[resolved] Autopilot And Application Rules

1. What logic is used to create new firewall application rules? Is there a whitelist?

2. What insurance is there that an allow rule won't be created for a rogue application? I had this happen and want to prevent this but at the same time do not want to have to use paranoid mode.

Thanks

Find more posts tagged with

Comments

rootkit

Hello

Welcome back.

1. We have a large database with known files and publishers. If the file is in that database, the connection is allowed.

2. Rogue applications / Fake Antivirus products don't have a digital signature for the files and the connection will be blocked. Also, if the antivirus engine detects the file as infected, the firewall will automatically deny the connection.

Take care.

Charyb

Ok, thanks for the response.

rootkit

Hello

You are most welcome. If you have other requests, please open a new ticket.

Have a great weekend!

Quick Links

All Categories
Recent Posts
Activity
Best Of