Is this possible ?
Thanks !
Outpost takes a slightly different approach when it comes to Blocked Connections. The main reporting utility is the Attack Detection plugin. Based on the default plugin parameters, it will only report a Blocked Connection if it looks like a geniune attack. For example, a DOS attack where you may get many connections from different hosts to the same port or a portscan where multiple connection attempts to a port or ports are seen from a specific host would both be registered and reported by the Attack Detection Plugin if you have it setup to display a warning.
It is possible to get the Attack Detection plugin to display all connections to Blocked Ports, but it requires a lot of parameter changes. I do not recommend such a configuration as you can get a LOT of warnings due to the number of worms out there that are looking at open ports. A better alternative may be to set the Attack Detection plugin sensitivity to maximum. This will not record every blocked connection, but will still be a lot more sensitive than the Normal Mode.
I hope that advice helps.
Have a good day.
Like you I have always used OP in Rule Wizard policy and still am in spite of the "new" vulnerability because I too would like to be informed of what would have prompted the Create Rule dialog. For now I completely uninstalled the Windows Scripting Host...
My preference would be to use the log to identify those blocked connections while Block Most Policy is set; however, it appears that all blocks are logged with the reason "Block All Activity" while Block Most Policy is active, including those defined with other reasons. I am now running with Block Most Policy active, and will watch my log for awhile to confirm this behavior. It would be nice if each connection that would have prompted in with Rules Wizard Policy set would be logged as for example, "Block Most Activity"
It is possible to get the Attack Detection plugin to display all connections to Blocked Ports, but it requires a lot of parameter changes. I do not recommend such a configuration as you can get a LOT of warnings due to the number of worms out there that are looking at open ports.
That's why I would like to be informed only of connections that would have raised the "Create rule" dialog in Rules Wizard policy. (every new outbound connections and inbound connections with an active program listening to the specified port)
I've always used Outpost in Rule Wizard policy. But because of a new vulnerabilty, some people recommended to run in Block Most policy.
But i don't like the fact that i'm not informed of some new programs trying to access the internet.
If they did this, it would have to be customizable as to what to alert on, because if you pop too many alerts in my face I'll start to ignore them and turn it off. That defeats the whole purpose.
#If you have any other info about this subject , Please add it free.# |
