ESS Firewall - service/domain name rules (ex: Windows Update)

Discussion in 'ESET Smart Security' started by Tintinabule, Nov 12, 2011.

Thread Status:
Not open for further replies.
  1. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Hello all,
    I plan to switch from EAV to ESS on a Windows 7 (64b) home local network but a thing bothers me:

    I know that the Windows Firewall service rules are not truly linked to services (set of rules, from what i read on the web ... beyond my knowledges) but as an exemple, my Windows Update rule with the Windows Firewall is :

    • Outbound TCP:80, 443 for svchost.exe bound with Windows Update service, allowed.

    Works fine and others services that uses svchost (netsvcs) like BITS are blocked (WAN).

    In fine, is there a way to make the same thing with ESS (or another firewall) ?

    Nota: As an alternative, i tried to add specific domain names like *windowsupdate.microsoft.com, *.update.microsoft.com ... in an ESS firewall rule but only IP seems to be permitted (as i understand).

    Perhaps I'm on a wrong way, could you light my way ?

    Sorry for my poor English, not my natural language !
    Have a nice day.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  3. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Thank you for the reply,

    I probably have not been explicit enough.

    Allow svchost.exe access to all remote servers means that all the services running from it will be able to connect to any server but, I wish only the Windows Update service to connect on dedicated servers.

    At worst, a rule like: Allow svchost.exe outbound TCP to *.update.microsoft.com:80,443 (an IP rule isn't possible due to the turn-over, only domain name .. as far as i know) But there may be a better solution ;)

    Good day to you !
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    For Microsoft, I just created a Zone named Microsoft Corp, with Address range: 207.46.0.0 - 207.46.255.255 and use that Zone
    for any firewall application rules I create that need to connect to Microsoft.
     
  5. Tintinabule

    Tintinabule Registered Member

    Joined:
    Nov 12, 2011
    Posts:
    3
    Location:
    France
    Hello,

    I missed this functionnality !
    That will solve a part of the planned rules.

    For the example of Windows Update, I don't like a lot this solution because IP can change from a day to another but it seems to be the better compromise.

    Thanks to you for the replies, if no other ideas are posted in one or two days, I will put à [Solved] tag to the title of the thread.

    Bye :)
     
Thread Status:
Not open for further replies.