RinaldoGandolphi wrote: »As someone who manages quite a few commercial PfSense Netgate appliances as well as multiple Snort Cisco Talos Business Subscription based plans, and also run Emerging Threats Open Rules and IP lists for many years. I can tell you those rules are correct, but the usage isn't.
Cisco Talos, Emerging Threats, and Snort Open rules are designed to be used in a business/corporate environment. They are not really meant or designed for home use. It is flagging ESO because in a corporate or business environment an IT administrator would want to know if someone is using their network in a manner that isn't consistent with company policy. So playing ESO for example would violate most corporate/government policy on network use, thus would be classified as network abuse which falls under the classification of a trojan. So Emerging Threats is correct.
Unless you have very very specific requirements such as running a business from your home, hosting specific services to the internet such as web and mail servers, VPN tunnels, etc running Snort on a home network really isn't necessary. I know a few of my colleagues and myself that run Netgate devices at home, but we don't use the Snort functions simply because they are not necessary for our use case. Netgate standard Firewall and rules is more than sufficient and keeps people out.
By default in IPv4, NAT blocks all incoming network requests from the WAN that don't have an entry in the state table from a device behind it(LAN), so if your not forwarding any ports, no IP can connect to a computer behind a NAT firewall unless a system on your LAN has specifically initiated an outbound connection to that IP. Most IPv6 capable routers now have some similar functionality, its not quite NAT, but in the case of my internet gateway is an IPv6 firewall that acts as a statefull firewall much like IPv4 devices NAT.
If you are happy with Snort and think you need it, then continue to use it. I am not here to discouraging you from using something that you are happy with. I was just trying to give some insight.
another option to consider is Comodo Firewall. Its free and VERY robust, but it is not for the faint of heart. Its default config is pretty lax, but dig into its settings it has a plethora of options that may end up being a better fit.
For example, for unknown programs you can run them a virtualized secure container where they can't may any changes to your system ot access your data, if you end up trusting the program you cna move it out of the virtualized box, if you end up not trusting it, you can dump the virtual box and no changes are made to your system. Its pretty extensive, and for the security mind with it being free it may be something you want to use or even supplement your Snort with.
https://personalfirewall.comodo.com/
Good day
Rinaldo
I have 1000s of hours with this game over the last 5 years, no Trojans on my machine.
Most people run some kind of firewall and this game and do not have any issue.
But I guess your Enterprise Firewall being used in an enviorment it is not designed for throwing up false flags is cause for alarm.
No one has reported ESO as being a trojan before, and Google only shows you as reporting this as a trojan.
@RinaldoGandolphi knows his stuff. You can ignore it or heed it, but don't call him names or insult him because he does not agree with you
makasouleater420 wrote: »EXE or DLL Windows file download HTTP
makasouleater420 wrote: »EXE or DLL Windows file download HTTP
Whoever designed the ESO launcher and its update mechanisms needs to fired and blacklisted to never ever get a job in the industry ever again.
It has been a mess since day one, downloading way too much data for small updates because patch data is bundled in chunks and they never figured out how to do small incremental or targeted updates. If even just a single byte changes in a data chunk, the whole block has to be downloaded again.
And don't get me started about sending binary data (that isn't base64 encoded) through a http port. Seems like a good idea to the intern fresh out of school "Hey, don't most people have port 80 open? Lets just use that!". Probably the same person who designed the launcher.
RinaldoGandolphi wrote: »makasouleater420 wrote: »EXE or DLL Windows file download HTTP
Whoever designed the ESO launcher and its update mechanisms needs to fired and blacklisted to never ever get a job in the industry ever again.
It has been a mess since day one, downloading way too much data for small updates because patch data is bundled in chunks and they never figured out how to do small incremental or targeted updates. If even just a single byte changes in a data chunk, the whole block has to be downloaded again.
And don't get me started about sending binary data (that isn't base64 encoded) through a http port. Seems like a good idea to the intern fresh out of school "Hey, don't most people have port 80 open? Lets just use that!". Probably the same person who designed the launcher.
Agreed, the Launcher has always been a complete mess. Funny how many things change yet still remain the same.