scottls59901 1 Posted October 26, 2014 Posted October 26, 2014 I am in Interactive FW Mode- After a reboot I got a popup asking if I wanted to allow something like puuninstall.exe (?), that was discovered two weeks ago. I foolishly said yes, and created a permanent rule (remember)!? Now I can't find the rule to find out the exact name of what I allowed, so I can research it!- -Where is it, and how do I delete the rule if it's malware? -VSS is Disabled, but does ESS have some kind of rollback...? -Any other recommendations? BTW- I think I'd be safer in Automatic Mode, and let ESS decide what actions to take!
SweX 871 Posted October 26, 2014 Posted October 26, 2014 (edited) Hello scottls59901, I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it. Yes it's important that one knows what to allow or deny while in interactive mode for security reasons. If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637 Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation. But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor. You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones... Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list. Edited October 26, 2014 by SweX
Administrators Marcos 5,452 Posted October 27, 2014 Administrators Posted October 27, 2014 As Swex wrote, if you cannot find the rule in the rule editor then the rule wasn't created.
Most Valued Members SCR 195 Posted October 27, 2014 Most Valued Members Posted October 27, 2014 There is a "puninstall.exe" that is related to paltalk if you have that program installed. hxxp://www.threatexpert.com/files/puninstall.exe.html
Solution scottls59901 1 Posted October 27, 2014 Author Solution Posted October 27, 2014 Hello scottls59901, I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it. Yes it's important that one knows what to allow or deny while in interactive mode for security reasons. If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637 Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation. But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor. You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones... Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list. Thank you for the info!- I found the Good rule iPuninstall.exe- It belongs to my recently updated LastPass password manager, so I'll leave it! I also ran all my on-demand AV scans, and they were clean. I'm back to Automatic mode, and let ESS make the decisions...!- Old True saying!- You can protect the computer from malware, but you can't protect it from the user!
SweX 871 Posted October 28, 2014 Posted October 28, 2014 Scottls59901, You're welcome. Alright, that sounds good to me.
Recommended Posts