To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

FSAV PSB firewall deny rule, instead of Windows hosts file 127.0.0.1-ing?

etomcat
etomcat W/ Alumni Posts: 1,172 Firewall Master

Dear Sirs,

 

It is a time-honoured tradition to edit the Windows "system32/drivers/etc/hosts" to add a loopback or null entry for non-desirable site names, like blocking "ads.adfox.ru" and "textad.eroticmatch.com" et c.

 

With Windows 8.1, this habit is facing big obstacles, because there is a lot of UAC and sysrestore protection against modifying the hosts file and the computer slows down if the hosts file exceeds ~128kByte, while many adsite-badsite banning lists are 384-512kB in size. This problem can't be fixed without turning off the DNS Client service but then AD domain won't work properly.

 

So I thought of creating a traffic deny rule in FSAV PSB personal firewall "Internet Shield" against undesirable DNS names, to achieve the same hostfile-like functionality. Is that even possible? (I heard every setting is theoretically limited to max. 8kB in F-Secure, due to use of SNMP MIB structures.) If supported, is it possible to import from file or is it necessary to copy-paste each line manually?

 

Thanks for your kind attention, Sincerely:

Tamas Feher, Hungary.

Comments

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello Tamas,

     

    Yes, currently there is 8kB limitation for a policy setting on a PSB portal side.

    As a workaround you can create several firewall rules.

    Unfortunately, import from a file is not supported.

     

    Best regards,

    Vad

This discussion has been closed.