Dan2

New Trusted Program Update Rule

Recommended Posts

     Hello Again!  I have another question I was just wondering about, if I may.  Since I upgraded to EIS whenever I update trusted programs such as Firefox Web Browser and other routinely trusted programs I am asked by EIS in the form of two boxes appearing wether I want to simply update the existing rule (advises less secure choice) or to create new rules for program which is suggested as better security.  I usually just select the less secure update existing rule choice. 

 

I was just wondering for say a known web browser or other known routinely safe programs if just selecting the update rule choice is what I need to be doing, as I don't want to be inadvertently compromising my security.  Thanks Again

Share this post


Link to post
Share on other sites

Updating the existing rule should be fine. It essentially just updates the rule with the new hashes of the file in question.

Share this post


Link to post
Share on other sites

Why is this not done automatically?

This way it confuses users....unless this could be malicious action too.

Share this post


Link to post
Share on other sites

Updating the existing rule should be fine. It essentially just updates the rule with the new hashes of the file in question.

     Thanks GT500, I figured this would work but wanted to be sure.  Thanks Again

Share this post


Link to post
Share on other sites

Why is this not done automatically?

Some infections will inject code into other executables. The notification to inform you that a file has changed gives you the opportunity to make sure it was a legitimate update before you choose to trust any changes to an executable.

This way it confuses users....unless this could be malicious action too.

It certainly can, and I imagine that most people just click whatever button works best for them (probably the "Update rule" button).

It's possible that most people may not see it, but when the Behavior Blocker displays an alert for a potentially malicious behavior, there is actually an option to not notify you if the file is modified. This option is also present if you edit a rule for an application.

Share this post


Link to post
Share on other sites

I'm interested in this too (image here...https://cyberraiden.files.wordpress.com/2015/04/emsisoft-internet-security-10-alert_01-05-2015_01-12-29.jpg?w=830 ) I've always opted for the "Remove rule" option that monitors the programme like a newly installed one. The problem with this is that it deletes the existing rule, and I'm not technically-minded enough to write new rules

 

My questions are these:

1) Is monitoring a programme without rules generally more secure than monitoring one with rules (I assume that depends on the rules chosen)?

2) For the non-technical is "Remove rule" the more secure (and better?) choice?

3) I would say that the default rules attached to Firefox, for example, are quite relaxed (All Allowed). If you don't have rules is everything monitored, e.g. backdoor related activity, spyware related activity, etc?

 

Regards

tim-b

Share this post


Link to post
Share on other sites

1) Is monitoring a programme without rules generally more secure than monitoring one with rules (I assume that depends on the rules chosen)?

It's only more secure if the application isn't safe, but you had allowed some behavior it had exhibited in the past. For a safe application, you're going to want a rule to prevent alerts for that application (you don't need to know when a safe application is reading keyboard and mouse input, for instance).

2) For the non-technical is "Remove rule" the more secure (and better?) choice?

Probably not. Technically it's the more frustrating choice, as it will increase the number of alerts you see for an application.

3) I would say that the default rules attached to Firefox, for example, are quite relaxed (All Allowed). If you don't have rules is everything monitored, e.g. backdoor related activity, spyware related activity, etc?

Firefox isn't going to do anything malicious (at least not by itself). Anything malicious that you encounter while browsing in Firefox will need to be saved somewhere on your computer and executed in order to compromise it, and both the File Guard and Behavior Blocker will monitor a trojan that is trying to install an infection regardless of what rules you have configured for Firefox.

Share this post


Link to post
Share on other sites

Thanks for explaining that. I don't want to experiment in case I lose my application rules, however:

Does "factory defaults" detect my installed software and add appropriate rules as a new installation would? (Having just used "export settings" I now know that keeps them)

 

Thanks for your patience

Share this post


Link to post
Share on other sites

Does "factory defaults" detect my installed software and add appropriate rules as a new installation would? (Having just used "export settings" I now know that keeps them)

The "Factory defaults" option restores default settings, but it does so selectively, meaning you select what type of settings to revert to defaults. If you revert the Application Rules to defaults, then Emsisoft Internet Security would recreate rules for any running applications (or at least any that exhibit monitored behaviors).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.