SafenSoft: proactive protection against malware and insider threats

Tel.: + 7 (495) 967-14-51 | Contacts | Site map

Products

eStore

Downloads

Support

Partners

Company

Protection scope

Index | << Previous | Next >>

The Common Rules tab in the Application control policy window contains information about the general rules

imposed on all applications when resource (files, folder, system registry, etc.) or device access is detected. These rules are grouped into following categories:

•	File system

•	System registry

•

Network

•	Process privileges

•

Devices

•	Interprocess interaction

A default set of rules is included with the program, developed by SafenSoft SysWatch's experts as a result of analyzing malicious code behavior.

Actions

1.	Choose Activity policy in the Context menu.

2. Switch to Common rules tab in the Application control policy window. Select the File system protection scope from the drop-down list.

136

3. Select a file system object in the tree and

• Check the Read checkbox in order to protect the file from reading by applications. This will automatically block changing and deletion of the file.

• Check the Write checkbox to protect the file object from creation and altering by applications.

• Check the Delete checkbox to protect the file object from being deleted.

137

4. Right click in the Use for column to change the group of applications which will be affected by the activity control rule:

• All – the rule will be applied to all applications

• Trusted – the rule will be applied to known/trusted applications, which are present in the system profile

• Restricted - the rule will be applied to potentially dangerous – restricted or unknown applications, which are not present in the system profile

5. Right click in the Use for column and choose Additional item.

138

6. Change following settings in the Additional window:

•	Users – select the users to be controlled by this rule

139

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

140

•	Exceptions – select the applications to be excluded from the rule

141

7. Click on OK button in the Additional window to save changes

8. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

142

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the System registry protection scope from the drop-down list.

143

3. Select a file system object in the tree and

•	Check the Read checkbox in order to protect the selected system registry object from being read by applications. This will automatically preventing changing or deletion of the system registry object.

•	Check the Write checkbox to protect the selected system registry object from new entry creation or alteration by applications.

•	Check the Delete checkbox to protect the selected system registry object from being deleted.

144

4. Right click in the Use for column to change the group of applications which will be affected by the activity control rule:

•	All – the rule will be applied to all applications

•	Trusted – the rule will be applied to known/trusted applications, which are present in the system profile

•	Restricted - the rule will be applied to potentially dangerous – restricted or unknown applications, not present in the system profile

5. Right click in the Use for column and choose Additional item.

145

6. Change following settings in the Additional window:

•	Users – select the users to be controlled by the rule

139

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

140

•	Exceptions – select the applications to be excluded from the rule

141

7. Click on OK button in the Additional window to save changes

8. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

146

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Network protection scope from the drop-down list.

147

3. Click the Add button.

4. Enter a name of the network rule into the Name field.

5. Specify the direction of data transfer from the Direction drop-down list. The default value is Inbound/Outbound.

6. Specify the network protocol from the Protocol drop-down list. The default value is TCP/UDP.

7. Define the Local IP address or an address range in the appropriate fields. The default value is Any address.

8. Define the Remote IP address or an address range in the appropriate fields. The default value is Any address.

9. Click on the OK button to save the rule.

148

10. Change following settings in the Additional window:

150

•	Users – select the users to be controlled by the rule

151

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

152

11. Click on OK button in the Additional windows to save changes

12. In the list of network rules uncheck the Allow checkbox next to the rule created to block connection to the specified network resource.

13. In the list of network rules check the Confirm checkbox to be prompted each time SafenSoft SysWatch is going to restrict application’s network activity.

14. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

149

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Network protection scope from the drop-down list.

147

3. Select an appropriate network rule from the list.

4. Click the Edit button.

153

5. Change the rule and click on the OK button to save changes.

154

6. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

149

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Network protection scope from the drop-down list.

147

3. Select an appropriate network rule from the list.

4. Click the Delete button.

5. Click on the OK button to confirm deletion.

155

6. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Network protection scope from the drop-down list.

147

3. Select the Any network activity network rule from the list and uncheck the Allow checkbox next to it.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

156

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Devices protection scope from the drop-down list.

157

3. Select the USB Devices from the list and uncheck the

•	Uncheck the Read checkbox to protect the selected USB device from being read by applications. This will automatically prevent change or deletion of the files and folders stores on the USB device.

•	Uncheck the Write checkbox to protect the selected USB device from new file and folder creation and the alternation of existing data by applications.

•	Uncheck the Delete checkbox to protect files and folders stored on the selected USB device from being deleted.

4. Click on Additional link.

158

5. Change following settings in the Additional window:

•	Users – select the users to be controlled by the rule

139

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

140

•	Exceptions – select devices to be excluded from the rule. You can additionally allow/deny Read, Write and Delete access for the excepted device.

•	Update – update the list of USB devices attached to the computer

•	Remove - remove the selected device from the list of excepted devices

6. Click on OK button in the Additional window to save changes

160

7. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

1.	Choose Activity policy in the Context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Devices protection scope from the drop-down list.

157

3. Check Disable autorun for all devices.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

161

1.	Choose Activity policy in the Context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Devices protection scope from the drop-down list.

157

3. Select the CD/DVD Devices from the list and uncheck the Read, Write, Delete checkboxes.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

162

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Devices protection scope from the drop-down list.

157

3. Select the LPT Ports from the list and uncheck the Read, Write, Delete checkboxes.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

163

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Devices protection scope from the drop-down list.

157

3. Select the COM Ports from the list and uncheck the Read, Write, Delete checkboxes.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

164

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the File System or System Registry protection scope from the drop-down list.

3. Uncheck the Show objects without access restrictions checkbox.

4. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

165

1. Choose Activity policy item in the context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Interprocess Interaction protection scope from the drop-down list.

170

3. Check Clipboard access checkbox

4. Click on the Additional link.

169

5. Change following settings in the Additional window:

•	Users – select the users to be controlled by the rule

151

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

152

6. Click on OK button in the Additional window to save changes

7. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

171

1.	Choose Activity policy in the Context menu.

2. Switch to Common rules tab in the Application control policy window. Select the Interprocess Interaction protection scope from the drop-down list.

172

3. Select a privilege in the list and uncheck the checkbox at the State column.

4. Click on Additional link.

5. Change following settings in the Additional window:

•	Users – select the users to be controlled by the rule

•	Time – set time periods for the rule to be active. The rule will be active at all times by default

6. Click on OK button in the Additional window to save changes

7. Click on OK or Apply button in the Common rules tab to save new rule and to update Application control policy.

173

© SafenSoft, 2004-2011. All rights are reserved.	License Agreement \| Press Center \| Awards \| Contacts \| Search \| Site map \| RSS
Host-based Intrusion Prevention System (HIPS) \| The best virus protection \| Application whitelisting \| Application Integrity Control \| Comprehensive Malware Protection \| Application protection \| Windows Startup / Registry Protection