Getting started with GeSWall

The installation procedure is very simple and does not require any user intervention. Just click on the downloaded geswall.msi and follow the instructions. After installation and reboot, GeSWall starts protecting your PC. Whenever you start a web browser or other internet application that GeSWall is aware of, it is isolated. Depending on settings, isolation happens automatically or you get a pop-up dialog request such as:

Depending on settings, the pop-up will appear as soon as an application tries to access an untrusted resource or as soon as it attempts to establish a connection to the internet.

To help you to make a choice, the dialog contains some information about the application.

Yes -isolate an application
No - let it run unisolated

If you want to make the same choice every time you run this application then just check 'Do not ask again'. If you do not make any choice before the number on the "Yes" button has counted down to zero then the application will be isolated for you.

Usually you should always run an untrusted application in isolated mode. You may however occasionally want to run an untrusted application non-isolated if you want to allow it to modify trusted resources, e.g.: to install new software, ActiveX components, etc.

Once an application is isolated, GeSWall marks its active window caption with a special indicating color, so that you may easily distinguish isolated applications.

Clicking on GeSWall tray icon pops up a menu. With this menu, you may choose your favorite color and features for the isolated window caption, update Application Database, request support for new application.

Clicking on the caption 'G' button triggers a context GeSWall menu. You can use this menu to restart an application as non-isolated and customize isolated window color.

Files and registry keys created by an isolated web browser or other isolated application pose a risk as they may contain mal-ware. GeSWall treats all such files as untrusted and warns whenever an application is started from untrusted executables proposing to isolate it. In some cases, if you have downloaded a software installation package from a source that you trust then you may need to run it non-isolated.

Usually installation programs (setups) may not proceed properly being isolated. It is recommended to run trusted setups as non-isolated. GeSWall assists in the process by warning on setups isolation.

If you do not trust a setup and suspect a malicious activity then start it isolated. GeSWall used to prevent attacks that come via installed trusted applications, such as web browsers, messengers, mail, p2p clients and so on. The best option for an untrusted setup is fully virtualized environment, e.g. Virtual PC or VmWare.

When an isolated application is trying to access a confidential file, GeSWall shows the following warning.

In order to prevent confidential information disclosure, GeSWall will deny access to the file but you have an option to authorize it in certain cases, e.g. to attach a confidential document to an e-mail message.

You can start an application as isolated by Windows Explorer context menu. For that select a file, click right mouse button and execute "Run Isolated" item as shown on the figure below.

If a file is not an executable then GeSWall isolates an application associated with given file type. For example, "Run Isolated" on a .pdf file results in isolated Acrobat Reader opening that .pdf file.