How to block outgoing packets for a specific process

Hi,

How do I block all outgoing packets of data shown in the Active Connections menu under the Bytes Out column for a specific process?

Thanks.

Teletype

Evening Teletype,

Are you wanting inbound connections only?

CG

Hello CGPMaster,

Yes for now that would be sufficient. Ideally, if there is way to finetune things, I might want more specific control as far as what types of protocols can get in/out. But for now inbound connection is what I want.

Thanks.

Teletype

Ok,

Firewall > Advance > Network Security Policy

And just select the application you want
(eg. C:\Program Files\example.exe) Edit
From here you can edit or add policies regarding example.exe

To Create A Predefined Policy (when a alert pops up you can select Treat As "InBound Only)

Firewall > Advance > Predefined Firewall Polices > Add

Did this help?
CG

You can block outbound connections, but TCP connection are bilateral. If you allow an inbound TCP connection, packets flow both in an out. Is that OK for your purpose?

To: sded & CG,

Not quite! I just run a few experiments. It would appear that blocking an entire applicatiion’s outbound traffic will be too restrictive for other processes that use it as well (I am referring to my anti-virus program from avast’s: ashWebsv.exe).

So, allow me to rephrase my question… Ideally I would like the application ashWebsv.exe which appears under the Active Connectons in the Comodo Firewall to be able to be blocked based on the URL that it’s trying to access.

For example: I am trying to have the firewall block all Outgoing Bytes in the process named ashWebsv.exe based on the URL that it is attempting to connect to (specifically: http://video.google.com).

How could I write such a rule?

Thanks again for your help.

Teletype

Are you trying to exclude a URL from Avast’s Webshield/Scan ?

If so, you’ll need to double click the “avast icon” and go under the webshield then exclusions or something like that and enter the url to there…

For the Firewall you would have to get the IP Address for the domain of the website and block it from connecting to ashwebsv.exe

Did this help?

CG
CG

If there are several sites, you can set up a network zone with the urls or ips you want to block in it, and then generate a block rule with that zone as the destination address for ashwebsv, similar to what CG posted.

To: sded & CG,

Yes, that is precisely what I want to do. I will have to run some experiments with this to see how it affects my browsers. Sded’s suggestion seem to be a nice generalized solution to this problem.

By the way CG, Google seems to be using a ton of IP addresses, what I have to do now is to find a way to block the entire URL (something like this: http://*.google.com )

I will let you guys know how I am progressing…

Thanks again for all your suggestions.

Teletype