Finding stuff in Computer Security Policy

I have many dozens of entries in the Defense+ Rules tab, but finding what-is-where in the window is very difficult as there seems to be no way to sort these.

Where are these rules stored? Is there any better way to access them e.g. sort-by-path or sort-by “Treat as”?


The only way to sort the D+ rules is to manually drag them where you want them.

The best thing to do is sort the list in some sort of organization that makes sense to you. From an efficiency perspective, the most commonly accessed rules should be sorted near the top, and the least accessed to the bottom (within that scheme alphabetical). You can do that for both D+ & Firewall rules (sort by app, and by rule w/in app, and IP address w/in zone).

For D+ access names, I sort the files, COM and registry entries alphabetically; dragging doesn’t work for those, you have to manually copy the name, remove it, and then add it using ‘browse’, click the plus sign; the rule gets placed at the bottom of the list. If there’s more than a dozen of those, and especially for reg entries, I’ve found to edit, copy and paste into Excel and then sort the coloumn, then delete all of either the files / COM or reg entries you’re working with at the time, and re-add en masse works well.

It makes it easy to see where multiple entries can be consolidated through use of wildcards.

I’d not tried clicking-and-dragging, so you taught me something new. It also hadn’t occurred to me that the rules arrangement might affect efficiency–you’re saying that when an app is launched, D+ scans-down the list and when it finds the app it goes no further? Guess that would make sense.

I’m not going to go to the trouble you have, but will move things around so at least they are easier for me to find…

Thank you!

First in first out (FIFO) is the rule of thumb, i.e., top to bottom for each access lookup (same w/in runles). He scans the eintire list until he finds a match.

For example, on my system there are two permissions that are constantly scanned, Proxy & ChkAcc. Rather than have the same rule duplicated for each app, I created two file-groups (one for each type of permission). The Proxy permission relates to three specific registry entries, the ChkAcc to file access of two specific files. The only permissions that those file-group have is specific to the purpose of the file-group. So when the system needs to check Proxy permission he hits that D+ rule pretty high up on the food chain. However, if an app that has Proxy permission also needs some other resource access name permission, that is derived from the specific D+ rule found farther down the food-chain. He looks through the whole list until he finds a match for what he’s looking for. If no match: he generates an alert.

So, yeah, order of appearance will have deletrious on efficiency (especially for commonly invoked system functions, e.g., IExplorer, Explorer, Windows System Applications, etc. This’ll be more pronounced under system load; some background process sucking up significant number of CPU cycles. I’d suggest that games, and Adobe Flash and Java JRE updaters get put to the bottom of the list. Another candidate to soert to the bottom would be WinHelp and Office type applications and other stuff w/infrequent use