GeSWall's Labels

A file created or modified by isolated application is labeled as "untrusted". If that file is:

• An executable - GeSWall classifies a process as posing threat and isolate it on execution;
• A driver or DLL - GeSWall prevents its loading into kernel and trusted processes;
• A script - script engine gets isolated on script translation.

Additionally, GeSWall isolates an application when it is accessing an "untrusted" file. Note, the application must be "known" in this case. "Known" means an application has particular rules in the application database. The rules ensure non-intrusive application functionality.

GeSWall preserves the labels on files for their life time and in case of the following operations:

• file renaming
• moving file to the folder on the same volume

"Untrusted" labels are cleaned on a copy operation from non-isolated application, because a new copied file is created by non-isolated application, which performs this operation. The same semantic is applied to the windows file attributes. For example, an encrypted file can be stored unencrypted if copied to unencrypted folder.

GeSWall marks "untrusted" file icons with a red square and overlaid 'G' letter in the left bottom corner, as shown on the figure below.

You can label a file as trusted or untrusted by Windows Explorer context menu as shown on the screenshot.