Jump to content
Important Announcement: Planned Forum Shutdown ×
Important Announcement: Planned Forum Shutdown

Firewall - Allow Program Without Having To Exclude

DeezNutz

By DeezNutz,
in Other Emsisoft products

 Share

Recommended Posts

DeezNutz

DeezNutz

Posted
Posted

I like to keep "Automatically allow trusted programs to access the internet" and "Autoconfigure trusted programs" unchecked

but of course I get popups whenever I open my browser and anything else requesting internet access. Instead of having to

exclude it from protection altogether, I was wondering if it was possible to have Online Armor know which programs and their rules

should be kept and all unknown or new programs should be alerted to me when I have those two options unchecked. I know it's possible

to have only trusted programs access the internet but not all trusted programs I want to have internet access which is why I leave it unchecked. Could there be some new options or rules added to Online Armor to allow such a thing? Maybe a "permanent" rule

could be added in the firewall options and/or popup box that will allow a program to have internet access while "Automatically allow trusted programs to access the internet" is unchecked.

 

Thanks

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

The firewall settings are separate from 'Program' settings, and you can allow and block Internet access on a per-program basis. Just select 'Firewall' from the menu on the left in Online Armor, and you will see the controls.

Also, if you want to control things on the level it sounds like you are looking for, you may want to put Online Armor in Advanced Mode. Note that, in Advanced Mode, you will need to do more manual configuration for things to work as you expect, however it does give you the extra control. You will also want to take a look at the online help for more information on how Online Armor works when in Advanced Mode.

Link to comment
Share on other sites
DeezNutz

DeezNutz

Posted
  • Author
Posted

I just want programs I trust and allow internet access to open/run without being alerted to me due to "Automatically allow trusted programs to access the internet"

being unchecked, the blocked programs of course are not alerted to me but why should the "trusted programs" rule take over for the firewall rule on programs I allowed

internet access? The trusted programs rule and the firewall rule really should be seperate otherwise what's the point of allowing a program to access the internet

if "Automatically allow trusted programs to access the internet" is kept unchecked? I do keep OA in advanced mode but there isn't anything to do about my problem

besides putting everything in the exlusion list, which I'm currently forced to do to avoid OA nagging me about my browser or anything else.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

'Trusted' programs are programs that are trusted by the HIPS module, and not by the firewall. This is why the firewall controls are separate. This allows you to define what programs are allowed Internet access, and what programs are not allowed Internet access. If you would like to see more information about the firewall settings, then please see this link, and for more information about the Programs list you can see this link.

Also, when a notification about a program accessing the Internet is displayed, you should have the option to remember your decision create a rule for that program in the firewall settings so that it does not ask again. Please see the screenshot below (click on it to make it larger):

Link to comment
Share on other sites
DeezNutz

DeezNutz

Posted
  • Author
Posted

The problem is when I do create that rule it isn't rembered when "Automatically allow trusted programs to access the internet" is unchecked. I have to either keep

that or "autoconfigure trusted programs" for OA to use the rule for allowing programs internet access and again, I prefer them both unchecked. If you want to see what

I mean, uncheck both of those options, open your browser, create the allow rule, close your browser and open it again, you should get the same alert.

 

I really hate to be a pain, so if there isn't anything you can tell me I'll just go back to putting everything in the exclusion list

Link to comment
Share on other sites
DeezNutz

DeezNutz

Posted
  • Author
Posted

Yeah but constantly? I'm aware that I will have to choose what accesses the internet and what doesn't if those two options are disabled but it's the fact that

OA doesn't remember my choices that's the problem. I mean why should trusted programs have their own rule in the firewall options which if unchecked, bypasses the already set rule (allow rules) in the firewall and doesn't remember my decisions, why should I have to leave one or both of those options checked when OA can simply

refer to the firewall rule for my decision?

Link to comment
Share on other sites
Nick

Nick

Posted
Posted

Why not just checking "Autoconfigure trusted programs"?

 

" Autoconfigure trusted programs (Advanced mode only) – Allows you to change whether Online Armor will automatically create rules to allow ports and protocols as programs use them. Disabling this option will cause Online Armor to pop-up any time a program uses a new port or protocol not covered by an existing rule. "

 

In any case, you will be asked to allow trusted programs to access the Internet, it won't be automatically allowed (since you haven't checked "Automatically allow trusted programs to access the Internet").

The benefit is that OA  wouldn't pop-up any time a trusted (and manually allowed by you) program uses a new port or protocol not covered by an existing rule. Also, you could keep creating rules for untrusted program manually.

Link to comment
Share on other sites
DeezNutz

DeezNutz

Posted
  • Author
Posted

Hey Nick, I think you might be right buddy. I tested it out and was still getting the popups but realized that it was because of the new ports being used

that hadn't been already allowed by me, not because the "automatically allow trusted programs" was unchecked, I guess I shouldn't have tested it with Yahoo! IM

since that darn thing was using many different ports each time it opened. But it seems to be what I was looking for at this point, I apologize to the Emsisoft customer support for being such a pain in the @$$ ;) and thanks Nick.

Link to comment
Share on other sites
dallas7

dallas7

Posted
Posted

I also go with "Automatically allow trusted programs to access the internet" and "Autoconfigure trusted programs" unchecked.

As you discovered, you'll have to build a range for that application and keep adding ports until the alerts stop.  You'll end up with a series of comma separate ports of widely separated vaules (i.e. 80, 443, 3220, 8080) or many in a close range which you can clean up by editing them into a range like 1172-1235.

Do you have the Firewall option "Intercept loopback interface" enabled?  If your popups persisit in alerting for IP 127.0.0.1 for different ports then that's probably the cause of the justified popup mania.  

If you don't want to disable that, you'll need to build a separate rule for the application, use the range 1025-65535 and restrict the endpoint to 127.0.0.1 (or .2 or .3 etc. for specialized local proxy applications).

For either the app or the loopback, closer scrutiny of the alerted ports might allow fine tuning the ranges to 1025-49151 (registered ports) or 49152-65535 (ephemeral ports) instead of the whole 1025-65535.
 

I keep the loopback intercept enabled - I don't know if exploiting the local proxy is still in wide use, but I'm not taking any chances.  It's alotta work building the rules, but I have on many occasions blocked requests to open ports <1025 on 127.0.0.1 while browsing in the two years I've been running OAP (and other firewalls I ran previously offering such granularity).

 

Cheers.

Link to comment
Share on other sites
DeezNutz

DeezNutz

Posted
  • Author
Posted

Hey dallas7, "Intercept loopback interface" is indeed checked but since I don't fully understand it's function I leave it well alone.

To be honest I was looking to avoid messing with ports as it was a bit intimidating to grasp, but from what you've presented it seems to be the solution,

albeit strenuous, to my problem and I'll have to look into doing just that, and so far am coming along to understanding the basics of the whole port business

in regards to adding ports or ranges but am lost on the "Endpoint Restrictions" tab as I've never actually read into it in OA's "Help". I definitely appreciate your

help and will have to learn a little more about firewalls before I complain again ;)

Thanks

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
... "Intercept loopback interface" is indeed checked but since I don't fully understand it's function I leave it well alone.

Wikipedia's explanation is rather good, although a bit on the technical side. It is basically a fake network interface that your computer uses to redirect traffic back to your computer. The "loopback interface" is used when you type 'localhost' into your browser, or when you attempt to visit the address "127.0.0.1" in your browser. Of course, the loopback interface works for all programs that can make use of your network/Internet connection. Some malware will act as a proxy server, and set the proxy settings in your browser to 'localhost' or "127.0.0.1" in order to cause things such as search redirects, or prevent you from searching for help on the Internet.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 06/30/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...