Confused about priority of Application/Network Monitor

I need some help to understand the concept of using both the Application and Network Monitor.

When i set an application as trusted with my old firewall, it was able to connect without any trouble.
Now if i set an application as trusted i still have problems.

I guess the network monitor rule has higher priority then the application monitor rule?
But how does that make sense? If i trust an application and still have to write rules, what is the use for the trusted application setting?

Shouldn’t it be the other way round, i.e. the firewall enforces rules as long as i don’t want a programm to be an exception, then the rules don’t apply?
If i have to open some ports in network monitor for a specific application, wouldn’t i be vulnerable for attacks? Wouldn’t it be better to leave the ports closed and only allow certain applications to use them?
If i can’t be bothered to write network rules for every application, how much security will i lose if i turn off the network monitor?

Sorry if his questions are dumb but this is so different from any firewall i’ve used before.

Thx and take care
Jens

Hi, Jens (:WAV)

It was also a bit of a learning curve for me when I started. It’s not really whether AppMon or NetMon takes precedence over which. I picture it this way:

Application Monitor rules define what programs can or cannot have internet connections. If there’s a new program not yet in this list, by default it’s not granted any internet access at all.

Network Monitor rules define how those programs (or ones that are certified in CFP’s database like windows media player, internet explorer, etc.) in the Application Monitor list interact with the internet.

It’d be even easier to visualize if you provided an example of a simple program, then see how it runs from App to Net rules.

Thx but i guess i still don’t get it.
Let’s say i want to allow a game to connect to the internet.
The i add game.exe as trusted app, and in application monitor it say that game.exe can use the whole destination and port range with all protocols.
But i still can’t connect to “game”.
So i guess i would have to allow the ports and protocols “game” uses in the network monitor also.
But that isn’t application specific so my question is if it wouldn’t be easier and safer to just allow everything for the trusted app “game” or is there any good reason for the way it is now that i don’t get?
Another example: Let’s say i want to use application “filesharing.exe” to share some files. But my evil ISP does traffic shaping so i can’t use the same ports everytime. So i would have to create a rule in network monitor and allow tcp/udp in and out to any destination on any port. Wouldn’t that have nearly the same effect as disabling network monitor altogether?

You are right in that there are applications that will require extra NetMon rules (e.g. my Utorrent requires me to allow incoming connections to a specific port from any source to that destination port on my computer). Yes, network monitor rules are global, not application specific. At first, I also thought this isn’t secure because what if the program that currently uses x port and then I close it? Will that be opened to hackers or another program to use? Once that program closes, that port will be closed, but if another (approved) program uses that port will be once again be opened as needed. To be application specific - this is something I would also like and I think it’s on the wishlist.

For more info on which game requires which ports and rules to add, I think this is one place to start. If your game isn’t listed I’m sure panic will find out for you.

I’m not familiar with filesharing because my pc isn’t on a network. Have you went to Security tab > Tasks > Wizards > Define a new Trusted Network yet?

Ok i managed to make the game work, but i also had to disable Protocoll Analysis and allow fragmented IP Packtes to make it work (:AGY)
Is there any way i can do that application specific ?

I don’t know how.

The closest method I know of is to edit the Application Monitor rule for that game > Miscellaneous last tab on the right, and enable the Skip advanced security checks. Little Mac (forum mod) once posted that it essentially disables the Application Behavioral Analysis checks for the designated application. It might work.

Already did that before i changed the other settings but that wasn’t enough. Txh, though.

Sorry. I forgot that if skip advanced security checks disables ABA then it’s different from what you were after: something at the network traffic level. Maybe this is something you can put in the wishlist.