Set Windows Firewall rules dynamically during exam session

[xarem]

Is your feature request related to a problem? Please describe.
We want to prevent the use of unknown or self-hosted/compiled remote access tools during the exams. These applications often bypass SEB restrictions by establishing background connections via dynamic ports or connection brokers. Currently, SEB does not provide a way to enforce system-level firewall rules during the exam.

Describe the solution you’d like
We propose that SEB should allow administrators to define temporary Windows Firewall rules within the SEB configuration. These rules would be activated when SEB starts and removed once SEB closes. For example, we could block outbound connections to specific ports, IPs or similar.

Describe alternatives you’ve considered
The only current workaround is to block these services at the network level (e.g. in the BYOD Wi-Fi network). However, this approach also affects other users and devices, which is not ideal. A device-level solution within SEB would be much more precise and less intrusive. If feature request #1150 is implemented, this functionality might no longer be necessary, as it would allow us to enforce the use of a designated exam network.

Additional context
This feature would allow institutions to enforce tighter exam security without compromising other users on the same network.

We would greatly appreciate it if this feature could be made available on both macOS and Windows versions of SEB.

[dbuechel]

Thanks for the feature request. This would need to be part of the SEB Service component (which we generally do not recommend using in BYOD scenarios) as SEB itself is not running with elevated privileges.

Furthermore, we're unfortunately completely occupied with other priorities for the foreseeable future, so I cannot guarantee that we'll get around to having a closer look to the feature request.

[github-actions]

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.

[danschlet]

We would greatly appreciate it if this feature could be made available on both macOS and Windows versions of SEB.

@xarem: On macOS such a feature doesn't make much sense and the effort to implement it would make it unfeasible. Just use the AAC Assessment Mode instead of the standard SEB kiosk/lockdown mode (Settings / Security / Prefer AAC Assessment Mode. AAC blocks all other (not permitted) applications running in the background to access the network/internet.

[github-actions]

This issue is stale because it has been open for 28 days with no activity. It will soon be closed automatically if there are no updates.