Addition to Security Policy Window

I thought it may be helpful to list who (or what) authorized each item in the Defense+ policy window. See pic.
For example, a given entry in the security policy window may have been authorized by:

  • The user (by clicking “allow” or “treat application as” in an alert)
  • The user (the rule was entered manually using the “add” button in the custom policy window)
  • Trusted software vendor list
  • Whitelist (maybe some applications from a vendor are allowed, but not all applications from a vendor?)
  • Learned in Clean PC mode
  • Learned in Training mode

This would help the novice a lot. For example, a novice looking at the current policy list would not know anything about this entry: “C:\Windows\System32\rundll32.exe” However, if you include the information that I suggested above, then the user would see that this was allowed by “Trusted Vendor - Microsoft Corporation.” This will definitely make the listings more meaningful and more understandable to all users.

A similar addition can be made to the firewall security policy window (except the “authorized by” category would include “Safe mode” rather than “clean PC mode”).

[attachment deleted by admin]

An interesting idea with potential. +1, Whoop

I like this a lot!

More data about what is going on is always useful. I wonder if a system time could be added?

This would be useful for the novice who has accidentally blocked something and doesn’t really know what was blocked, only that something is now not working. They could look at the policy list and and see that the user blocked a process from a popup at such and such time. With all this information, it’s mind numbingly easy to figure out what they did wrong and remove the block. :slight_smile: