I have some applications that creates javaw.exe processes. These processes needs to communicate in the network system. It is a small and isolated system (no internet). I have done quite some testing, so a lot of background info below.
Firewall policy using host list cannot be used to allow the applications I want to communicate freely in the network, as the communication is not using TCP or UDP. I have done a lot of testing with the firewall policy, and I cannot ID the application/process by its application name. It (I am only using one during development) will only be allowed if I have a rule allowing javaw.exe applications.
My firewall policy looks like this:
- Allow javaw.exe
- Allow all connections on [Host List = IPv4 addresses of network components]
- Block everything
This works, but gives me a big hole in the firewall. I am trying to adress that with an Application Policy (based on default rule AC1 Block applications from running). That looks like this:
Block Applications from Running. Apply this rule to: *
Do not apply this rule to *symantec* , *Symantec*, *<application name>*
Condition:
Apply to the following processes: *javaw*
Do not apply to: *ymantec*, *<application name>*
This rule will not only block my application. It will also block SEPM, as it is also a javaw.exe process. When trying to start my application under this policy, I get an error "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item". For SEPM, it will not react at all. At best I've seen a flash of a command window.
So even if I specifically excludes Symantec and my application from the Block Application rule, they are still blocked.