Maniak2000

Few questions about application rules.

Recommended Posts

On default settings

1)  For unknown programs rule "Behaviour Blocker = custom, Firewall in = custom, Firewall out = All alllowed" is created,  and for trusted programs rule "Behaviour Blocker = All alllowed, Firewall in = All alllowed, Firewall out = All alllowed" is created,  is that correct?

2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)?   If not, wouldn't large amount of "dead" rules  slow things down?

3) If the unknown program is started (and rule for unknown programs is created)  but after a while the program is declared safe \ trusted,  does the "old" (for unknown programs) rule get replaced by "new" (for trusted programs) one?

4)  Is there (or will there be) a way to "re-scan" application rules list in order to hide fully trusted files (that were previously unknown),  or is it automatic process?

Share this post


Link to post
Share on other sites
7 hours ago, Maniak2000 said:

1)  For unknown programs rule "Behaviour Blocker = custom, Firewall in = custom, Firewall out = All alllowed" is created,  and for trusted programs rule "Behaviour Blocker = All alllowed, Firewall in = All alllowed, Firewall out = All alllowed" is created,  is that correct?

That sounds accurate. For untrusted programs, the only thing automatically allowed should be outbound traffic.

 

7 hours ago, Maniak2000 said:

2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)? ...

Yes. Rules are not kept for programs that do not exist.

 

7 hours ago, Maniak2000 said:

3) If the unknown program is started (and rule for unknown programs is created)  but after a while the program is declared safe \ trusted,  does the "old" (for unknown programs) rule get replaced by "new" (for trusted programs) one?

In that scenario the existing rule would be modified to reflect the fact that the program is now "trusted".

 

7 hours ago, Maniak2000 said:

4)  Is there (or will there be) a way to "re-scan" application rules list in order to hide fully trusted files (that were previously unknown),  or is it automatic process?

Fully trusted programs are hidden automatically in the Application Rules list if the option to hide them is enabled. The list is updated on-the-fly, so it always hides applications considered "trusted" when the option is turned on.

Share this post


Link to post
Share on other sites

Why do I have a bunch of programs  with   "Behaviour Blocker = All allowed, Firewall in = custom, Firewall out = All alllowed" rule set?

Are they trusted programs? If so, why are they in the list (aren't they supposed to be hidden from the list)?

If they aren't trusted, why "Behaviour Blocker = All allowed"  rule is there?

It's a bit confusing.

Share this post


Link to post
Share on other sites

The rules are that way because the programs were allowed when they performed some sort of behavior that our Behavior Blocker monitors. The firewall settings aren't necessarily changed when behavior is allowed.

Share this post


Link to post
Share on other sites
On 2/26/2017 at 6:44 AM, GT500 said:
On 2/25/2017 at 11:32 PM, Maniak2000 said:

2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)?   If not, wouldn't large amount of "dead" rules  slow things down

 

On 2/26/2017 at 6:44 AM, GT500 said:

Yes. Rules are not kept for programs that do not exist.

About rule self-cleaning, I'd like to ask if this is also valid for scanning/monitoring exclusions. For example, if I've added a folder/file exclusion that it's no longer there (the excluded file or folder), would the exclusion be auto-removed at some point?

Share this post


Link to post
Share on other sites
On 3/19/2017 at 10:17 AM, CBMman said:

... if I've added a folder/file exclusion that it's no longer there (the excluded file or folder), would the exclusion be auto-removed at some point?

No, exclusions are not automatically removed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.