[resolved] Autopilot And Application Rules

Charyb
Charyb ✭✭✭

1. What logic is used to create new firewall application rules? Is there a whitelist?


2. What insurance is there that an allow rule won't be created for a rogue application? I had this happen and want to prevent this but at the same time do not want to have to use paranoid mode.


Thanks

Comments

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Welcome back.


    1. We have a large database with known files and publishers. If the file is in that database, the connection is allowed.


    2. Rogue applications / Fake Antivirus products don't have a digital signature for the files and the connection will be blocked. Also, if the antivirus engine detects the file as infected, the firewall will automatically deny the connection.


    Take care.

  • Charyb
    Charyb ✭✭✭

    Ok, thanks for the response.

  • rootkit
    rootkit ✭✭✭
    edited April 2012

    Hello :)


    You are most welcome. If you have other requests, please open a new ticket.


    Have a great weekend!

This discussion has been closed.