ESS Firewall - service/domain name rules (ex: Windows Update)

Discussion in 'ESET Smart Security' started by Tintinabule, Nov 12, 2011.

Thread Status:
Not open for further replies.
  1. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Hello all,
    I plan to switch from EAV to ESS on a Windows 7 (64b) home local network but a thing bothers me:

    I know that the Windows Firewall service rules are not truly linked to services (set of rules, from what i read on the web ... beyond my knowledges) but as an exemple, my Windows Update rule with the Windows Firewall is :

    • Outbound TCP:80, 443 for svchost.exe bound with Windows Update service, allowed.

    Works fine and others services that uses svchost (netsvcs) like BITS are blocked (WAN).

    In fine, is there a way to make the same thing with ESS (or another firewall) ?

    Nota: As an alternative, i tried to add specific domain names like *windowsupdate.microsoft.com, *.update.microsoft.com ... in an ESS firewall rule but only IP seems to be permitted (as i understand).

    Perhaps I'm on a wrong way, could you light my way ?

    Sorry for my poor English, not my natural language !
    Have a nice day.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  3. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Thank you for the reply,

    I probably have not been explicit enough.

    Allow svchost.exe access to all remote servers means that all the services running from it will be able to connect to any server but, I wish only the Windows Update service to connect on dedicated servers.

    At worst, a rule like: Allow svchost.exe outbound TCP to *.update.microsoft.com:80,443 (an IP rule isn't possible due to the turn-over, only domain name .. as far as i know) But there may be a better solution ;)

    Good day to you !
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    634
    Location:
    Sydney Australia
    For Microsoft, I just created a Zone named Microsoft Corp, with Address range: 207.46.0.0 - 207.46.255.255 and use that Zone
    for any firewall application rules I create that need to connect to Microsoft.
     
  5. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Hello,

    I missed this functionnality !
    That will solve a part of the planned rules.

    For the example of Windows Update, I don't like a lot this solution because IP can change from a day to another but it seems to be the better compromise.

    Thanks to you for the replies, if no other ideas are posted in one or two days, I will put à [Solved] tag to the title of the thread.

    Bye :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.