Sign in to follow this  
dallas7

Vanishing Rules - Unacceptable "Automatic decision"

Recommended Posts

Reference http://support.emsis...s-list-problem/

I'm beginning to think I should just make one "OA Annoyances and Bugs" and just add to it as I go along.

• On both systems for OA++ and OAP I have Automatically allow trusted programs to access the internet and Autoconfigure trusted programs unchecked. This was done a few hours AFTER installation prior to which time a bunch of firewall rules were of course created.

I was troubleshooting on the Win7 OA++ system why Windows updates had been failing and why I couldn't perform them manually. In checking the logs I noticed there was an "Automatic decision" to block outbounds by svchost.exe to TCP ports 80 and 443! At this point in time I discovered that under the Programs tab, svchost.exe is... gone. Under Ports I manually built a rule for 80 and 443 as seen in the screenshot composite to successfully do a Windows update. I can say with certainty that during the initial post-install discovery, svchost.exe did not go out to 80 or 443 prior to disabling "Automatically allow..." and "Autoconfigure trusted..." I should have received a popup to decide on the connections but instead nothing but a silent block and a broken Windows update.

In looking further, I find that the Programs listing "Plugin Container for Firefox" which I know once existed is... gone. Though the one for the Palemoon browser is still there and each has a Rule.

Further, in my OAP on WinXP is the very same condition, the Programs listing for Firefox's plugin-container which I know once existed is gone while the Rule exists. (No screenshot; Palemoon not run there.) svchost.exe is still there, though.

In recollection, I had twice been troubleshooting connectivity for some other apps where I was perplexed at rules I couldn't find when I knew I had selected "Create rule" and seen them under the Programs tab. I thought, "OK. I'm new at using OA. Must be me." I found myself deleting the apps from Programs to renew the process.

Apparently not.

What's behind these disappearing Programs listings?

Is the absence of an app under tab Programs tab compromising security along with breaking the app's networking?

How do I stop that "Automatic decision" from ever happening again?

Share this post


Link to post
Share on other sites

dallas7,

Not sure if this weird behavior is related to the oasrv issue you posted here.

Also please keep in mind that excluded programs disappear from the Programs listing, and any configuration changes made in Advanced mode will still function while in Standard mode; they will simply be hidden in the Online Armor Control Panel.

Only with debuglogs the developers can tell for sure what's happening with OA on your system. If you are able to reproduce an issue, please reproduce the issue with the debug mode enabled.

See also: Information to include in your support requests and some related topics in this Knowledgebase.

Share this post


Link to post
Share on other sites

Related to that other Application Error post? I'm not sure either.

I have no exclusions. Except for that short post-install stage, I immediately changed both my OA environments to Advanced (as well as disabling those automatic firewall settings) and kept them that way.

The fact that plugin-container.exe for Firefox is gone on both my OS dissimilar systems is telling to say the least. And I know with certainty they both existed because when I allowed with create at their first instances, I verified their presence and then went in to restrict the rule to port 80.

FWIW, as reported by Sysinternal's Process Explorer, I have noticed plugin-container.exe for Firefox runs within DEP (permanent) in both XP and 7. Palemoon does not and its plugin-container.exe Firewall Progams tab listing hasn't gone bye-bye on my Win7 system.

I can't say if svchost.exe was ever present under the Firewall Programs tab on the Win7 system. I bought that laptop a few weeks ago and it was while troubleshooting as described in #1 above that I discovered that issue. I'm assuming its other rules (ports 53, 135, etc.) were created during the install discovery. Finding the Automatic decision to block it otherwise thereafter, and for Windows Update no less, is quite disturbing.

The only time I notice a rule that's no longer listed under the Programs Tab is when I just happen to notice it's not there anymore. Therefore, I won't know when to reproduce what for submissions of debug logs.

Thanks for the Knowledgebase link.

Share this post


Link to post
Share on other sites

I see where in EAM 6.0.0.51... "Application rules missing bug – fixed."

In following up here in my thread, I have been paying close attention and taking meticulous care when "A program wants to use the internet" pops-up.

Last week I installed YL Software WinUtilites 10.38 Free on both my systems.

In the attached screen shot composite the two foreground clips show the existence of the Program tab WinUtil.exe listing and the corresponding rule under the Port tab.

Since then, as the background clips shows, the WinUtil.exe Program tab listing is gone. And it is gone on both my systems- WinXP & Win7. (The Port tab listing still exists.)

I now consider this a fully demonstrated and documented bug.

For OAP and OA++ I am looking forward to seeing "Application rules missing bug – fixed" in a Emsisoft Online Armor Firewall 5.···· released Changelogs topic. Hopefully the next one.

Cheers.

Share this post


Link to post
Share on other sites

Since you have 2 threads about the same problem, I'm going to close this one as per the Terms of Use. If you notice problems in future with Windows Update being blocked due to automatic decisions (which is a different issue to the vanishing rules issue that you already have a thread about), you can start a new thread about that.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.