softwarehowto.com
  Home Contacts Partners Add Software Remove Manuals
 
System safety monitor: Enable applications rules to start programs in normal rule group
 
Introduction
System Safety Monitor
Hotkeys
   
Tutorial
Install SSM
Create Rules
Setup Logging
Enable Applications Rules
Create Rules in Learning Mode
Enable Modules
Setup Windows Filters
   
Preferences
Process Monitor
Rules
Application Rules
Library (DLL) Rules
Driver Rules
Registry Rules
Network Rules
   
Modules
INI-files Module
Start Menu Module
Services Module
Window Filter Module
Layered Service Provider Module
Hooks Module
NetStat Module
Modules Alerts Dialog
 
Buy System Safety Monitor Online! Buy System Safety Monitor Online!

Enable Applications Rules

Rules

In SSM rules define a set of the enabled or disabled actions for applications, drivers, libraries (DLLs), registry objects (keys, values) and network. To have SSM start to control the work of programs, it is necessary that the appropriate rules be enabled.

recover files download password recovery software restore corrupted drive
send sms from computer bulk sms gateway installation creator
restore ntfs partition Free Accounting Software recover deleted file vista

Enable application rules

Enable the option "Applications" on the dropdown rule type list on the "Rules" tab. The other way to switch on/off the application rules is to select the corresponding item ("Rules"->"Applications") of the context menu of the SSM icon in the system tray.

Enable application rules

When application rules are enabled, SSM allows starting only those programs which rules are in the Normal (or user created) rule group, and prevents starting of those programs, which rules are in Blocked rule group. For all other programs SSM will pop up the Application Activity dialog box asking for the user permission. Therefore for those programs which installed on your computer you want to work with, it is necessary to create enabling rules.

The Rules option "Library" determines if SSM controls which DLLs are allowed to be installed as Global Windows Hooks. Note: DLLs installed as global hooks will be loaded into every GUI process (program) address space and let the application which installed the hooks to track windows messages, user input and basically take control of any GUI application. You should NOT allow untrusted applications to install any hooks in your system.

The Rules option "Driver" determines if SSM keeps track of the drivers being loaded by applications. Note: drivers are actually windows kernel modules which if loaded would allow the application to do anything with the system. ONLY trusted application should be allowed to load drivers. And ONLY trusted drivers should be allowed to be loaded.

The Rules option "Registry" enables/disables the SSM control of the Registry objects (keys, values) modification attempts - creation/deletion/modification of registry objects. Note: Registry is an important part of Windows OS as it stores lots of Windows configuration settings. ONLY trusted applications should be allowed to modify critical registry keys.

The Rules option "Network" enables/disables the SSM control of the network access to intranet/internet.

"Application Activity" dialog

It is convenient to create enabling rules for programs by means of the "Application activity" dialog.

This dialog is very important - its appearance signals that some program is about to undertake an attempt to execute an action in the system for which no rule has been defined so far. Therefore it is necessary to pay attention to the "Application activity" content.

The "Application activity" dialog informs you which program in relation to which program/library/driver/registry/network object is trying to perform some action, and allows you to specify a rule to permit/block the action with or without creation of a permanent rule.

Application Activity dialog

The top part of dialog is the information about the action. Here you will find the information about the program which is about to perform the action and about the object (program, library, driver, registry, OS) which the action is being applied to. The detailed information about the action: full paths, the system API function which is being called, the command line parameters, etc are provided in the dropdown "Details" pane.

In general, the user's actions in the Application Activity dialog box are as follows:

  • allow/block - allow/block the action just once. Only a temporary rule is being created;
  • allow/block + "Create a permanent rule for this action" checkbox ON - allow/block this action and create the appropriate permanent rule (enabling/disabling) for this program-action-object triad;
    block and terminate - the same as "block" but in this case followed by immediate termination of the actor/parent application;
  • and some other (specific to the action) options.

Creation of an enabling rule for the program

So, the application rules are enabled. Start the program for which you want to create an enabling rule, for example, "Internet Explorer". In the appeared window "Application activity" check "Create permanent rule for this action" checkbox and press "Allow" button. SSM will create the enabling rule for the program "Internet Explorer ", and, afterwards, the window "Application activity" will no longer appear when the program "Internet Explorer" is started. The same procedure is to be followed for any other program for which you want to create the enabling rule.

This way as you continue to work on your computer, the dialog window "Application activity" will appear from time to time, but never for those applications which already have rules. Thus give more and more attention to each new appearance of dialog "Application activity", because it indicates that something unusual is about to happen.
Buy System Safety Monitor Online! Buy System Safety Monitor Online!
 
Home Contacts Partners Add Software Remove Manuals