Maniak2000 1 Posted February 25, 2017 Report Share Posted February 25, 2017 On default settings 1) For unknown programs rule "Behaviour Blocker = custom, Firewall in = custom, Firewall out = All alllowed" is created, and for trusted programs rule "Behaviour Blocker = All alllowed, Firewall in = All alllowed, Firewall out = All alllowed" is created, is that correct? 2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)? If not, wouldn't large amount of "dead" rules slow things down? 3) If the unknown program is started (and rule for unknown programs is created) but after a while the program is declared safe \ trusted, does the "old" (for unknown programs) rule get replaced by "new" (for trusted programs) one? 4) Is there (or will there be) a way to "re-scan" application rules list in order to hide fully trusted files (that were previously unknown), or is it automatic process? Quote Link to post Share on other sites
GT500 853 Posted February 26, 2017 Report Share Posted February 26, 2017 7 hours ago, Maniak2000 said: 1) For unknown programs rule "Behaviour Blocker = custom, Firewall in = custom, Firewall out = All alllowed" is created, and for trusted programs rule "Behaviour Blocker = All alllowed, Firewall in = All alllowed, Firewall out = All alllowed" is created, is that correct? That sounds accurate. For untrusted programs, the only thing automatically allowed should be outbound traffic. 7 hours ago, Maniak2000 said: 2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)? ... Yes. Rules are not kept for programs that do not exist. 7 hours ago, Maniak2000 said: 3) If the unknown program is started (and rule for unknown programs is created) but after a while the program is declared safe \ trusted, does the "old" (for unknown programs) rule get replaced by "new" (for trusted programs) one? In that scenario the existing rule would be modified to reflect the fact that the program is now "trusted". 7 hours ago, Maniak2000 said: 4) Is there (or will there be) a way to "re-scan" application rules list in order to hide fully trusted files (that were previously unknown), or is it automatic process? Fully trusted programs are hidden automatically in the Application Rules list if the option to hide them is enabled. The list is updated on-the-fly, so it always hides applications considered "trusted" when the option is turned on. Quote Link to post Share on other sites
Maniak2000 1 Posted February 26, 2017 Author Report Share Posted February 26, 2017 Why do I have a bunch of programs with "Behaviour Blocker = All allowed, Firewall in = custom, Firewall out = All alllowed" rule set? Are they trusted programs? If so, why are they in the list (aren't they supposed to be hidden from the list)? If they aren't trusted, why "Behaviour Blocker = All allowed" rule is there? It's a bit confusing. Quote Link to post Share on other sites
GT500 853 Posted February 26, 2017 Report Share Posted February 26, 2017 The rules are that way because the programs were allowed when they performed some sort of behavior that our Behavior Blocker monitors. The firewall settings aren't necessarily changed when behavior is allowed. Quote Link to post Share on other sites
Quirky 6 Posted March 19, 2017 Report Share Posted March 19, 2017 On 2/26/2017 at 6:44 AM, GT500 said: On 2/25/2017 at 11:32 PM, Maniak2000 said: 2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)? If not, wouldn't large amount of "dead" rules slow things down On 2/26/2017 at 6:44 AM, GT500 said: Yes. Rules are not kept for programs that do not exist. About rule self-cleaning, I'd like to ask if this is also valid for scanning/monitoring exclusions. For example, if I've added a folder/file exclusion that it's no longer there (the excluded file or folder), would the exclusion be auto-removed at some point? Quote Link to post Share on other sites
GT500 853 Posted March 21, 2017 Report Share Posted March 21, 2017 On 3/19/2017 at 10:17 AM, CBMman said: ... if I've added a folder/file exclusion that it's no longer there (the excluded file or folder), would the exclusion be auto-removed at some point? No, exclusions are not automatically removed. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.