ssss
s s
GentleSecurity.com
s
GesWall Safe applications Technology Download Support About us
ss
s
s

Resources

The 'Resources' folder contains definitions of trusted and untrusted resources. The Access restriction policy uses these definitions for isolating applications.

The default list of resources is required for GeSWall functionality and it is not recommended that you modify these however, you may add your own resource definitions, e.g. define additional file folders for confidential documents, or certain untrusted files.

To create a new resource definition, choose Action\New\Add Resource... from the main menu (alternative - mouse right click on the Resources folder in the right pane). A Resource Properties dialog will open.

The Security Class combo-box specifies the security class of the resource. It can be one of:

Trusted A resource is trusted and an isolated application cannot modify it (read is allowed), unless it is explicitly enabled by a specific application rule. Note, that by default all resources are trusted.
Confidential A resource is confidential and an isolated application can neither read nor modify it. By default, GeSWall defines all users' My Documents\Confidential folders as confidential. Therefore, you may either create that folder and copy your private documents there or define another file folder, which stores your confidential data.
Deny Create The definition prevents an isolated application creating resources inside the specified path. For example, if "Deny Create" for "c:\windows\system32\" denies creating any new files inside c:\windows\system32\ path. Note that by default GeSWall allows isolated applications to create new files and folders without restriction but disallows the creation of new registry keys.
Untrusted A resource is not trusted, this means an isolated application may modify it as well as read it.
Threat gates Reserved for internal GeSWall use.
System Reserved for internal GeSWall use.

The rest of the dialog specifies identification parameters of the resource. It includes resource and identification types. The 'Resource Type' combo-box chooses the Windows native type of the resource:

  • file - file or file directory
  • registry - registry key
  • device - device object exposed by Windows kernel, e.g. \Device\Tcp (exposed by tcpip.sys driver to implement tcp networking), \Device\Cdrom (usual name of cdrom drives)
  • network - network interfaces
  • system object - an object representing particular windows service, e.g.: SAM_DOMAIN\%MACHINENAME% represents SAM database interface for given machine
  • section - memory section, e.g. \KnownDlls\kernel32.dll
  • any - includes all possible resource types, not recommended

GeSWall identifies resources by owner user and name.

  • Owner user - a user specified as owner in the Windows Security Descriptor. In the Resource edit-box you should type a user name or choose a user by the standard 'Select Users or Groups' dialog. By default, GeSWall has two definitions: Any resources owned by the local administrators group and local system are trusted, unless they are created by an isolated application.
  • Name - a resource name prefix, e.g. c:\Program Files, %SystemRoot%\system32. The name may contain macro substitutions that must follow Resource Name Syntax.
s
s s
s s
s   s
 
Copyright 2006 GentleSecurity
 Contact Us Privacy Statement