Creating a rule for a whole folder instead of exact application

Discussion in 'ESET Smart Security' started by Don Taucher, Jul 18, 2012.

Thread Status:
Not open for further replies.
  1. Don Taucher

    Don Taucher Registered Member

    Joined:
    Jul 18, 2012
    Posts:
    2
    Location:
    United Kingdom
    Hello.
    Occasionally I have a need to control the way how group of .exe files that are in one and the same folder connect to the Internet. Creating and changing separate rules for all of those .exe files one by one manually consumes quite a lot time and is not convenient. Is there a way to create a rule not for separate .exe files, but for a whole folder, which has all the .exe files, that need the same rule to be created, in it?

    I hope I’ve expressed myself clearly, is it possible to create a rule for a folder, which has all the .exe files that need the same rule to be created, instead of creating the same rules for those executable files over and over again?

    Sincerely, Don
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, it's not possible as it would not be same. If malware copied to that folder, the firewall would automatically allow its communication.
     
  3. Don Taucher

    Don Taucher Registered Member

    Joined:
    Jul 18, 2012
    Posts:
    2
    Location:
    United Kingdom
    Thank you for a fast reply. I clearly understand the idea of not allowing creating a firewall rule for a folder, because that would mean exchanging security for comfort.

    However, it seems that ESET decided to act differently in the antivirus/anti-spyware field, because it is indeed possible to make exclusion for a folder in ESET Smart security antivirus advanced setup. In situation like this there exists the same possibility that malware will get into excluded folder and therefore the antivirus won't detect it.

    1. If it wasn't allowed to make exclusion for a folder in the firewall, why was it allowed to make the same exclusion in antivirus protection?

    I'll ask another firewall related question here in this thread.

    When I’m using “Interactive” filtering mode, firewall allows applications connect the internet despite the fact that there were no rules for that application created, e.g. skype connected the internet successfully, although no rule allowing skype to do that was created by me. The same happened with some other applications. On the other hand, when I’m using “Policy-based” filtering mode, firewall does its job really well and doesn’t allow applications that have no rule created connect the internet.

    2. Why is “Interactive” mode malfunctioning and allowing applications with no rules assigned connect the internet? Where am I making a mistake?

    3. If I add/change a rule for application or change between filtering modes, does the effect take action immediately or does it take few minutes for the change to start working? Is it required to close the selected applications and open them again or restart the OS for the changes to take place?

    Sincerely,
    Don
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Folders on disks contain files of various types and the number of them cannot be compared with number of executables in a typical folder for which a firewall rule can be created.
    2, As for interactive mode, check what application the rule was created for in the rule editor. You can also check the path to the application in the interactive pop-up window after clicking "Show advanced options" when an unknown communication has been detected. You must have had a rule allowing a particular application to connect already created if you were not prompted to allow or block the communication; I'd suggest checking it with a Customer care representative.
    3, The rule will take effect for newly created connections so it depends on how a particular application communicates.
     
Thread Status:
Not open for further replies.