Option to make global execution rules instead of parent/child execution rules

I request the addition of a Defense+ option that would place allowed executables in the ‘All Applications’ policy instead of by parent. This would decrease the ruleset size and also the number of execution alerts.

The one drawback I can think of is that this could allow anything, malware included, to execute applications that are in the global allow group. Of course, this is predicated by the malware somehow getting onto your system. :wink:

Ewen :slight_smile:

Thank you for pointing this out for those who were not aware of it :). I’ve shifted my Defense+ approach to mainly malware execution prevention, with a behavioral blocker (ThreatFire in my case) watching for any bad guys that manage to slip past antivirus and Defense+.