GeSWall Features Explained

Preventing key loggers, rootkits, and backdoors.
Preventing confidential file disclosure.
Preventing targeted intrusions.
Preventing malicious software infection.

GeSWall isolates applications that may serve as entry points for malicious software and targeted intrusions. Isolation applies access restrictions that effectively prevent damage.

• No access to kernel - prevents kernel mode rootkits and key loggers
• Read only access to trusted files, registry, processes etc. - prevents user mode rootkits, keyloggers, malware infections.
• No local communications to trusted processes, e.g. windows messages, RPC, COM, WMI - prevents shatter attacks, user mode rootkits, keyloggers and malware infections.
• No scheduled re-start - prevents backdoors, zombie bots and worms.
• No access to confidential files - prevents leaks of confidential information.

Addtionally, GeSWall's data-flow control policy locks malware or intruder within an isolation layer. For instance, whenever an isolated application creates a file, GeSWall tracks it down. If that file is:

• executable - GeSWall classifies a process as posing threat and isolate it on execution;
• driver or DLL - GeSWall prevents its loading into kernel and trusted processes;
• VBS script - "Windows Script Host" gets isolated on script translation, and so forth.

Test GeSWall security - Demo »

Independent of Attack Techniques.

Instead of blocking particular attack techniques, GeSWall focuses on attack objectives such as taking control of a PC, stealing data, breaking system integrity etc. By this approach, GeSWall prevents all attacks that involve damage, e.g. malicious software (viruses, trojans, spyware), software vulnerabilities (buffer overflow, privilege escalation, etc.), mis-configuration and unknown attacks based on "zero-days" vectors, e.g. GeSWall has been stopping Windows Metafile exploits.

Central Management through Active Directory Group Policy.

GeSWall Server and Enterprise editions integrate into Windows Group Policy as extensions, which allows you centrally manage GeSWall policy as a part of Group Policy. The extensions provide the ability to set GeSWall policy on any Active Directory level:

• Machine - policy applied to particular machine.
• Site - policy applied to entire Active Directory Site.
• Domain - policy applied to whole Active Directory domain.
• Organizational Unit - policy applied to particular Active Directory organizational unit.

Easy to use - non-intrusive, no configuration required. Personal Edition.

GeSWall is designed to be as non-intrusive as possible. You can keep browsing, mailing, chatting, sharing and so forth in the same way as without GeSWall. Web browsers, mail clients, chat messengers, file sharing clients, office, multimedia and other internet applications become safe to use with GeSWall policy. At the same time, you can create files, start processes, access internet resources without restrictions. The files you created and worked with remain and are not cleaned, as is the case with virtualization solutions. Additionally, GeSWall does not require configuration or learning mode.

GeSWall accomplishes great usability by three major components:

• Data-flow control. Instead of blocking or virtualizing network traffic, files/registry/process creation, GeSWall tracks potential threat down, isolates it and prevents possible damage.
• Mitigation of access control policy restrictions, which is achieved by various technologies including virtualization.
• Application Database that integrates knowledge about resources required by various applications. The knowledge is represented in generic rules not dependent upon application version, update or localization.

Easy to use - pre-configured rules for IIS, Oracle, MS SQL. Server Edition.

GeSWall Server Edition has pre-configured hardening rules for Internet Information Server, Oracle Database Server and Microsoft SQL Server. The rules describe specific resources required for server's functionality. In case of intrusion, an attack's scope and damage are limited only by these resources.

Pre-configured rules come in an open Application Database. GentleSecurity keeps the database up to date by adding information about new versions and additional server applications. Administrator's task is just supplementing rules for a particular environment.