1 of 1 people found this helpful
Hello, firewall rules should be created per your security policy. Cut/pasting this from another thread, that I just posted to, as it's relevant to your question as well.
As with any application and firewall rule, you'll need to decide how strict your create your rules. Find all necessary ports required by the application (in this example, do port checks on local systems; search Microsoft's articles; find what ports it's supposed to use and what it is using). Decide how strict you want to make the rule and create the rule based off your decisions.
- Do you want to MD5 hash the executable? You may need multiple rules for all the svchost.exe builds you have in your environment.
- Do you just want to use the executable name, or do you want specific file paths? (malware may use the same filename, but from a different directory).
- What all ports are required for this application to function properly? You may need multiple rules to cover all the inbound/outbound ports.