Deepguard - block connections without block/allow the program


Re: Deepguard - block connections without block/allow the program

Have read the whitepaper without getting any clarification, and I really want to understand Deepguard better:


- Is allowing a program in Deepguard mainly about allowing the program to make internet connections? (assuming Deepguard continues to monitor the program after I have allowed it)


- Is Deepguard only monitoring GUI programs, and not possible services that are installed along the GUI program?

Former F-Secure Employee

Re: Deepguard - block connections without block/allow the program

Hello NikK,


It's not only about connections, if the program behaves suspiciously, execution is also blocked.


Every not known good executable is being monitored by DeepGuard regardless if it's a service or not.



Re: Deepguard - block connections without block/allow the program

2 posts in this thread was lost when the site went down last friday. I had forgotten I changed my email notifications to include both subject + body so here are the posts 2 in 1.


Thank you @Siltanen  I'm satisfied with this answer so I'll mark this as accepted, and provide an idea to improve Deepguard.

Please vote for this idea if you want better protection when trying out unknown programs:



If the not known good program is still monitored after I've allowed it, the only difference from before I allowed it is that now it's allowed to make connections?


Siltanen: The programs are still being monitored and their reputation is regurlarly checked from the cloud.


Great that it monitors service executables too, although I have never gotten a Deepguard question about one, which is strange.


Siltanen: It's not that strange that you haven't had a prompt about a service, since it's highly likely that you've only had good, known, services running.


I mean if the GUI exe is not known, then the specific service exe that came with the GUI isn't known either, right? Or does Deepguard only ask about GUI exe's?


Siltanen: Each and every executable are individually handled regardless of whether they have a traditional "GUI" or not. Though it's within the realm of possibilities that an unknown GUI application is shipped with an unknown executable (which acts as a service.)


Siltanen: To sum it up:

DeepGuard doesn't differenciate between what type of an application the executable is.

View solution in original post

Tags (2)