I need to add an exception to the Windows Firewall rules that allows a program (LogMeIn Rescue). LogMeIn let's the user download some Remote support tool.exe that unpacks into %localappdata%\logmein rescue applet\lmir0006.tmp\lmi_rescue.exe. The lmir????.tmp is a dynamic foldername that changes with every download.
I have found many 'solutions' for adding exceptions on a dynamic path but this don't work for these reasons: 1. The user does not have the permissions to add a firewall exception. 2. The exe is unpacked at runtime.
Therefor a solution as with https://security.stackexchange.com/questions/24557/windows-firewall-how-to-block-inbound-for-all-exe-files-in-a-folder is not an option.
Windows Firewall does not allow me to add an asterics (*) to the pathname. I've tried adding lmi_rescue.exe and %localappdata%\logmein rescue applet\ which is allowed to be added.. but the applet is still blocked:
[10:50] extra information:
The lmi_rescue.exe is signed by a valid certificate. It communicates over HTTPS (outbound port 443) but the local port is dynamic. I can allow the publisher in Applocker.. but that does not seem to be linked to the firewall settings.
For some unknown reason, the 'block' does NOT occur when connection to the domain profile, even while the internet communication is unfiltered. When connected using a private or public profile, the firewall popup comes up. The firewall exceptions have been checked and every enabled rule has been applied to 'All' but the exception remains.
OS Tested: Windows 7 Enterprise & Windows 10 Enterprise (v1115).
No comments:
Post a Comment