Jump to content

Allowed/created an IFFY permanent rule, and can't find it...!?

scottls59901
 Share
Go to solution Solved by scottls59901,

Recommended Posts

scottls59901

scottls59901 1

Posted
Posted

I am in Interactive FW Mode- After a reboot I got a popup asking if I wanted to allow something like puuninstall.exe (?), that was discovered two weeks ago.

I foolishly said yes, and created a permanent rule (remember)!?

 

Now I can't find the rule to find out the exact name of what I allowed, so I can research it!-

-Where is it, and how do I delete the rule if it's malware?

-VSS is Disabled, but does ESS have some kind of rollback...?

-Any other recommendations?

 

BTW- I think I'd be safer in Automatic Mode, and let ESS decide what actions to take!

Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Edited by SweX
Link to comment
Share on other sites
  • Solution
scottls59901

scottls59901 1

Posted
  • Author
  • Solution
Posted

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Thank you for the info!-

I found the Good rule iPuninstall.exe-  It belongs to my recently updated LastPass password manager, so I'll leave it!

I also ran all my on-demand AV scans, and they were clean.

 

I'm back to Automatic mode, and let ESS make the decisions...!-

Old True saying!- You can protect the computer from malware, but you can't protect it from the user!

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...