How Does Override Work in Program Rules?

Archive
1

I'm not trying to change any automatic program rules, I'm just trying to understand how they work.

 

As background, with my previous firewall, which was less automatic than NIS 2009 in terms of program rules, I always denied requests by one of my downloader programs to act as a server and accept incoming requests from the internet.  (I don't use P2P or even instant messaging, BTW.)

 

When I look at the automatic rules NIS created for this program, I see the following, in this order (I am omitting certain parts which are the same for all three):

 

1.  Accept Outbound Connection, TCP and UDP.

2.  Accept Outbound Connection, TCP.

3.  Accept Inbound Connection, TCP.

 

As with all the automatic rules, there is a checkmark next to each, and at the top it says, "a rule that appears above other rules in the list overrides those rules."

 

It's that last statement that baffles me.  What exactly is meant by "override" in determining what behavior is permitted for the program?  If the program tries to act as a server, which seems to be what rule #3 says, will it be permitted to so so?  If so, what is even the purpose of the ordering and the "override" statement?  Why even have more than one rule?

 

BTW, this was about the only program Windows XP's built-in firewall actually questioned me about when I had to use it for awhile.

 

That's my main question, but on a related note I have a few others:

 

1. Does the fact that all of the program rules can be set on Automatic mean that NIS has information on the trustworthiness of all of the programs out there?  That doesn't sound feasible. Maybe some sort of heuristics?

 

2. Will I ever (possibly) have a program fail because NIS automatically blocks it due to automatic program rules (this is NOT meant to imply that would necessarily be a bad thing!)?

 

3. If the trustworthiness changes, will the rule be changed automatically?

 

(Darn, question #4 slipped my mind, and it was one I was really curious about :smileywink:.)

 

But again, what I'd most like to understand is how the multiple rules for a single program are applied, including what the "override" statement means.  An example would be great.

 

Thanks in advance.  REALLY delighted with NIS 2009 so far, BTW.

 

 

Message Edited by Ardmore on 05-01-2009 01:16 AM
Message Edited by Ardmore on 05-01-2009 01:18 AM
Message Edited by Ardmore on 05-01-2009 01:21 AM