What exactly is a "System" rule?

Discussion in 'ESET Smart Security' started by K12RS, Apr 7, 2009.

Thread Status:
Not open for further replies.
  1. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    In the Firewall ruleset, there are 3 categories of rules. The first is rules that have an application specified. The second category is that of rules where there is no application specified. And then, there are "System" rules...

    What specifically is a "System" rule, as opposed to a rule that fits in the other two categories (Application Specified, and No App specifed - ie "All")?

    Are there certain processes with Windows that return "System" as the "application name" to which these rules apply (in which case the "System" rules are really application rules for the applicaton "System"), or does the name "System" convey that they are applied differently than the Application/No Application rules? And if so, how do they differ in application?

    I've looked at the default rules in depth, and I cannot seem to determine why some things (such as remote desktop, or Netbios) are created in "System", while other processes are created under an application name.

    (I'm going into day 3 of waiting for a reply to this from T/S - at this point I'm hoping someone here has more information than I do and can field this.)

    Thanks in advance to anyone who can help,
     
    Last edited: Apr 7, 2009
  2. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    Perhaps a graphic will help - See the attached jpg - the System rules I'm referring to are highlighted.

    And Thanks in advance to anyone who can shed some light...
     

    Attached Files:

  3. guest

    guest Guest

    Good question... I would love to know the answer...
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    AS far as I know, they are just predefined rules so you don't need to set them up yourself.
     
  5. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    Let me be specific - I need to know because I've purchased a 40 user license of the BE for use in my company. And in order to effectively use the firewall, I need to be able to configure the firewall in policy mode. I made an attempt to do so, and found that in some instances the firewall isn't working as I'd expected.

    A "home user" in interactive mode probably doesn't need to care. But if you are manually attempting to configure rules to permission various permitted applications in a corporate environment for nearly 40 machines where you don't have the luxury of sitting in front of each one for a couple of days while the rules sort themselves out, then it's important to understand what tools you have to work with, and where it's correct to use each.

    Thanks to all.
     
  6. guest

    guest Guest

    If you have the answer from ESET's customer support, it would be great to post it here... I want to know to!
     
  7. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    The question I'm trying to get answered at the moment is if ESET even HAS Technical Support.

    After waiting a week for an answer from TS, I contacted the reseller who sold me the license, who contacted his "Tier 3" support contact, who acknowledged that "support has been problematic" and that I would receive a call no later than 24 hours ago.

    Nothing.

    I'm going to give it 24 hours, and then I'm instructing my staff to de-install Smart Security from the workstations, and install the AV only, which at least based upon independent testing as well as my own I feel as though I can count on to some extent.

    But at this point, I feel that we were better off without a local system firewall than one that doesn't work as expected, is rated so poorly in independent testing, is so poorly documented, and is for all intents and purposes unsupported.

    If I do get an answer, I'll post it. But I'm not holding my breath ...
     
  8. guest

    guest Guest

    Well, for me, the firewall is exactly what I need... I just use it to allow access for programs and services I want, but anyway, I disable everything I don't use! So, I just use the log to see if something was blocked... Because if something was, it means that I didn't disabled it of that I forgot it... I don't use it for inbound packets because I have a router with nat and good filtering based on ip and ports so...

    Anyway, I am used to have fast answers from eset... I will try to contact them too!... I might be lucky;-)
     
  9. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    What you are saying is that you use it in interactive mode, and that you feel responsible (and knowledgeable) enough to manage your own security. When I was using it on my own machine in interactive mode, I felt much the same - it (pretty much, other than some shortcomings with respect to permissioning services) seemed to work in a way that made sense - so much so that I licensed Smart Security rather than AV for my firm.

    What I didn't understand was that it wasn't actually protecting me as much as I'd thought - it wasn't until I installed it on our corporate network and found that it didn't work in some instances that I became concerned.

    Anyway.
     
  10. guest

    guest Guest

    If you don't think about the problem of the other topic, what make you say that it didn't protected you as much as you said?
     
  11. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    For what it's worth - this is the answer I've received after two weeks ....

    ~Private communications removed. See the Terms of Service. Use your own wording to convey the answer you received.~


    ----------------------------
    I was referring to the fact that the documentation is misleading, and a rule inserted under "All Applications" isn't - it's really "Only those applications without any specific rules for that particular application".

    By the nomenclature, I'd made the assumption that a block under "ALL" would, well, block "All". Not just "Some".

    TTFN
     
    Last edited by a moderator: Apr 17, 2009
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Simply said, rules related to the application System are related to the system process which is the first one started by the OS (PID 4). General rules, that are not binded to any application, are displayed in the "Rules with no app. assigned group".
     
  13. K12RS

    K12RS Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    18
    Thank you, Marcos. That's exactly what I needed to know!!!! In short, they are applied exactly like any other application rule.
    (and therefore, can't be applied to my problem.)

    And sorry for the violation of the TOS - I didn't think of the technical support response in that light - I was thinking only of not misconstruing the information provided and misleading someone.

    So, to paraphrase the response:

    System Rules are built into ESET to mediate communication within trusted zone. Precisely which built-in rules are in place at any given time is controlled by whether "Allow sharing" or "Strict protection" is selected under "Trusted Zone Setup".
     
Thread Status:
Not open for further replies.