Is there a way to where I don’t have to add a rule to my firewall after every new dvr version? Right now, in order to view remote channels. I have to put a rule for the app to allow connections in my norton firewall. It works after I do it but it is kind of a pain. Any suggestions?
Funny! Problem is, the problem exists with other firewalls, too.
So instead of an application rule, why don’t you make a port rule. That would solve it once and for all.
Right, a firewall monitors network traffic. It is a protocol/port based entry/exit point. Common firewalls that come to mind are Shorewall, iptables, most router firmware.
Something that prevents applications from running is not a firewall, although norton may market it as such.
Welll, I would disagree on your definition and be more generic in stating that a firewall controls traffic based on security rules.
We generally configure our host-based firewalls to secure based on executables over ports, because it is the code was are trusting to handle the communication, vs any code that has he listener open.
But on this case, I don’t see any benefits to be gained, only recordings lost by trying to fight it.
Here’s the thing. You set an application to either allow or deny connections. It looks like every time the app is updated, it is downloads a full new version and saves in a different location. So the app file path is different after every update. This is why I have to keep creating new rules I believe. It’s not like the app updates in the same folder and replaces the old app. I’m running my dvr on a iMac with i7 processor and 16gb ram.
We get what you are saying, but are suggesting that instead of allowing the DVR app out, just open port 8089. That type of rule won’t need chainging every update.
The norton firewall will let you do that.
Security wise, that’s not what I want to do. I don’t want to allow all traffic to that connection, just the connection for the dvr. I realize that the risk is low but it would still be a risk.
Ok, at least you know what the consequences of the decision are.
I will just say this. Only one service can own a port, therefore if the DVR service is running, then the exposure of the port vs the app is exactly identical, therefore no more or less secure.
FWIW, the macOS built-in firewall has no issue. You can whitelist ~/Library/Application Support/ChannelsDVR/latest/channels-dvr once and it works fine.
Little Snitch and Norton don’t like how we auto-update. I’d like to change things so we’re more compatible, but any changes to the auto-update subsystem need to be done very carefully with lots of testing, otherwise everyone’s DVR is going to break.
No ETA on when this might happen; in the mean time I would advise a port-based rule as @ImNotSerious suggest.
If you’re running a third-party firewall software on macOS, can you please run the following command in Terminal.app and copy/paste the output to [email protected]
kextstat | grep -v com.apple
Ok, just sent it to you
1 Like