Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokey's Security Forums is now able to help Spanish customers in their native language.

Los Foros de Seguridad de Smokey están ahora ofreciendo ayuda a clientes cuyo lenguaje natal es el español.

Análisis de registros utilizando OTL - Eliminación de Programas Maliciosos, Programas de Mercadeo y Popups & Limpieza del Sistema Operacional




Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: Creating, using Tables (pt 1)  (Read 1232 times)

0 Members and 1 Guest are viewing this topic.

TommyTopic starter

  • Jetico Forums Team Leader
  • Administrator
  • *
  • Offline Offline
  • location: Buenos Aires - München
  • Posts: 1101
  • .: Stranger in the night
    • WWW
Creating, using Tables (pt 1)
« Reply #1 on: January 13, 2007, 05:43:59 PM »
There are 2 main reasons I create and use tables, here I will give example of one

The first, is just  to tidy things up, so that, as example the "Ask user" table does not get too filled. An easy example of this can be seen by the "System Applications" Table. This contains (from default installation) the main windows applications, along with some default rules for DHCP etc.

To add a new table is very easy, one way is to simply "right click" on the "optimal Protection" -> "Root" and select "New table"


We can then "Right click" the "New table" to rename.


In my example, I have re-named this to "Blocked app`s", as I am going to place in this table the applications I have set to block from "access to network"


Now I need to move the applications from the "Ask user" table to the new "Blocked app`s" table. I do this by opening out the rules tables (in the left window), and select the "Ask user" table. Then, from the right window I simply left click (and keep the mouse button pressed), and drag the rule over to the new "Blocked App`s" table


You can then see that the rule as been moved


Note: It is not possible to drag/drop such rules that contain a Jump (such as "->Web browser"). If you want to move such rules, you would first need to change the "verdict" to allow or deny, then move the rule, and then change back the "verdict" to as it was.


Now, once you have moved all the rules to the new table, we need to set a jump to this new table.  (so that table is used).
I mentioned earlier, the "System Applications" table, if you open out the rules (left hand side) and select "Application Table", in the right window you will notice a number of rules, some are jumps to other table (example the jump to the "System Applications" table), and some basic rules, such as "Allow DNS".


So, we will place the "Jump" to the "Blocked app`s" table here, I normally place such jumps between the "System Application" <-> "Ask user" jumps.
So first we create the Jump rule.
Right click at the bottom of the right side window -> New -> Application rule (ensure you are in/ have the "Application Table" selected, as in the below pic)


In the rule window (popup) that appears, we simple need to set the "verdict" to "Blocked App`s" (yes, this is the table we created earlier). Nothing else needs to be changed in the rule, as we want this jump for any event.


The new rule is then made, but the rule will be placed at the top of the ruleset. We need to move this rule down, as I mentioned, to just above the "Ask user" jump. So left click(and keep the mouse button pressed) the new "Blocked App`s" jump rule, and drag this down.


The jump to the "Blocked App`s" table is now created, and in the correct possition
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time