Is there a way to disable the Unrecognized Files list short of completely disabling D+? The problem I have is that on my development machine I constantly have new .java, .class and .jar files (about 4000-5000 of them) that get added to the list. The list becomes very sluggish and I think it also affects the performance of CIS overall. I can’t just sit there and clear the list every hour, not to mention it is very very slow to clear the list.
I’m not even sure why java/class/jar files are added to the list, they are not really executable or dll. Any way to prevent these files from being added or to disable the list completely.?
May be if you make a group for exemple based on the extensions of these files and put this group in the exclusions of Execution Control Setting.
Your best bet is going to be to create a new file group and give that group the Installer or Updater policy.
Go to Defense+ → Computer Security Policy and click on the Protected Files and Folders tab.
Click the Groups button, then click Add and select A New Group. Name your group and click Apply.
Scroll down the list to find your new group, then select the add files here entry and click the Add button, select Select From and Browse to your development folder. Click Apply to save your new group.
Select the Defense+ Rules tab and click Add, Select, then File Groups and choose your newly created group. Click the Use a Predefined Policy button, and choose the Installer or Updater policy, then click Apply.
Defense+ should now leave this folder alone. If there are still some issues with operation, you can also add this group to the exclusions in Defense+ Settings → Execution Control Settings, but I don’t think you’ll need to do this.
I made a wishlist post several months ago that there should really be a path based exclusion mode instead of strictly SHA1 application recognition so software developers don’t need to jump through these hoops.
Thank you very much for your suggestion.
I agree there should be a path & wildcard based way of setting trusted directories without individually adding all the files in a folder. Even if the individual files are added as trusted files (which in my case is not even reasonable as there are about 5000 of them which makes the trusted files list unusable) it does not help as the contents of the files changes very often so SHA1 is not a good approach, it guarantees these files will always show up on the Unrecognized Files list.
Now, I’m not sure why .java files are considered Unrecognized Files, they are just plain text files, not any different than a .txt file. Plain txt files don’t seem to be added to the list.
.class and .jar I could see as they are pseudo-executable even though even these are up for debate as they can’t run on their own, without a JVM process.
While the ideas behind D+ are interesting, I think the implementation is a bit too restrictive, some so called trusted vendors made it to the TVL when they should not have while I cannot easily trust my own text files.
I guess someone could also argue that a .jar file is basically an archive so it could be used to hide a malicious process.
Here is the wishlist post I made.
Sandbox should accommodate constantly changing applications/files
Sure and you could cleverly disguise an executable inside a .txt file or .xml file, etc.