Not what you are looking for? Ask the experts!
Feedback — Manual Firewall Control
I've posted this here, in the Norton Security product forum, as I'm wondering if there are solutions or workarounds to some of the issues with manual firewall control, from Norton or from Norton users, or if there are different products or product enhancements that Norton offers that address some of these issues. Perhaps an “Advanced Firewall” extension, or similar. If there aren't, feel free to mark this as Solved and move it over to Norton Ideas / Product Suggestions / e.t.c..
Some technical details first:
- Operating System
- Windows 7, Professional SP1
- Norton Security
- Product Version
- Experiences were from at or before
22.214.171.124, since about 2017-09
I'm mostly pleased with Norton Security. However, there is one shortcoming that keeps me curious about other competing products (I'm considering BitDefender, which also seems to be popular in the industry). That shortcoming is how manual firewall control works, when “Automatic Program Control” is turned off in Firewall Settings. Most of my firewall rules are carefully constructed, “Custom Access”/“Manual configure” rules, rather than simply “Allow”.
I'm aware that the official line from Norton is “Have Automatic Program Control switched on”. I'm also aware of the security risks that can arise when “over-blocking” applications from accessing the internet.
The first shortcoming is, by far, the most potent—
Configuration Lost on Program Update
When a program is updated, or the executable is otherwise changed, a firewall alert will rightly come up, displaying something along the lines of “This program has been modified since it was last used”. Unfortunately, at this point, all firewall rules regarding that program are lost, and must be painstakingly re-entered. Programs frequently require multiple, carefully-constructed rules, rather than just one or two simple ones, and some programs are frequently updated. Some sort of “Keep Current Rules” option in the dropdown would be ideal, which would not modify the existing ruleset, be it “Custom”, or simply “Allow” or “Block”.
“Any SubDomain” Rule
In a firewall rule, it would be convenient to be able to specify any subdomain of a particular DNS domain as a permitted host. For example,
*.server.com.. For some services, there can be an array of possible endpoints to which they connect, such as for example,
ds14.server.com.. In these instances, it would be convenient to be able to specify
*.server.com.. (See also the following Microsoft TechNet article for a more concrete example of how such a feature would be useful — <
//technet.microsoft.com/en-us/library/bb693717.aspx>.) I am aware, however, that for some programs, this might not work very well, due to the way DNS works.
Accidental Rule Overwrite
When a program attempts network access that does not match any existing rule, a firewall alert displays. If “Allow always” or “Block always” is chosen by mistake, all rules for that program are lost, replaced with simply “Allow” or “Block”. A warning confirmation dialog is probably the simplest solution.
“Allow this instance” Allows Everything
When a firewall alert shows for a particular program and “Allow this instance” is chosen, all further network activity from that program's process is allowed, until the process exits. This is perhaps as expected, but it depends on one's definition of “instance”. It would be good to change this to or have an additional “Allow this communication” option, which allows this and all further communications on the attempted IP–port, rather than allowing all kinds of communication.