If I block something for all applications in defence plus will it be allowed for an application marked as installer or updater? I would like some global rules to block things except when installing. If I block, for example, “Device driver installations” for all applications then will it be allowed in installation mode?
Global blocking would be useful as it would not then be relying on an inexperienced user blocking the event if something nasty tried to install. Any applications that needed it could be placed above the global rule.
No comments in a day or so, so moved it to the area frequented by those interested in new/improved capabilities (including developers) to see if there were any ideas there. The Computer Security Policy rules are just applied from top to bottom of the list, so probably won’t do what you are suggesting. “Installation Mode” allows the installer to run executables without the popups asking if it is ok. But maybe you can get a better answer here. We can move you back to help for V3 but there have been no responses there.
In Defense +, there aren’t any “global” rules; everything is per-application. The default is to Ask for permission.
D+ has an Image Execution setting that by default is set for any .exe that tries to run. So in order for you to install, you will get a popup initially on the installation.
Have you installed and run v3, to see how it operates, or are you wanting to figure out some functionality before trying?
I am trying to set up rules that apply to the “all applications” group. I want some things completely blocked except for a select list of applications I have above the global rules in defence+. It would be handy if such “global” rules could be easily turned off during installation. I don’t want to make the computer unusable so I want to understand how it works. I have users on my pc that would just OK any pop-up as they do not understand the warning.
Okay, so you’re looking at Security Policy, at the “All Applications” entry, which has the sub-entry of the * wildcard to indicate all programs. By default it’s set to “Ask” on every category.
The only way to know for sure is to try it, but I think that switching to Install Mode would bypass that rule, so to speak, if you modified it to block installations. The reason I say that is that Install Mode applies to the installer that is running, but if any other existing rules are broken, the defense is still active. So Install Mode is not the same as an Allow All mode; all existing security policies are applied, and the install is monitored to several layers deep.
Under normal circumstances, if you were to install something w/o switching modes, you’d get a popup on every action, based on that “Ask” policy. Switch to install mode, no more questions once you tell it to consider as an Installer or Updater. So I think if you changed Ask to Block, Install mode would still bypass. You can only try to make sure.
However, it would still Block for anyone trying to install w/o switching modes. Unfortunately, setting a password doesn’t stop you from opening the gui.
I set up an experiment an I think it does not work. I added a global rule for all applications to block a particular exe. I then made the command prompt an installer. It was still unable to run the program. I assume this applies to other rules as well.
I think it has to work this way or anyone could make a program an installer when a pop-up appears and then it would break all the rules. that would be dangerous. It would be nice to have certain rules turn off during installation mode.