Jump to content

Allowed/created an IFFY permanent rule, and can't find it...!?


Go to solution Solved by scottls59901,

Recommended Posts

I am in Interactive FW Mode- After a reboot I got a popup asking if I wanted to allow something like puuninstall.exe (?), that was discovered two weeks ago.

I foolishly said yes, and created a permanent rule (remember)!?

 

Now I can't find the rule to find out the exact name of what I allowed, so I can research it!-

-Where is it, and how do I delete the rule if it's malware?

-VSS is Disabled, but does ESS have some kind of rollback...?

-Any other recommendations?

 

BTW- I think I'd be safer in Automatic Mode, and let ESS decide what actions to take!

Link to post
Share on other sites

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Edited by SweX
Link to post
Share on other sites
  • Solution

Hello scottls59901,

 

I tried to find some info on that .exe you mention, but didn't find any, I guess it's possible that this wasn't the exact name of it.

 

Yes it's important that one knows what to allow or deny while in interactive mode for security reasons.

 

If you would like to use automatic-mode from now on, then IMO the best would probably be to revert the firewall to the defaults and start over from zero again incase you have more allow rules for something that's not needed. 

 

This kb article will explain how to revert the personal firewall back to the default state and how to delete the rules.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3323&actp=search&viewlocale=en_US&searchid=1414363645637

Note: Complete the instructions from both sections to configure the ESET Personal firewall to behave like a new installation.

 

But if you just want to delete the firewall rule for that particular .exe then you will find it in the rules and zones editor.

You can browse there from the main gui, Setup -> click on Network -> Configure rules and zones...    

Then you have to locate it in the list of rules and delete it, if you indeed created a permanent rule for it otherwise it won't be in the list.

Thank you for the info!-

I found the Good rule iPuninstall.exe-  It belongs to my recently updated LastPass password manager, so I'll leave it!

I also ran all my on-demand AV scans, and they were clean.

 

I'm back to Automatic mode, and let ESS make the decisions...!-

Old True saying!- You can protect the computer from malware, but you can't protect it from the user!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...