iWarren

Intermittent issue: 'All Networks' overrides 'Traffic handled by application' rule

Recommended Posts

Here is my current setup,

 

EIS v. 10.0.0.5561

 

Windows Services (TCP) - Block - IN/OUT - TCP -

9,13,17,19,113,135-139,389,445,1002,1024-1030,1720,1723,2869,1433-1434

Public Networks

 

Windows Services (UDP) - Block - IN/OUT - UDP -

9,13,17,19,123,137-138,389,445,500,520,1701,4500

Public Networks

 

Traffic handled by application rules (TCP/UDP) - According to app rule -

IN/OUT - TCP/UDP

0-65535 (ie blank entry)

All Networks

 

then I have an added rule:

"Rule 3389" - Block - IN/OUT - TCP - 3389

All Networks

 

When I need to use port 3389, i move the port below "Traffic handled by app"

When I don't need to use port 3389, i move the port above "Traffic handled by app"

 

The issue is, if I set it as "All Networks", it keeps blocking the "Traffic handled by app"

regardless whether its above or below.

 

However if I change it to "Public Networks", it blocks the way it should.

 

I say its an intermittent issue, because yesterday I had this issue, and while trying

to troubleshoot it, it seemed to start working properly, and i couldn't duplicate

the results.

 

I tried it again today, and the issue was present again.

 

Could you verify these results?

Share this post


Link to post
Share on other sites

Lets get some debug logs from Emsisoft Internet Security. In order to do this, you will first need to run a batch file to enable debug logging. This batch file is contained in the ZIP archive at the this link (this ZIP archive also contains a batch file to disable debug logging).

Please save that ZIP archive on your desktop, extract its contents, and then follow these instructions:

  • Run the enable_debug_output batch file (if your computer has Windows Vista, Windows 7, or Windows 8 then please right-click on the batch file and select Run as administrator).
  • You will see a black window pop up, and then disappear very quickly. After that happens, please restart your computer.
  • Reproduce the issue you are having with your port rules.
  • Once you have reproduced the issue, hold down the Windows key on the keyboard (the one with the Windows logo on it, usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
  • Type the following into the Run dialog, and then click OK:

    %ALLUSERSPROFILE%\Emsisoft
  • A window should open and you should see a Logs folder. Right-click on that Logs folder, go to Send to, and select Compressed (zipped) folder.
  • Move the new ZIP archive you created with the logs folder in it to your desktop.
  • Attach the ZIP archive containing the logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
Note: If you get an error message when trying to send the Logs folder to a Compressed (zipped) folder then you may need to try a utility such as 7-Zip or WinRar to compress the folder. Both 7-Zip and WinRar have options to create an archive and save it in another location (such as on your desktop), which should prevent the error message. Here are links to the download pages for 7-Zip and WinRar.

After posting the debug logs, you can run the disable_debug_output batch file (be sure to run it as administrator as well) and restart your computer again to disable debug logging.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.