ssss
s s
GentleSecurity.com
s
GesWall Safe applications Technology Download Support About us
ss
s
s

Isolation

 

Q: What is isolated mode, and how do I start my browser up in it?
A: Isolation means that GeSWall restriction policy is applied to an application. An isolated application has colored caption. Please have a look at this article http://www.gentlesecurity.com/getstarted.html

Q: Why I can't change identification type of the application in the setup console?
A: Identification method cannot be changed, create a new application definition for that. If you created an application identified by "Version info" path is irrelevant and corresponding edit box is disabled. You can change the path if you create an application definition with "path" as identification method.


Q: To uninstall something that was installed isolated, shall I run the uninstallation also isolated?
A: If installation was successful you may run uninstall isolated as well. But normally you should not install a software in isolated mode.

Q: If I copy the program from the CD or the floppy to the hard disk, the program runs nonisolated. This is a bit odd, because I consider it similar to a download…
A: For GeSWall Personal Edition we claim safe use of internet applications. GeSWall Personal Edition is not supposed to protect from user himself. That is task for GeSWall Enterprise Edition.

Q: I gather that by isolated mode you mean that access priviledges of the application is dropped, for example, if running a web browser from an Admin account using DropMyRights? Is that the essense of it?
A: GeSWall's isolation does not mean "lowering rights" per-se. GeSWall's isolation implies security policy that effectively prevents an attack damage. The only restrictions imposed are restrictions for leaving isolation layer - damaging system outside given application. "lowering rights" approach remove all application rights, even those that might be required for application.


Q: I set 'Do not ask again' check box, how to start the applications as non-isolated?
A: There are two options on this.
First, you may restart chosen isolated application as non-isolated by caption context menu

Note, restart is required because an isolated application can not be merely switched to non-isolated state without security breach.

Second, you can enable pop-up dialogs again by following steps:

  1. open GeSWall Console from Programs\GeSWall\GeSWall Console menu of Start button
  2. go to "Applications" folder
  3. select the application for which you have disabled pop-up
  4. Right button mouse click, properties menu item


  5. set "Security Level" from "Trusted, auto-siolation" to Trusted and
    press OK.


Q: What are the restrictions during the installation of isolated application?
A: The only visible restriction which stops most of installations is preventing creating new registry keys (not values). It was virtualized in past, and you could install and temporary use a software or ActiveX without any error. But that imposed false sense of correct installations and had to disable creating new reg keys by isolated application unless it is explicitly enabled.

Q: What are the defaults for files and registry used for isolated applications?
A:- Cleaning redirected on termination: enabled for files and registry
- Creation: granted for files, denied for registry
- Redirecting: enabled for files and registry

Q: Could you advise me if it is better to isolate a programme from the rest of the system.
A: Normally it is important only for internet applications that are primary target for attacks, we call them "attack entry points". Amongs these applications: web browsers, mail/chat/p2p clients, etc. So everything that can download and run a malware from internet. Additionally, isolation could be important for programs that is used to view content downloaded from internet. Such as Acrobat, Word, MSI installations and so on. But isolation of "viewers" sometimes could introduce undesirable problems, so it worth only if you open a file you don't trust. Various software working with devices, cd burners, scan soft, graphical editors, etc. usually should not be isolated. In our list we have following categories of applications to isolate:
[Web Browsers][Chat Messengers][E-Mail and News ][IRC ][Multimedia ][Office][P2P ][Viewers ]

However, for most cases it would be sufficient to isolate just browser and e-mail client.

Q: I can't start my application under the protected mode. Program reports it can't access the file system if started that way. Do you have any ideas how to fix this?
A: To resolve the issue, you should have a look at logs. http://www.gentlesecurity.com/docs/logs.html
Lookup up to your application entries for restricted access to files. That files must be added to your application definition http://www.gentlesecurity.com/docs/applications.html If we have your application in our application database, then we would be pleased if you inform us what is blocked, so we will update our Application Database, received through automatic update.

Q: How I can see, that my program is isolated?
A: By default you should see a pop-up dialog before isolation, unless you set security level to "Auto-isolation, no pop-up dialogs", and colored caption when application is isolated,. Anyway, that must be seen in logs.

Q: Why, when I try to create a new file/folder or rename the existing one in isolated file dialog box, nothing happens?
A: It's a known problem. You need to refresh it manually by pressing <F5> in the dialog box.
s
s s
s s
s   s
 
Copyright 2006 GentleSecurity
 Contact Us Privacy Statement