

 

I'm back to Automatic mode, and let ESS make the decisions...!-

Old True saying!- You can protect the computer from malware, but you can't protect it from the user!

Posted

Scottls59901, You're welcome.

 

Alright, that sounds good to me.  :)

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...