Jump to content

tagwolf

Members
  • Posts

    2
  • Joined

  • Last visited

About tagwolf

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Automatic Rule Consolidation Automatically consolidate / composite rules which offer the same allow permissions but for different files, paths, functions, etc. Each executable should fit into ONE rule per allow / deny type. This would make users MUCH safer by actually being able to audit their HIDS and Firewall rules. If a DENY rule negates an ALLOW rule, disable / delete the ALLOW. Allow users to see how rules are going to be composited and allow them the option to keep individual rules This would prevent having 1000+ rules are 1 week of learning mode. Some of my install exe's have literally 20 rules that are duplicate! I currently had to write a script to do this to an exported XML ruleset. I then re-import. Wildcard paths, IP's, registry paths, etc. To further consolidate rules.Example, allow Setup.msi Access to Registry on HKEY_LOCAL.../Application/installer/*, and Write,Delete on C:/temp/*.ex_ (One rule, two at most to do something like this. Perform intelligent allow/block based on current operation and user choice.Something like a SMART ALLOW button which allows This processes and all CHILD processes that spawn from this an ALLOW TIL QUIT (For installers) or an ALLOW AND ADD SMART RULE for launching new applications. Having the Allow/Block pop up literally 90 times during an install or a first time application launch and adding just as many rules is not fun or encouraging security. REGEX Matching in rules Rule Sorting by Column The current column headers do not appear to function. Should be able to sort rules by name, path, port, etc. Rule Window Resizable I currently cannot resize my rule window. When you have 1000+ rules (see above), it makes it impossible to sort or audit them.
  2. Please consider developing the following for ESET: Automatic Rule ConsolidationE.g. if I already have a rule to allow notepad.exe allow to run and one to allow writing to a directory, combine them. I currently had to write a script to do this in an exported XML ruleset. Please, this would avoid having 1000+ rules after doing learning mode for a week! It would also be MUCH safer as people would be able to actually audit their rulesets. Rule SortingThe column headers don't seem to do anything
×
×
  • Create New...