|
(Page 1,2,3,4,Anti-Spyware,Anti-Virus)
Process Monitor
A process
refers to a program that is currently running. For
example, when Privatefirewall is running, the
corresponding process is 'PF5.exe'.
Privatefirewall maintains a lists of processes that are
being filtered for potentially malicious system API
calls used by programmers (and hackers) to launch
process executables. Privatefirewall maintains a set of
default processes that are related to commonly used
applications, such as Internet Explorer, and are set to
'Allow'. Non-default processes that are detected by
Privatefirewall will be set to 'Filter' if allowed or
'Deny' if not allowed.
The Process
Monitor can be set to either 'High', 'Medium', or 'Off'.
The
'High' setting will monitor all processes running on your
computer.
The 'Medium'
setting will monitor processes related to any applications
currently listed within Privatefirewall. The 'Off' setting
will disable the Process Monitor, but not any other
Privatefirewall functionality.
Process Inspection Rules
Double-Click on
any listed process from the Process Monitor menu for
detailed information. For each listed process,
Privatefirewall monitors the WinAPI functions listed under
the 'Function' column within the Process Monitor Rules
dialog. Each WinAPI function has the option for
Privatefirewall to ‘Ask’,‘Allow’, or ‘Deny’. If 'Ask' is
selected, Privatefirewall will prompt the user as to whether
the specific process function should be executed. If 'Allow'
is selected, Privatefirewall will allow the specific process
function to execute operate without any user intervention.
If 'Deny' is selected, Privatefirewall will not allow the
specific process function to execute. Default applications
will set all functions to 'Allow'.
Alerts
There are
several types of potentially malicious process-related
activity that will generate an alert. For example, the
Process Monitor
will detect
attempts to create or change restricted objects. The warning
screens below will be shown in these cases.
For all
alerts, if the application or process listed is related to
any legitimate activity, it is most likely not malicious
activity. However, if it is unrelated (ex: is the
application or process referenced is not even running,
etc.), it may be malicious activity and the 'Deny access'
button should be selected
so the
issue can be investigated.
Process Detection
In addition to
processes being
filtered for system API calls, Privatefirewall also
maintains a list of commonly used processes and provides an
alert when an unknown process attempts to launch.
Privatefirewall Reports
Port Tracking Report
The Port Tracking
report monitors all system
ports and protects them
against any unauthorized entry.
In most cases,
Privatefirewall goes one
step further and makes all
system ports invisible to
intruders (referred to
as "Stealth"
mode).
Privatefirewall
reports the following:
Application
Name - Any application that may
have access to the Internet
or outside networks.
Process ID - The unique number assigned
to every running process
within the Windows
environment.
Protocol - The Network Protocol, or type of
network connection used to
send the packet.
Local Address - Your
system's IP address.
Remote Address - This
is the Internet address from
where incoming packets are
originating. This will
display either a specific IP,
or if one is not currently
detected, it will give a
status (such as
"Listening for
packets/connections").
Firewall Log
The Firewall Log
records incoming and
outgoing packets, which are
chunks of information routed
between an origin and a
destination on the Internet
or any other network; one of
which is your computer.
(click
here for more information
about packets).
As illustrated in the screen
shot below, the 'home' IP
Address is 192.168.0.2.
NOTE: Your IP address may be the same address
during every Internet
connection (called a
"Static IP", used
in most T1/DSL
connections). Or, your
IP may change for each
Internet connection (called a
"Dynamic IP" used
in most Cable/Dial-Up
connections).
Privatefirewall reports the
following:
Time/Date
- When the packet
was detected.
Origin IP (Internet
address) - The
Internet address from which the
packing is coming from.
Destination IP - The
Internet address to which
the packet is traveling.
Protocol - The Network Protocol, or
type of network connection
used to send the packet.
Application Name (if
applicable) - The
name of the application to which the
packet was attempting to be
sent (if any).
Click here for the next page...
|
