Can't just firewall application's specific start address ask, only works by blocking everything.

[Farble]

Kasper Internet Security   20.0.14.1085 (m) up to date.  Very long time Kasper user on myriad puters.

I have a program that always wants to connect to a specific IP address (using random/different ports) each time I run it.  It is not necessary for program running, nor startup, so I can only conclude I don’t want it to happen as it is a security system controller and I find this behaviour a bit suspect.

I go into Application rules and make a Network rule for the program’s .exe that is Block, Direction In/Out, All protocols (even though it only appears to use TCP) and the specific address that it always wants to go to entered into Addresses from the list/Remote addresses.

This does not work.  On start of the program it is still connecting.  In this case I am using Tcpview to monitor things.

The only thing that does work is if I do a TOTAL deny under Network in the main Manage applications window.   This is not what I want, as I need to use the program to talk to other things on my LAN.

I don’t understand why this is not working.  It all seems straightforward what I have done, I’ve followed the various help files, it is not even an https connection, but is not being blocked by my details that specifically describe the connection it is using unless I  “don’t let it do anything”!

Thoughts please, and thanks.

[Guest]

Hello,  have you tried to open 

Firewall settings - Configure application rules?

 

For the concrete application - open Network rules and add a rule like the following (with your IP address + enable Log event option, so in Reports you will be able to see these events) 

 

[Farble]

Thanks for the reply.  That is what I said I have done in the OP.  The only difference in the rule above to mine is that I have not specified any ports as it appears to connect over a variety of ports.  I did try specifying ports in format 192.168.1.1/1-65535 but this did not work as Kasper says it is an incorrect format.  Perhaps a syntax error?  How to write all ports?  I’ve tried many different ways of saying this, always “format error”.

Further to this, even if I make the Protocol ALL and make the address Any address, it still does not block the connection.  The only thing that blocks the connection is a “total” Deny done in the “Application network rules” area.

Thanks.