13
As the above list implies, you must create specific rules for handling communication within ESET Smart Security
itself (updates, connection to ESET Remote Administrator Server, etc.). For security purposes, these rules are not
predefined by ESET.
Please pay special attention to the svchost.exe process, as the rule configuration for this process depends on the
local configuration. The RPC and DHCP communications are specified by a predefined rule (incoming RPC is enabled
in Trusted zone), so you should focus primarily on the outgoing communication of svchost.exe. An ideal rule for the
svchost.exe process would look like this:
Requirement
Direction
Protocol
Local
port
Application
Remote port
Remote address
svchost.exe ven
Out
TCP
svchost.exe
443
update.microsoft.com,
download.microsoftupdates.com,
windowsupdate.microsoft.com
3..1 Detection of modified applications
The
Application modification detection
option can be found In the Advanced Setup window under
Personal
firewall
. When enabled, ESET Smart Security initiates a cyclic redundancy check (CRC) for each monitored process.
If the process is changed, the user is notified and prompted to allow or deny communication (see the dialog below).
Select
Deny
to deactivate the corresponding rule and to deny the current communication. The behavior of this
feature can be adjusted by the
Allow modification of signed (trusted) applications
option. This option checks
the certificates of digitally-signed applications, which are typically found on Microsoft applications and operating
system components.
