Werderforever 0 Posted October 28, 2015 Posted October 28, 2015 Hello, when I use Firewall Automatic Mode together with enabled detection of application modifications, do I get information about modified applications? Or does this only work with interactive mode firewall? I use V9. Many thanks! Thomas
Administrators Marcos 5,409 Posted October 28, 2015 Administrators Posted October 28, 2015 You will be asked for an action even if you don't use interactive mode.
Werderforever 0 Posted October 28, 2015 Author Posted October 28, 2015 Marcos, many thanks for your clarification, that´s good to know. I like Eset. Thomas
Werderforever 0 Posted November 19, 2015 Author Posted November 19, 2015 In Automatic mode I don´t receive any alerts for application modifications. Is this a bug?
Administrators Marcos 5,409 Posted November 20, 2015 Administrators Posted November 20, 2015 In Automatic mode I don´t receive any alerts for application modifications. Is this a bug? According to the help, only applications for which a rule exists are monitored for changes: The application modification detection feature displays notifications if modified applications, for which a firewall rule exists, attempt to establish connections.
ESET Insiders stackz 115 Posted November 20, 2015 ESET Insiders Posted November 20, 2015 If you have 'Allow modification of signed (trusted) applications' checked, then you won't receive any notification provided that the application can be verified.
itman 1,790 Posted November 20, 2015 Posted November 20, 2015 In Automatic mode I don´t receive any alerts for application modifications. Is this a bug? In ver. 8, I had to set the firewall to interactive mode before I received any application modification alerts. I assume the same is true for ver. 9.
Werderforever 0 Posted November 20, 2015 Author Posted November 20, 2015 In Automatic mode I don´t receive any alerts for application modifications. Is this a bug? According to the help, only applications for which a rule exists are monitored for changes: The application modification detection feature displays notifications if modified applications, for which a firewall rule exists, attempt to establish connections. I have Automatic Mode enabled and there are no rules for Outbound.In your Post vom 28.10. you have confirmed, that also in Automatic Mode, I receive alerts for changed application: You will be asked for an action even if you don't use interactive mode. But I don´t receive that. Is this a bug?
Administrators Marcos 5,409 Posted November 20, 2015 Administrators Posted November 20, 2015 If you create a rule for an application (e.g. in automatic mode), you will be asked whether to allow or deny communication if the application is modified (updated or patched / infected). You don't need to switch to interactive mode in order to create rules.
itman 1,790 Posted November 20, 2015 Posted November 20, 2015 (edited) True. But the easiest way to create firewall rules is to switch to interactive mode and allow all your Internet facing apps for which you wish to receive application modification alerts. Application Modification Detection The application modification detection feature displays notifications if modified applications, for which a firewall rule exists, attempt to establish connections. This is useful to avoid abusing rules configured for some application by another application by temporarily or permanently replacing the original application's executable file with the other applications executable file, or by maliciously modifying the original application's executable file. Please be aware that this feature is not meant to detect modifications to any application in general. The goal is to avoid abusing existing firewall rules, and only applications for which specific firewall rules exist are monitored. Enable detection of application modifications – If selected, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Personal firewall. Allow modification of signed (trusted) applications – Don't notify if the application has the same valid digital signature before and after the modification. List of applications excluded from checking – This window lets you add or remove individual applications for which modifications are allowed without notification. Edited November 20, 2015 by itman
Recommended Posts