Note: When enabled, IntelliDefense
applies to all of the programs that do not have a program
policy.IntelliDefense® provides another layer of protection against malicious or unknown programs, while reducing "false alarms" for the programs that are trusted. IntelliDefense:
Uses threat-assessment technology to detect risks and provide smarter control of program communication.
Provides descriptions of programs attempting communication, giving you the facts you need to make informed decisions.
Note: When enabled, IntelliDefense
applies to all of the programs that do not have a program
policy.
This topic covers the following:
IntelliDefense analyzes programs attempting incoming or outgoing communication and evaluates their threat. iolo Personal Firewall then uses this information to make decisions about how to process the communication. The procedure is as follows:
iolo maintains a regularly updated database of information about thousands of programs and program components, including descriptions of their purpose. (See below for more on descriptions.)
When a program attempts communication, IntelliDefense first checks to see if a program attempting communication is signed by a publisher you have designated as trusted. You control which publishers are trusted on the Manage Trusted Publishers window.
If the program is not automatically allowed access due to its trusted publisher status, IntelliDefense then uses the database and its threat-evaluation process to determine a classification for the program, such as "Necessary" or "Dangerous". (See below for more on classifications.)
Based on that classification, iolo Personal Firewall will then take the associated action, which is either to block access, allow access, or generate a prompt. (See below for more on associating actions with a classification.)
For example, Windows system files can be set up to automatically allow access, while unknown programs can be set up to display a prompt window.
See also: How IntelliDefense works with other program controls.
IntelliDefense displays informative descriptions of programs that attempt communication. This gives you information on what attempts are being made and helps you make decisions on whether to give certain programs access.
IntelliDefense descriptions display on:
Click to view a sample description:
For lsass.exe:
Necessary. This file is a component of the Windows Operating System. The process supports pass-through authentication of account logon events for computers in a domain.
IntelliDefense classifies programs into one of these five categories:
System. Core components of the Windows operating system. Example:
Msiexec.exe is "System". This file is part of the Windows operating system and is used for processing Windows Installer packages.
Necessary. Installed, safe applications that perform core functionality. Example:
Windows Explorer is "Necessary". This application (explorer.exe) is part of Windows operating systems. It displays a hierarchical view of the drives, folders, and files on your computer.
Optional. Installed, safe applications (or components of such applications) that may be desired but are not required to perform core functionality. Example:
Windows Media Player is "Optional". This application (wmplayer.exe) is a safe program that allows you to play audio files, but it does not perform a core function that is fundamental to the computer's operation.
Dangerous. Spyware, viruses, and other software that has been identified as malicious and dangerous by iolo's research team.
Unknown. Programs and components that are not in the IntelliDefense database.*
* For programs classified as "Unknown", you can have the firewall anonymously send iolo information about the program. The information will be reviewed to keep the database as current as possible.
To utilize this feature, select the Automatically send details about unknown programs to iolo for research check box on the Settings window (it is selected as a default). Information about the programs will be automatically sent.
Note: Enabling this feature
does not send any personal or identifying information to iolo. All information
sent is confidential and used solely for program research by iolo's research
team.
Within each Zone, you can determine the actions you want to apply to each IntelliDefense classification. For example, "System" files can be set up to automatically allow access, while "Unknown" programs can be set up to generate a prompt.
The incoming and outgoing actions that apply for each IntelliDefense classification depend on how you've designated the Zone security. If you:
Selected a preset security level, the actions for each IntelliDefense classification are fixed and display on the IntelliDefense tab. Click a link to view the IntelliDefense settings for each level: Low, Medium, and High.
Used the Custom security level, you can set the actions for each IntelliDefense classification on the IntelliDefense tab: see Custom.
Allowed all incoming/outgoing access for the Zone, IntelliDefense controls will not apply to programs as all communications are allowed. However, IntelliDefense descriptions will still display on the Recent Firewall Events window.
Blocked all incoming/outgoing access for the Zone, IntelliDefense controls will not apply to programs as no communications are allowed. However, IntelliDefense descriptions will still display on the Recent Firewall Events window.
IntelliDefense is enabled as a default.
You can turn the feature on and off from the General tab of the Settings window: Select the Enable IntelliDefense check box to enable IntelliDefense; clear the check box to disable IntelliDefense.
Related topics:
How IntelliDefense works with other program controls
Settings window – IntelliDefense options
Manage Trusted Publishers window
Low security level – IntelliDefense tab
Medium security level – IntelliDefense tab