Interactive mode - Firewall

Discussion in 'ESET Smart Security' started by Alfredop, May 10, 2008.

Thread Status:
Not open for further replies.
  1. Alfredop

    Alfredop Registered Member

    Joined:
    May 9, 2008
    Posts:
    4
    Hello,

    I have switched my firewall to interactive mode, because a lot of people advise this to do.
    When I now open programs, he prompts to create rules and allow or deny connections.

    Can I simply allow every program I use and know, e.g.: msn, flashget, firefox, wmp, ... ?
    Or do I need to specify the rules via advanced options and still block some connections from msn, firefox, flashget, wmp?

    Because when I launch flashget for instance, I get lots of prompts, I simply clicked on "allow" and ticked off "create rule, remember this action" without further specifying something in the advanced options.

    Is this OK or am I taking risks by simply allowing every connection of the programs I mention?


    thx in advance!
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, you can create rules alone -> Open ESS -> Setup -> Personal firewall -> Configure rules and zones

    But simpler is wait for pop-up window from firewall.
     
  3. Alfredop

    Alfredop Registered Member

    Joined:
    May 9, 2008
    Posts:
    4
    thx, but my initial question is actually:

    Do I need to accept (allow) every pop-up window that ESS offers me, when I open a known/trusted application like msn or flashget.

    Example: I open Flashget and I get like 4 pop-up windows for outbound, inbound etc.

    Simply allow them all or deny some of them... because I don't know if flashget needs all the connections to function properly.
     
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Yes and No. Some action can check updates, some joins your account,... You have to look, where it try to connect and according it you have to decide.

    Today you have to pay attention everytime. If you remember, FlashGet was used for download trojans from hacker's server.
     
  5. Alfredop

    Alfredop Registered Member

    Joined:
    May 9, 2008
    Posts:
    4
    That's true... I tested out a few connections from Flashget (temporarily denied) but then he doesn't start my downloads anymore... so I guess all those inbound/outbound traffic pop-up windows need to be allowed.

    The problem is that I sometimes do not know, which connection is good or bad?
     
  6. pip22

    pip22 Registered Member

    Joined:
    May 25, 2004
    Posts:
    12
    Then you should switch to automatic mode and let ESS Firewall make the decisions.
     
  7. Alfredop

    Alfredop Registered Member

    Joined:
    May 9, 2008
    Posts:
    4
    OK, but he allows connections that I would block ;)... so automatic mode is not an option.

    How do you guys judge whether the connection is safe or not? Do you google the ip adress or ...?

    It's never to old to learn ;)
     
  8. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Well, personaly I only allow connections to certain apps (say Opera, Outlook, MSN and certain windows services like help...)
    If I see a pop up the first thing I look is what app is trying to connect, if it is a running app or service I will allow the app if the pop up is the result of an action of mine, of course I check the IP to where it is trying to connect and the port, if it is an unusual pot for the app say Opera using 25 or 110 when I don't use it to read mail I will block... and for newly installed apps or apps that I don't run very often I use the temporary remember so that this particular software uses a temporary rule that is deleted as soon as the program is closed.
    I guess it all comes down to common sense, but what you will notice is that after a while, the firewall stops asking because you have already created all the rules you need for your everyday apps, so if you see a pop up it is most likely a new app or an app doing something it is not suposed to be doing.
    A good rule is to set the rules using ports and not just allow/deny, so you know what to expect everytime you run an app...
     
Thread Status:
Not open for further replies.