Hello,
I am testing defensewall on my laptop.
This is a good product but i don't see how to know what is protected or not.
For example, i have see in this forum that many registry keys are protected but how to know if a key is protected for an untrust process or if i must put this key myself.
Another example, if i want to prevent an untrust process to create a file in windows/system32, is Defensewall have in internal rulset for this rule (i suppose yes) ?
How can i see what is restricted or not for an untrust process ? (registry, directory ...)
I have look the help but don't find.
Internal rules
Started by
chs
, May 31 2008 08:37 AM
4 replies to this topic
#2
baerzake
-
- Active Members
-
- 63 posts
Active Member
Posted 31 May 2008 - 08:47 AM
dw no need to make rules manully, and also dw will not block file creat in your system, you just need to add application to the untrusted list and run as untrusted. all file created by untrusted application are also "untrusted" and restricted by built-in rules and could not destroy your system
Edited by baerzake, 31 May 2008 - 08:48 AM.
#3
Ilya Rabinovich
-
- SoftSphere Technologies
-
- 4,896 posts
- DefenseWall -
Posted 31 May 2008 - 08:57 AM
DW do not block file creation within %windows directory%\system32 folder as some legitimate application installers may use this technique, also, this won't low down security level.
If you want to protect some registry key manually- no problem, just associate it with "System" process within "Resource Protection" section.
If you want to protect some registry key manually- no problem, just associate it with "System" process within "Resource Protection" section.
#4
chs
-
- Active Members
-
- 47 posts
Active Member
Posted 31 May 2008 - 09:21 AM
Thank's Ilya for your fast answer.
OK, i understand.
1) Untrust app installed on system can create files in system32 ot others ...
This files are untrusted too.
If i upgrade Dw or if must reinstall Dw (after SP3 upgrade for example), is untrust files are always untrust (or i must export config ?)
2) Is it posible to know what is forbiden to an untrust process ?
3) Can you tell me if Dw has know incompatibility with certain software (security software like prosecurity or SSM ..) ?
OK, i understand.
1) Untrust app installed on system can create files in system32 ot others ...
This files are untrusted too.
If i upgrade Dw or if must reinstall Dw (after SP3 upgrade for example), is untrust files are always untrust (or i must export config ?)
2) Is it posible to know what is forbiden to an untrust process ?
3) Can you tell me if Dw has know incompatibility with certain software (security software like prosecurity or SSM ..) ?
#5
Ilya Rabinovich
-
- SoftSphere Technologies
-
- 4,896 posts
- DefenseWall -
Posted 31 May 2008 - 07:06 PM
QUOTE (chs @ May 31 2008, 09:21 AM) <{POST_SNAPBACK}>
If i upgrade Dw or if must reinstall Dw (after SP3 upgrade for example), is untrust files are always untrust (or i must export config ?)
You need do not erase DW's settings or you need export both "untrusted" and "internal" lists.
QUOTE (chs @ May 31 2008, 09:21 AM) <{POST_SNAPBACK}>
2) Is it posible to know what is forbiden to an untrust process ?
There are A LOT of restrictions.
QUOTE (chs @ May 31 2008, 09:21 AM) <{POST_SNAPBACK}>
3) Can you tell me if Dw has know incompatibility with certain software (security software like prosecurity or SSM ..) ?
I don't know such the software.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
