Firewall rules question

Is it neccessary to give msseces.exe a firewall rule at all?

I created a block all rule that only gives it remote port access to ports 80 and 443, but I don't know if its even neccessary since I can't actually see it scanning webpages in its interface when I open them. Does security essentials even scan web traffic as you browse the web? Is this rule neccessary at all? The individual updates to this program seem to be tied directly into the windows updates firewall rule.

 

MSE do not offer web shield against rogue and malicious websites unless the website will download or load content that is malicious.

 

msseces.exe is the process for Microsoft Security Client User Interface. You could try and see if you can still update MSE by opening its GUI (graphic user interface) and manually check for definition updates.

Other than that, I don't think it needs to communicate with the Internet.

You should give permissions to Network Inspection System (NisSrv.exe), though.

This article should let you know how to create the firewall rule for it -http://www.windowsecurity.com/articles/Network-Inspection-System-Enhances-Security-Microsoft-Security-Essentials-TMG-Firewall.html

Take a look where it says Application Layer Protocols Supported by NIS.

If you have scheduled a task to automaticlally search for and update definitions, make sure whether or not you'd need to allow MpCmdRun.exe (ports 80, 443) and any other MSE process that may be blocked.

 

There MAY be a bit of confusion here.

MSE is NOT in and of itself a firewall (FW) so users just exploit it's settings to control it's functions as a scanner.

A proper FW product will only have rules for the executables that need access to the www plus those exe that are allowed by the user. FW's should not allow access for those that do not need access. No rule no access.

This means that IF exe's do not need access it should not have a rule and users should not assume they do and try to out think them.

But MSE does update to get new definitions and logic improvements thus access is needed. Sometimes vendor products hard-code access to their own web sites right in to the code and you will not see a rule request.

I don't know what FW you are using but when you set it up it should have asked for all permissions as it went through it's learning curve.

My own experience is that many products ask for the www and don't need it. In those cases I just deny them.