ESS RC1 and Hard Coded Rules

Hi, I wonder If there is an option to Edit Hard Coded Rules that are incorporated in the firewall, It's not that I'm having problems but I don't use DHCP for my internet connection and I don't like having it activated by defautl by the firewall so, if there's a way please let me know and if there isn't add it because those of us who are used to Firewalls like to do things our way sometimes

Other thing I've noticed, and it happened to me with NOD V3 RC1 as well is that I cannot integrate it with windows mail, even thow I do the configuration under miscelaneous I cannot see the toolbar shown in the help files or the appended message to scanned mail

Other than that running pretty smooth for a non finished product

 

Hard_coded rules.

Hello Eset,

With full respect to you, I would ask that ALL hard_coded rules be removed from your firewall.

I can fully understand some need from such a suite to be given access for updates, and the possibility of a user to inadvertently block this could give rise to posts (therefore more supports issues), but for me, this is never an excuse for a vendor to place such rules, and can lead to possible accusation of "Call Home"

Please re-consider this approuch. Such needed rules can be hidden (as they are already), but from my own point of view, I need full control of any application based on my own rules, not that of the vendor.

I have used NOD AV for the last 2 years, its updates are restricted within my firewall to the update servers. I have never had any problem with this. Why would restrictions by user rules be a problem with ESS?

Regards,

 

Re: Hard_coded rules.

I totally agree with this.
So change this hard coded rules to 'normal' rules and add an advanced option to make them editable, please.

 

Re: Hard_coded rules.

agreed
i think if firewall is installed in automatic mode it is understandable..
but in interactive mode, i would prefer to make every rule

 

Re: Hard_coded rules.

Agreed.


(https://www.wilderssecurity.com/showthread.php?t=187046)

 

Re: Hard_coded rules.

Hello MasterTB, and all those who want to control comms to/from the internet from/to their PC based on their own wants/needs.

Sorry, I missed your current thread on this,... I would of added to that if I had seen it.

This as been put forward since the first beta. Probably here to stay, but I hope not. I do/will not use firewalls that take away my full control of internet access.

Regards,

 

Re: Hard_coded rules.

All default rules can be disabled by unticking the appropriate checkbox, and then you can create your own rules per your needs.

 

Re: Hard_coded rules.

Was this changed in RC1? I'm pretty sure they were un-changeable in beta 2. I haven't tried RC1.

 

Re: Hard_coded rules.

I don't know when exactly it was changed, but now it's quite straightforward to enable/disable the rules you want:

 

Re: Hard_coded rules.

Not all rules can be disabled, and on re-boot, all rules are again enabled (on my VM setup).

The rules should be able to be deleted~ all of them, permanantly.

 

Re: Hard_coded rules.

You took the words right out of my mouth...

 

Re: Hard_coded rules.

Perhaps they are re-enabled automatically because as ESET mods have mentioned , the beta releases are made to auto re-enable functions so that all things are tested . In final them may make it more controllable (just a guess)

 

Re: Hard_coded rules.

It's actually a bug, it will be fixed in future versions. Thank you for pointing it out.

 

Re: Hard_coded rules.

RC2 on it's way then!

 

Re: Hard_coded rules.

Hi Marcos,

Could you confirm, is the fact that "Not all rules can be disabled," also a bug?

I did notice while I had ESS on VM, that when I updated, this connected to 89.202.157.139[update.eset.com]. The update was successful, and complete, but then another connection attempt was made to 82.119.225.58[exp01.eset.eu], may I ask what this last connection attempt was for?

Regards,

 

Re: Hard_coded rules.

No, it's intentional, at least for now. We'll see, ESS will be continually developed so maybe we'll change it in the future.

It's the server to which ESS/EAV connects and retrieves the information about your license.

 

Re: Hard_coded rules.

Hi Marcos,

The license is checked when the update is attempted at "update.eset.com" (invalid license details block the update), why would your program then connect out again to re-check the license?(after successful update).

I will re-install onto VM to check on this last connection made.

 

Re: Hard_coded rules.

Because you all have been hunting us to implement a feature that would inform you about your license expiry date The update servers only verify if you user/pass is valid, it's a standard htaccess authentication.

 

Re: Hard_coded rules.

And that's exactly how it should be.
They said the same to me when I emailed them a support ticket but, if you go to the advanced tree view of rules and you disable them, THEY DON'T STAY DISABLED.
Trust me, I've tried, every session, and then they are right back up.
This is no way to do a firewall when you have an interactive mode, ALL rules should be controlable by the user, wether he/she wants to disable, edit or delet them for good.

 

Re: Hard_coded rules.

I have already confirmed this to be a bug which will be fixed in future versions.

 

Re: Hard_coded rules.

Hello Marcos,

Not from me, lol. I know my expiry dates.

I have confirmed that the last connection (I mentioned) was to a server to check on licence, so your explanation for this looks correct (I do like to check).
Thank you for your time.

 

Hello,

I do find I need to question you on this. But first, let me put forward:-

Currently, from the short installs of ESS (due to PM`s) on a VM, I do find this to be quite buggy.
From a point of view of the "System rules", which include the hard_coded rules mentioned, I do see, on each re-boot this as different. At times, the rules for ESS will show, other times they will not.
Now, from the posts by "Marcos", there is a bug that is re-enabling these sytem rules, so the next release will possibly show this as resolved, but, the rules for ESS will remain (as infered by "Marcos").

Now to my question to you.

Would you personally have a problem with the Hard_coded rules if all that where shown could be disabled?
Would you be concerend that not all hard_coded rules are shown (so in fact, not all Hard_coded rules are seen, and connect be disabled?)

I ask these questions due to your recent post concerning problems with NOD AV and Kerio. Kerio contains hidden Hard_coded rules for its own applications. Are you not concerned with this due to the fact the firewall does not show these rules? (example: Kerio will attempt to connect to "updates" with no rules present to allow this, and with no popup or logging of this)

 

Well to answer your question, as you mention Kerio, the hard coded rules of kerio can be easily disabled or changed, meaning that you can enable or disable them for Trusted or Untrusted zones, which is not the case for ESS, that only allows to enable or disable them as a whole (and as a matter of fact I always disable them in Kerio), but to be more specific, I was not refering to what eset calls "system" rules -meaning the rules pre-programed for the update and check system of the ESS per se, but to those rules that enable DHCP and DNS connections from and to everywhere, when particularly in my case I don't need/want them -and that because of a bug we now now they cannot be disabled and are probably not working at all !!!

And as you clearly mention I am concerned because not only I cannot disable those rules, they probably don't even work so in that case, more reason for me to worry, don't you agree??

As for hard coded rules of every application, I don't aprove of them, but generaly they are to allow updates, bug reports and licence checks, so usualy I don't mind. In kerio's case, even when they are not shown, they have been publicly disclosed in the products manual so you know they are there -of course I'd rather they wouldn't- but that is not my choise.

 

Please show me this direct option.
With respect, I have looked at this firewall before, I have seen what it does, with what open options are available.

 

On Kerio/Sunbelt Personal Firewall >Network Security >Predefined: there is a list here of prededined rules regarding the most common protocols in network communication, those rules can be enabled or disabled at will. For instance, there is a rule to enable DNS queries, I allways disable it and create an Advanced Packet Filter rule for svchost to allow it and only it to connect to the DNS servers.
Other rules are under Network Security Applications, and are those who allow File and Printer Sharing among others, those can also be disabled aswell.
As for the system hard coded rules that allow the firewall to autoupdate and check your licence, well those are the ones that cannot be seen in the firewall's gui, if those are the ones you are talking about, well they never did disable them so I don't think they will in the future.

PD this is from the User guide:
About Hard Coded Rules for specific protocols and comunications: "The Personal Firewall includes set of redefined network security rules (i.e. for DNS, DHCP, etc.). These rules are separate from user-defined rules and can be enabled or disabled at any time. Whenever the Personal Firewall detects traffic that does not match the criteria for a rule, a dialogbox opens asking the user to permit or deny the communication. An application or packet filter rulecan also be created at that time."

About Internal Firewall Rules: "Internal network traffic rules enable network traffic between individual firewall components during local or remote administration, Sunbelt Software registration, or check for new versions. Internal network traffic rules are not displayed in Personal Firewall user interface." ... and the User guide contains a Detailed List of them, but of course you can't mess with these rules.