I thought it may be helpful to list who (or what) authorized each item in the Defense+ policy window. See pic.
For example, a given entry in the security policy window may have been authorized by:
- The user (by clicking “allow” or “treat application as” in an alert)
- The user (the rule was entered manually using the “add” button in the custom policy window)
- Trusted software vendor list
- Whitelist (maybe some applications from a vendor are allowed, but not all applications from a vendor?)
- Learned in Clean PC mode
- Learned in Training mode
This would help the novice a lot. For example, a novice looking at the current policy list would not know anything about this entry: “C:\Windows\System32\rundll32.exe” However, if you include the information that I suggested above, then the user would see that this was allowed by “Trusted Vendor - Microsoft Corporation.” This will definitely make the listings more meaningful and more understandable to all users.
A similar addition can be made to the firewall security policy window (except the “authorized by” category would include “Safe mode” rather than “clean PC mode”).
[attachment deleted by admin]