Is there so called white-list feature on Internet security 2014 ?

Aspirant

Is there so called white-list feature on Internet security 2014 ?

Hello

 

Is there white-list mode on Internet Security 2014 ?

By this I mean that, No program regardless of bugs/scripts/etc... would run when this mode is active, unless it's on the list.

Or is there at least way sandbox the browser(s) ?

 

Br,

Tajuton

1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: Is there so called white-list feature on Internet security 2014 ?

There's no white-list mode as you describe it that I can think of.

 

You can white-list(exclude) files for real-time scanning and for manual scans.

Also you can "white-list" programs in DeepGuard, F-Secures Host-based Intrusion Prevention System(HIPS), an application monitor that checks every program that is started. When a program is started(no matter how it was launched) DeepGuard delays it to check its reputation and behavior to decide what "type" it is:

a) The file is malicious and blocked

b) The user is given the option to allow or deny the launch

c) The file is clean and allowed to execute

d) The file’s status as clean or malicious is still unknown

 

If a program is type b("unknown") so DeepGuard asks you about it and you allow it to run, DeepGuard will still continue to monitor it. If it detects anything suspicoius it will terminate that process.

For type d you won't get asked until the program tries to connect to the Internet (if you have that setting enabled for DeepGuard).

 

Also there's Browser manipulation detection: DeepGuard detects if malware is trying to manipulate user’s browser and prevents the attempt.

Source: DeepGuard Whitepaper and this KB article 

 

Browsers usually have their own protection functionality, for example Protected Mode or Enhanced Protected Mode(64-bit) for Internet Explorer. It's more of a process isolation than a sandbox.

If you want more of a true sandbox for a browser(or any other program) I recommend Sandboxie which I've written about here among some other security advice. You can configure what programs are allowed to run in a specific sandbox, what programs can access the Internet etc. So I think Sandboxie might be the answer to both your questions.

Give Kudos to say "thanks". Click "Accept as Solution" to inform others when your issue's been solved

Need more help? Submit a Support Request or chat with or call F-Secure support. Or try the User Guides

View solution in original post

Tags (1)
3 REPLIES 3
Advocate

Re: Is there so called white-list feature on Internet security 2014 ?

There's no white-list mode as you describe it that I can think of.

 

You can white-list(exclude) files for real-time scanning and for manual scans.

Also you can "white-list" programs in DeepGuard, F-Secures Host-based Intrusion Prevention System(HIPS), an application monitor that checks every program that is started. When a program is started(no matter how it was launched) DeepGuard delays it to check its reputation and behavior to decide what "type" it is:

a) The file is malicious and blocked

b) The user is given the option to allow or deny the launch

c) The file is clean and allowed to execute

d) The file’s status as clean or malicious is still unknown

 

If a program is type b("unknown") so DeepGuard asks you about it and you allow it to run, DeepGuard will still continue to monitor it. If it detects anything suspicoius it will terminate that process.

For type d you won't get asked until the program tries to connect to the Internet (if you have that setting enabled for DeepGuard).

 

Also there's Browser manipulation detection: DeepGuard detects if malware is trying to manipulate user’s browser and prevents the attempt.

Source: DeepGuard Whitepaper and this KB article 

 

Browsers usually have their own protection functionality, for example Protected Mode or Enhanced Protected Mode(64-bit) for Internet Explorer. It's more of a process isolation than a sandbox.

If you want more of a true sandbox for a browser(or any other program) I recommend Sandboxie which I've written about here among some other security advice. You can configure what programs are allowed to run in a specific sandbox, what programs can access the Internet etc. So I think Sandboxie might be the answer to both your questions.

Give Kudos to say "thanks". Click "Accept as Solution" to inform others when your issue's been solved

Need more help? Submit a Support Request or chat with or call F-Secure support. Or try the User Guides

View solution in original post

Tags (1)
Aspirant

Re: Is there so called white-list feature on Internet security 2014 ?

When these functionalities you described will be implemented in Internet Security (mainly the sandboxin) ?

I would like to get all security functions on one program.

 

br, 

Tajuton

 

Superuser

Re: Is there so called white-list feature on Internet security 2014 ?

 

All of that functions work are real-time.

 

If you want always work with "sandbox" - probably you are need to use something like "virtual machine with linux" (for example).

But also just to use "sandbox" (like was Norman Sandbox or now have in Comodo; or just special programs like typical Sandbox or more other close to default - Shadow User) - some kind of outdate thing for protection:
 - it's not give a most protection  - during your "waiting" "most protection".

 - most popular of sandbox-programs (just sandbox or typical technologies) - are vulnerability.

 - here need to understand - for which reasons... you are have "need" in sandbox (it's can be different - and because that - can be different required steps);

 

-----------------------

 

F-Secure IS include most modern protections tecnologies in one system. It's have a little different, which not always close to "suspicious" actions - and because it - can be in that steps - not better and modern technologies, but most needful are nice.

 

Also F-Secure IS supported for modern browsers - all of them have better sandbox-technologies inside, than it's can be by ther programs. Also - it's probably one of better steps for protection during browsing. F-Secure IS just increase that protection - if you are use browser with "default" or close to "default" (in better side) settings.

 

Why F-Secure IS don't have a "typical" sandbox?

 

 probably here can be next reasons:

- it's take more resources, than need.

- it's take new vulnerability in system.

- you are think that it's work like "BEST" - but in fact - all "sandbox" (like module/program) - work worst.

 

Now how I can to understand - F-Secure IS (and already some time ago) change local sandbox to "cloud"-sandbox technologies.

 It's create a "fast", "powerfull" and "security" sandbox. Totally.

 

Also during all analysis for any files or other activity in system - one of layer for analysis - it's virtual "analysis" with "sandbox-technologies" and "emulation". It's mean - all automatically and etc.

If its suspicious (malicious blocked as default) - user receive question about "next actions" - probably all really suspicious will be detected by DeepGuard (except probably most targeted attacks for user - but here..... probably just user can to protect against that steps) - and if DeepGuard ask about some of suspicious files - it's already give that files to "modern sandbox technologies inside" - it's not like "totally" sandbox - but better for normally work with system.

 

Also you can be careful - if you just want "break" system - it's not hard to do. It's mean except good and best protection (by F-Secure, for example). You have to increase your knowledge about "web safety" - it's need just for your nice emotions during work with system.

 

 

 

About white-list - it's have like "reputation", "cloud" and etc. during launch and work for detected suspicious or known "white" behavior.

 

If you want to launch any programs - if that malicious program (known) - possible no way to launch that (except turn off protection). Just because it's security as default.

 

All other points - can to add as exclusion for scan (manual / real-time scanning) and if DeepGuard give the alert about  - you can to allow program (if you are sure... that it's OK).

 

Anyway... technologies like "white-list" and no one other.... you probably mean something like have in VoodooShield - it's good and nice, but not better protection. Also it's give for you - a lot of work with that during create a "setting" for "white" programs.

That technologies.... just "improving" application control - which in some cases - you can do just by system (Windows, for example) resources.

Also application control - it's mean "good and best" protection - just if user totally ready for work with that. But most companies (if it's not in main theme - a firewall) goes to other technologies from just "application control".

 

F-Secure IS have modern automatically application control in new means (new here - just better protection and work for the mechanism). Previously DeepGuard/F-Secure had typical "application control" - but now - without that.

Now F-Secure and DeepGuard - it's multilayers protection with "main" pro-active complex, which can to use "application control" by automatic analysis during launch/work any programs. It's possible to setting some points - which can to give "better" or "less" protection - but always that mechanism means:

 

     - you meet "false positive" more rare;

     - you have speed, nice, light and close to best protection;

     - if you meet alert (which can be "false positive") - it's just mean or you have "setting" for best protection or it's really suspicious (include "unknown" suspicious - which not somewhat trust yet);

 

If you are use modern Windows system - you also have sandbox/virtualisation/emulation protection inside system. For example, Windows 8.

Also here you have UAC - which can to protect you in same case like sandbox (if you are all do right - you are protection; if you are not sure - not sure a protection).

 

 

All of that means:

 

 If you are choose F-Secure IS - you are choose "one program" in your system - which have most important layers and technologies to best your protection.

You can choose another - but all of them - can to have:

  - or less protection status;

  - or be without so good integration with system protection mechanism;

  - or be good or nice, but technologies close to "so often be with crashes" or need so high resources for work;

 

But, of course, you can improve F-Secure IS by some other programs (like it's can be or recommend something like "NoScript" or "Adblocks") - it's OK. But you must be prepare to "conflict" between that programs. It's not mean - that your system crash down. Just... it's mean... that something can to go wrong.... in some cases... in some moments...

 

Here better - if you decide.. which style in using web you have - and checking... all points you filled by F-Secure IS or not.

Possibly - most "not aggresive style" totally flling by F-Secure IS.