Emsisoft Advanced Firewall Settings......

[Tony Cole]

Hi Everyone:

I just brought a license key for Emsisoft Internet Security, which I really like! In the firewall settings it has an advanced configuration setting, which asks Configure the automatic creation of rules for programs. What is the most secure setting for unknown programs, would it be block?

Tony

 

[kiric96]

i would set it to ask... however block may be a good option, you have to consider thay if you choose block and install more programs than you need some of them would not work... best for me is to ask (but it doesnt mean that a pop up will display, actually you may find a pop up once a while) please check the description of the program before allowing... EIS give you the md5 if you dont know just search VT total

 

[hjlbx]

Set both In-Bound/Out-Bound for Trusted/Unknown apps to "Ask" - this applies to rule creation when new app is installed.

When new app is installed you will get large detail firewall alerts - and rule will be created when you select one of the four options in the alert: Allow Connection using specific resources, Block Connection using specific resources, Allow All Connections, Block All Connections.

Occasionally firewall alerts will cause some app installations to stall, but it is OK...just close app and reopen and connect is made.

Remember, you can always just delete an Application's rule set in EIS and it will be re-generated when you use app next. By doing this over and over and keeping note of what happens ... that is how I learned to use EIS.

Hope this answers your questions.

 

[Tony Cole]

Does anyone have any ideas for the firewall settings?

 

[marzametal]

Set both In-Bound/Out-Bound for Trusted/Unknown apps to "Ask" - this applies to rule creation when new app is installed.

When new app is installed you will get large detail firewall alerts - and rule will be created when you select one of the four options in the alert: Allow Connection using specific resources, Block Connection using specific resources, Allow All Connections, Block All Connections.

Occasionally firewall alerts will cause some app installations to stall, but it is OK...just close app and reopen and connect is made.

Remember, you can always just delete an Application's rule set in EIS and it will be re-generated when you use app next. By doing this over and over and keeping note of what happens ... that is how I learned to use EIS.

Hope this answers your questions.

Never thought of this approach, sorta' the reason why I bumped EAM/EIS down to USB via EMET. Do I have the nads to give it another shot? *sigh* How would this approach work if one was to nerf ISP internet until VPN connection is established?

 

[hjlbx]

Does anyone have any ideas for the firewall settings?

Hello Tony Cole,

I just went with a generic "Allow" for source/remote ports for trusted applications. Although you can configure individual app firewall rules however you like. For IP addresses you have to add ranges using one of the online IP address calculators.

From a security perspective I do not think being OCD about meticulously adding IP addresses to individual firewall rules does anything significant - other than to drive oneself nuts. Either an app is trusted/known or it is not... so you either allow it to use the network or you do not.

It will be all right...you will see once you start using EIS.

I use "Allow using only the specific connection resources" = protocol/port as opposed to "Allow all connections" = all protocols/all ports.

I do not bother adding IP address ranges to firewall rules.

The one terrific thing about "playing" with EIS to learn how to use it is that you generally will not break anything. Best thing to do to learn is "have at it !"

 

[hjlbx]

Never thought of this approach, sorta' the reason why I bumped EAM/EIS down to USB via EMET. Do I have the nads to give it another shot? *sigh* How would this approach work if one was to nerf ISP internet until VPN connection is established?

I am not sure what you are asking, but EIS simply blocks all network traffic until it starts. So any in/out traffic early in boot-up is blocked for security. Since most VPNs are slow to start in my experience, by the time it is ready EIS real time monitoring is already at work. So whatever rules you created for the VPN will be applied.

I think what you are asking is if you can set up different rules for apps connected to the standard network versus a VPN. In that case, the answer is no. EIS will apply whatever app rules the user has created whether it is connected to the network directly or via a VPN.

The approach I use is to set all rules creation to "Ask" as it will generate an alert. How I respond to that alert creates a permanent, albeit user modifiable, Autorule that EIS will apply to the app.

Hope this answers your questions.

 

[Tony Cole]

No, in the firewall section right at the bottom their is a section marked advanced configuration it then has trustworthy programs and unknown programs. I have set the unknown incoming and outgoing connections to block for unknown programs, as malicious software (with Kaspersky they state to block unknown connections) so ransomware etc., could not connect to get the encryption key.

 

[hjlbx]

Hello Tony Cole,

Yes that will work too, but it blocks it silently - without an alert...so you may not become aware it is on your system for some time.

If you set it to Ask, then you will get a large firewall detail alert that lets you know some unknown (could be legitimate but not in Emsi database or nasty zero-day) app is on your system and wants network access.

EIS blocks all access until you make a choice from within the firewall alert. So you can spend as much time as is necessary to research and decide what you want to do with the file. The alert will stay open (you'll have to move it around to get access to browser, other apps... get alert out of the away - annoying, I made a suggestion to Emsi to either add transparency setting or minimize alerts, but it was rejected) until you make a selection - then it closes immediately.

From the info in the alert you can further research the file, determine if it is safe or malicious, and then proceed accordingly.

 

[Anupam]

Be careful with Emsisoft. Not sure where but it sometimes blocked my internet connection. I had to uninstall it. Not sure the reason or whether others also facing same problem.

 

[Tony Cole]

Thanks everyone, especially to hjlbx for your help/advice.

 

[hjlbx]

Be careful with Emsisoft. Not sure where but it sometimes blocked my internet connection. I had to uninstall it. Not sure the reason or whether others also facing same problem.

Hello Anupam,

If I recall you had various issues with EIS.

Yes, there have been BSODs and broken internet ... especially on W7 systems. Most commonly with the BSOD it is a Microsoft issue with their netio.sys driver and MS has a hot fix, but doesn't include it in their standard Windows updates. With the broken internet it is most commonly an issue with the Emsisoft Network Filter...sometimes it needs to be deleted. There have been a few other sporadic issues.

In all cases posting the issue on the Emsi support forum gets it fixed if you are patient. I have never seen a user post an issue and Emsi state "we can't help you...it can't be fixed."

 

[kiric96]

agree with you men, however i will recommend you to test EIS firewall will leaktest tools and online teste like GRC and pcflank please make sure that you are connected directly to the router avoid using any nat router...