Hello, what is the differnce if when a window pops up say for an example like google chrome, what happens if I say treat as web browser, rather then just saying allow? Does my security get reduced or does it stay the same?
Telling it to treat it as a web browser gives it extra freedoms. Answering allow will only allow that one action.
so, what is a better route to take to stay secure?
Unless you have a specific reason to do otherwise, I would advise just allowing it.
so, should I just delete all the rules for treat app as webbrowser and then restart all over again?
I’ll add the answer I gave you from the PM you sent:
Hello, I am wondering something. As I have said, I want the most best security for my firewall. If I am adding alerts about one of my web browsers to allow and remember my answer instead of treat this application as web browser and then selecting remember, what is the difference? Will my security be reduced if I tell the web browser to be treated as a web browser? Will my security get stronger if I just answer every pop up with allow and then just remember this answer and not treat the web browser like a web browser? I'm sorry if this is a long question, but I am really interested.
The pre-defined policies are just collections of rules that are most typically used by the application for which they’ve been created. The object of using a predefined policy, is to make it easier when creating rules. You can see the individual rules in each policy by going to:
Firewall/Network Security Policy/Predefined Policies - Edit
As an example, the pre-defined browser policy allows outbound connections to port 80 (http), port 443 (https), loopback, DNS and FTP.
You mentioned you’ve set your firewall to Custom Policy Mode with Alerts on High. So, when you run the browser for the first time you will receive an alert asking for access to an IP addtess over TCP on port 80, if you select allow and remember, a rule is created for the browser that allows outbound TCP connections to port 80. The same thing will happen the first time you connect to a secure web site using https etc.
Basically, there’s little difference, in terms of security, between using a pre-defined policy and creating your own, although if you never use the browser for ftp. you’ll have rules from the pre-defined policy you’ll never need. If you want more control, you can set alerts to very high, doing so will individual rules for each IP addresses.
I hope I’ve helped a little, however, from now on, I’d be grateful if you’d ask any further questions in the main forum, so that all users may benefit from the knowledge.
Thanks.
From PM:
oh, okay. The reason I ask some questions here is because if I did it in the main forum is because I'd have to create a lot of new posts which I'm not sure a lot of people would want. I have one more question for you for now. You said I could block or allow an IP if I just hit the normal buttons instead of setting predetermine policies, will this keep malware from doing the most damage because it seems like if I set a predetermined policy rule, I feel that a virus or malware will have a little more freedom rather then if I just not treat the web browser as a web browser. Would you agree with this?
As this question is related to the previous question, you can use the same thread:
As previously mentioned, the pre-defined policy contains rules you may or may not need. If you want more control, don’t use the pre-defined policy.
okay thank you I think. Based off of this answer by Chiron, he or she said.
Unless you have a specific reason to do otherwise, I would advise just allowing it.
That leads me to believe that by just using the predefined polices, you are less secure then if you were to just say allow to every pop up that happened.
I decided to mess around a little bit, so what I did was, I opened up my web browser and when it asked me if I wanted to allow my webbrowser, so I hit the option that said treat app as webrowser and I opened it up and it worked fine, the I deleted the rule and reopened up the same web browser and this time I said treat as Trusted application and I opened it up again no problems. My question is, do both of those do the exact same thing or how are they different?
You don’t need to keep opening new threads when the subject is the same, just use your existing web browsers thread.
With regard to the question. If you recall, I suggested you could look at the individual rules for the pre-defined policies - Firewall/Network Security Policy/Predefined Policies/Edit or the resulting rules created, once you’d answered and alert.
[attachment deleted by admin]
Merged threads.