Firewall Application Rules

coolcool1227
coolcool1227 ✭✭✭
in Feature request

There should be indication of Command Line, Destination, Protocol and Port No. in the Application Rules for the applications and processes when they accessed the internet.

Comments

  • rootkit
    rootkit ✭✭✭

    Hi ONT


    Please explain your feature request. Also, post a screenshot(if necessary).


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited November 2011

    Hi


    There should be indication of Command Line, Destination, Protocol and Port No. in the Application Rules for the applications and processes when they accessed the internet in the EVENTS.


    Kindly see the encirclement in the attached file.

    post-31288-1320313032_thumb.jpg

  • rootkit
    rootkit ✭✭✭

    Hi ONT


    If Paranoid Mode is on, the user already knows about those processes that are trying to connect to the internet.


    Events are created to log all the silent actions from our product.


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited November 2011

    Hi Cristi


    Would you like to elaborate "Silent Actions" ? And what if the user forgot about or want to review the processes (that are trying to access the internet) from the Logs/Events?

  • rootkit
    rootkit ✭✭✭
    edited November 2011

    Hello


    If a user want's to review a process, he can check the firewall rules.


    From there you can change all the permissions.


    Silent Actions should not be treated ad litteram, I'm talking about all the Events that don't need user intervention.


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭

    Actually only Application Rules and Port No. are displayed in the Events and not the Command Line.

  • rootkit
    rootkit ✭✭✭

    Hi ONT


    For some processes, the Command Line is not available or the software does not provide this option.


    Could you please give me some examples from Events? (others than the one posted already).


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭

    Hi Chris


    Kindly see the attachments. In the first one, you'll see the Command Line: /prefetch:1, while in the Events, here is no indication of it. So how can I differentiate from the Events whether they use Command Line or not?

    post-31288-1323933650_thumb.jpg

    post-31288-1323933661_thumb.jpg

    post-31288-1323934225_thumb.jpg

  • coolcool1227
    coolcool1227 ✭✭✭
    edited December 2011
    Hi ONT


    For some processes, the Command Line is not available or the software does not provide this option.


    I know that there is written <empty> in front of Command Line as you can see in the third attachment of above post.


    Kindly also add indication of "Parent" in the EVENTS.

  • rootkit
    rootkit ✭✭✭

    Hi Omer :)


    I have forwarded all the data to our developers as feature request.


    Thank you.

  • coolcool1227
    coolcool1227 ✭✭✭

    Any update?

  • rootkit
    rootkit ✭✭✭

    Hello :)


    This request is still in pending, please be patient.


    Take care.

All Time Leaders

Categories

Defenders of the month