Automatic Rule Consolidation
Automatically consolidate / composite rules which offer the same allow permissions but for different files, paths, functions, etc.
Each executable should fit into ONE rule per allow / deny type.
This would make users MUCH safer by actually being able to audit their HIDS and Firewall rules.
If a DENY rule negates an ALLOW rule, disable / delete the ALLOW.
Allow users to see how rules are going to be composited and allow them the option to keep individual rules
This would prevent having 1000+ rules are 1 week of learning mode. Some of my install exe's have literally 20 rules that are duplicate!
I currently had to write a script to do this to an exported XML ruleset. I then re-import.
Wildcard paths, IP's, registry paths, etc. To further consolidate rules.Example, allow Setup.msi Access to Registry on HKEY_LOCAL.../Application/installer/*, and Write,Delete on C:/temp/*.ex_ (One rule, two at most to do something like this.
Perform intelligent allow/block based on current operation and user choice.Something like a SMART ALLOW button which allows This processes and all CHILD processes that spawn from this an ALLOW TIL QUIT (For installers) or an ALLOW AND ADD SMART RULE for launching new applications.
Having the Allow/Block pop up literally 90 times during an install or a first time application launch and adding just as many rules is not fun or encouraging security.
REGEX Matching in rules
Rule Sorting by Column
The current column headers do not appear to function.
Should be able to sort rules by name, path, port, etc.
Rule Window Resizable
I currently cannot resize my rule window.
When you have 1000+ rules (see above), it makes it impossible to sort or audit them.