ESET Smart Security Firewall

Discussion in 'ESET Smart Security' started by RJurjevic, Oct 16, 2008.

Thread Status:
Not open for further replies.
  1. RJurjevic

    RJurjevic Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    19
    Location:
    UK
    I use ESET Smart Security Firewall in Interactive mode manually allowing network traffic for trusted applications by creating the Firewall rules (few of network traffic attempts resulted in removal of unwanted software from our computers, quite useful :) ).

    Can anybody tell me how can I see the list of the created rules?

    If I switch back to Automatic (non-Interactive) mode will the rules still apply?

    I would presume that Windows Firewall should be switched off if ESET Smart Security Firewall is switched on, right?

    Is it possible that using ESET Smart Security Firewall in Interactive mode may prevent Windows Task Manager from being sent to the system tray (just speculating as I haven't investigated the problem yet)?

    Thanks.

    This link might be useful, I particularly like...

    5. Firewall behaviour in Interactive mode is implied from the concepts above. Asking for unknown communication is triggered by presence of general rule whose only specification is protocol (TCP & UDP). If communication detected by firewall doesn't fall into any rule, general rule is applied (and dialogue window showing unknown communication is displayed).

    ...which IMHO shows a degree of mathematical precision in the design... :)
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi!

    You can check firewall's rules in Advanced setup tree (Personal firewall => Rules and zones).

    When you switch firewall to automatic filtering mode, rules created before won't be used, but they stays saved for another use.

    Yes, Windows Firewall should be deactivated togother with other security programs, which can cause instability with ESS.
     
  3. RJurjevic

    RJurjevic Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    19
    Location:
    UK
    Thanks a lot.

    I read that: In short, Automatic mode uses no predefined rules, but automatically analyzes communication. Applications are allowed to establish outgoing connections. Applications that already established outgoing connections are also trusted for incoming connections.

    Although it appears that Automatic mode has no explicit rules it must have implicit rules (as say a decision has to be made if the traffic will be allowed or not). Therefore, it should be possible to provide an option in Automatic mode to use the union of Automatic implicit rules and Interactive explicit rules (if the strict union would be difficult to implement one could at least first apply Automatic implicit rules, then if the traffic was allowed check if there is an Interactive explicit rule which disallows it, or if the traffic was disallowed check if there is an Interactive explicit rule which allows it).

    Do not know if that feature (the union of the rules) would make any sense, but say after you've created a number of rules using Interactive mode you may wish to temporarily switch to Automatic mode applying both Automatic and Interactive rules (say my wife wishes to use the computer and she does not want to be distracted by the ESET Smart Security Firewall dialogues and uses an application for which network traffic is disallowed in Automatic mode and explicitly allowed in Interactive mode).
     
  4. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    In February Marcos posted the following to someone who wanted "Automatic with Rules":
    .... Note that Specific Rules you make in Interactive APPLY in Policy-based -- but Not Automatic. (In Advanced Setup Tree/Personal Firewall/Rules and Zones at bottom: make sure your selection in Rules to Display drop-dn menu is "All rules(incl system).....

    The tiny problem for me is that I cannot find these Rules as he words them. (i.e. word "unknown" is not in any rules so maybe Rules wording changed). His two Rules (or their current equivalents) would create the Automatic rules setup and since Interactive Rules Apply in Pol-base, that's your wish answered. Hopefully you'll get a clarification on the rules wording if not intuitive to you now.
     
  5. RJurjevic

    RJurjevic Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    19
    Location:
    UK
    Thanks for your reply. :thumb:

    Right, it would seem that implicit rules of Automatic mode are: "Block all unknown inbound traffic" and "Allow any outbound traffic" (and they are the only two rules applying in Automatic mode).

    I see, so if one sets the two implicit rules of Automatic mode and all of his or her Interactive mode rules switching to Policy-based mode would actually make the union of the two rule sets. :)

    Right, if any ESET Smart Security Firewall expert could name the rules which implicitly apply in Automatic mode I would be grateful (though I'll try to figure out for myself how to set those rules; maybe they are already pre-created so I can find them).

    Can I make a rule "Disallow any inbound and outbound traffic for a specific executable" (I know that I can make a rule "Allow any inbound and outbound traffic for a specific executable")?
    If I cannot set the rule I could uninstall that program (as if I trust that program I would allow it to communicate on the net if it is configured to do so, and if I do not trust it why should I have it installed on my machine in the first place).
     
    Last edited: Oct 17, 2008
  6. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Here's part of the problem: when I selected Policy-base mode I then went to Rules and Zones/Setup and looked at the list of rules. Nothing with "Unknown" was there (multi-attempts). This time I went back and tried again and the screen below appeared; Back to Automatic & I then tried selecting Policy-base, Clk'd OK and THEN went to Rules and Zones and the "Unknown" Rules DID Appear. Apparently, I only randomly get the "Block Unknown" Rules Without First Clk'ing OK when Selecting Policy-based and then viewing the Rules List in Rules-Zones Setup.

    Are you seeing this screen? Work from there if Yes. Dbl Clk Rules List below to make larger.
     

    Attached Files:

    Last edited: Oct 20, 2008
  7. RJurjevic

    RJurjevic Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    19
    Location:
    UK
    Thanks a lot for your replay.

    Right, it looks like the Policy-based mode is the solution, it is working fine for me...
     

    Attached Files:

  8. RJurjevic

    RJurjevic Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    19
    Location:
    UK
    I see that I have some double entries (two identical rules, say Allow DHCP), I guess I can delete the duplicates. :)
     
Thread Status:
Not open for further replies.