banner

[Solved] Fail applying outbound Firewall rule for Google Chrome browser on Windows 7

Sometimes, when I wanna improve the security in windows system, and I start playing with firewall outbound rules. The normal working in windows firewall is permit all outbound connections, it's insecure configuration. But it is the default security policy.

Background

I have at least three (3) browser installed in my Windows 7, one of this is Google Chrome, to my surprise when I was to add outbound firewall rule and obtained the following error message:
Error 138 (net::ERR_NETWORK_ACCESS_DENIED): Unable to access the network.

This error Why? I can't understand anything, How can it be? All is correctly configured, there was added a specific firewall rule to permit outbound traffic for any connection from Google Chrome program (Look the picture below).

Windows 7 Firewall Rule (Spanish text).
Especially when I had the same firewall rule to Firefox browser, and it working well! What is happening?

The Problem is in the Path

I had to research the origin of problem and I find out the problem with directory path! wo!... The problem lies in the path of executable program. It seems the windows firewall don't allow to add rules with different path than %PROGRAM FILES%.

This mechanism is to block the virus / malware behavior, Seriously? Can anyone belive that? I sincerely think that behavior is a error of windows firewall, because what prevents a virus installed in any directory path.

Solution


When the Google Chrome is tipically installed, it place in the following path:

%USERPROFILE%\AppData\Local\Google\Chrome\Application\chrome.exe

To change this path, it is neccesary to donwload a MSI packaged!

%PROGRAM FILES%\Google\Chrome\Application\chrome.exe

Donwload MSI Google Chrome

With, this new path the firewall rules works well.

Optionally, it can be setting up a specific protocol to restrain the traffic type, for example, it configure to TCP by 80 and 443 destination port.



No hay comentarios :

Publicar un comentario en la entrada