Ideas

Thanks for this suggestion. Some followup comments and questions however.

As you say, our firewall defaults to allow all when you first configure it. As you can imagine, we can't predict what apps and services are in use at a given customer, and customers start to get upset when you start blocking things by default. So in the absence of some other source of info, this is the safe starting point.

Now let's come to your idea of importing Windows firewall settings - the challenge here is which Windows settings? When you set up a policy in VIPRE, it applies to all machines assigned to that poiicy - but when you create the policy, it initially has zero devices assigned to it. So we don't know which machine to use as the source of imports. Or let's say you assign a dozen devices to the policy - which one should we use as the source of imported settings? In other words, there's a bootstrapping problem here.

One thought would be to start with the default "allow all" policy, but allow the admin to run a little import wizard that would pull Windows firewall settings from a single selected device. We couldn't choose automatically, but we could allow the admin to easily pick something they know to be correct. Do you think that would satisfy your use case?

As for the firewall/IDS dependency - we use the firewall driver to capture the network traffic that is then fed to the IDS. With the default config (allow all), our firewall basically is transparent and just routes data through the IDS - useful if you care about the IDS but don't really care about the firewall. In your case, however, presumably you have some Windows firewall settings that effectively get turned off when our firewall is enabled - which could reduce security. Which really brings us back to your first suggestion.

Let us know if you think picking a specific device to import settings from would be a good solution, I'll discuss with the team. Thanks!