Escan/english/ondemandscan and Escan/english/firewall: Difference between pages

From eScan Wiki
(Difference between pages)
Jump to navigation Jump to search
No edit summary
 
mNo edit summary
 
Line 1: Line 1:
{| class="wikitable" border="0"
'''eConceal Firewall''' is a comprehensive software firewall that is designed to prevent unauthorized access to a computer or network that is connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined access-control policies (rules) between two or more networks.
|-
{| id="mp-topbanner" style="width:100%; background:#fcfcfc; margin-top:1.2em; border:1px solid #ccc;"
| style="width:10%; color:#000;" |
{| style="width:100px; border:none; background:none;"
| [[Image:escan-g.jpg]]
|}
|style="text-align:left;"|'''·''' [[Escan/english/FAQ-eScan|<font size=1.5 color="blue" align="left">eScan</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/MailScan-AFT|<font size=1.5 color="blue">MailScan</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/Technologies|<font size=1.5 color="blue">Technologies</font>]]
|style="text-align:right;"|&nbsp;&nbsp;'''·''' [[Technical Info|<font size=1.5 color="blue">Technical Info</font>]]&nbsp;&nbsp;'''·''' [[Escan/english/Security_Awareness|<font size=1.5 color="blue">Security Awareness</font>]]&nbsp;&nbsp;'''·''' [[User_Guides|<font size=1.5 color="blue">User Guides</font>]]
|}


{| class="wikitable" border="0"
It allows the user to choose the type of Internet access. The user can set rules to control network access from and to their system. Rules are user’s selection of Internet access either to allow or block on the system.The rules function as filters, analyzing packets (small chunks of data) to check if they fulfill the filter criteria and if they do pass them to the requesting system or else discard them.
|}
<div align="justify">
This Scan option page enables you to scan the system areas, registry, services and startup, full computer or specific directories/files for viruses and other malicious programs.


* This page has different options available, like –
Within the software, are provided set of predefined rules that can be added to the firewall by selecting those that are appropriate to one’s security needs. Users can define their own 'rules', and when they don't feel the need for any of the rules they have 'added', they can remove them. Among the pre-set rules involving Internet access that eConceal offers, the user is able to select ARP, DHCP & BOOTP, DNS, E-mail, WWW, News, NetBios, FTP, ICMP, ICQ, Telnet & SSH, IRC, MSN, and VPN.


'''A) Check memory, registry and services''' – this option checks the system memory, registry and services for any infection from malwares that load at system startup /bootup.  
Internet access involves the usage of these functions in one form or the other.
When a system connects to a publci networkd like the Internet, the system becomes vulnerable to unauthorized access. The eConceal firewall is basically designed to protect from unauthorized access by people designed to disrupt or destroy your personal and/or business data functions, often stealing valuable information like your Identity, Account Numbers, other Personal information, Confidential information or Proprietary business related data among other things.


'''B) Scan Spyware''' – this option checks the system for infection from spyware, adware and other malwares like key logger, rootkit, etc...
'''Vulnerable Scenarios''' -


'''C) Scan Startup''' – this option checks the system startup area for any infection from malwares.
A user is vulnerable to hacker attack when their system connects to a public network


'''D) Scan USB drives''' – this option checks the external media like the USB drives for any infection from malwares.
- When you log in to chat, you connect to Internet Relay Chat (IRC) servers on the Internet and join others in the numerous 'channels' on the IRC network.


'''E) Custom scan''' – this option enables you to customize the scan targets (what you want to scan). When clicked on the “Start” option button (available at the bottom end of this “Custom Scan” option), the objects and areas that need to be scanned are made available, like the CD-ROM, Spyware, Adware, Key logger, Rootkit, Memory, Registry and Services, Local Hard Drives, specific Directories and Files, USB drives, Startup.
- When you use Telnet to connect to a server on the Internet and execute commands 'on' the server from your computer.


The three dots […] available on the “Custom Scan Options “ page when clicked on helps in selecting the different drives, directories and files that need be scanned in particular.
- When you use FTP to transfer files from a remote server to your computer. FTP is the File Transfer Protocol for exchanging files over the Internet, and works in the same way that HTTP and SMTP do in transferring Web pages from servers to user's browser and transferring e-mail across the WWW respectively.


- When you use NetBIOS (Network Basic Input/Output System) to communicate with another user on the LAN; the LAN could in turn be connected to the Internet. NetBIOS insulates the applications that users use to communicate with one another, from understanding the underlying network details.


At the bottom end of this Scan page, a option is available, viz- start.
- When you are a part of a Virtual Private Networks (VPN). These private network connections communicate 'securely' over a public network, such as the Internet.
1. '''Start''' – runs/ executes the desired process like "scan spyware", "custom scan", etc...  


- When you browse the Web.


Other Options include -
- When you send/receive e-mail.


'''F) Scheduler''' –
The “Firewall” option page shows the current status of the Firewall Protection. The green color right tick mark denotes that the module is “Active” while the red color cross mark displays that the module is “InActive”.


This option is used to set or assign a task of scanning. The option of "Add task" available at the below end of the "Scheduler" page enables the administrator/user to configure/set a scheduled task (scan), the requirements of which are as below -
On the Firewall option page in the “Configuration” section, when clicked on the “Settings” option, one can change and customize the Firewall Protection level, while  clicking on either the “Allow All”, “Filter All” and “Block All” options (next to Settings) makes the module to “Allow”, “Filter” or “Block” traffic.


1. Job - name of the scan task
'''1. Configuration section''' -  
a. If the program should start in the background or foreground
b. If the program should quit if a virus infection is detected


2. Analysis extent – what to scan
When clicked on “Settings” the below options are available, through which the eScan software’s Firewall protection can be customized -
a. Check local hard drives
b. Check for specific directories and files


3. Schedule – when it should run /execute
It has different options like "Zone Rule", "Expert Rule", “Application Rule”, “Trojan Rule”, “Trusted MAC Address” and “Local IP list”.
a. When the program should run /execute
i) Once, Hourly, Daily, Weekly, Monthly, With System Startup ii)Time


4. Virus Check – properties of the scan task
a. In the case of an infection - the default action set is to "Automatic", but can be set as per requirements.
b. Priority of Scanner - the default action set is on "Normal", but can be set as per requirements.
c. File types - the default action set is on "Automatic", but can be set as per requirements.
d. Settings - these are the different ways of detecting an infection on the system's different objects and areas and they are as mentioned below:-


i) Heuristic: The system is checked for any suspicious activity/unusual sequence, pattern or behavior and when detected, the software takes the necessary action.
'''A) Zone Rule''' -
ii) Packed Objects: Files that are zipped are scanned.
This option page has different options on the right hand side of the page like – Add Host Name, Add IP, Add IP Range, Modify and Remove.  
iii) Prepare Log: A log of all the scanning activity is generated and maintained.This includes details of when the scan was run, infected file names along with the path and action taken.
iv) Full Log: A full (detailed) log is maintained of the activities done by the scanner.
v) Archived Objects: Files that are archived are scanned.
vi) System Area: The system areas like the boot or partition sectors are scanned.  


At the bottom end of this Scheduler option page, four additional options are available, viz- refresh, clear all, add new task, start now and edit.  
1) Add Host Name -
This option enables you to add a “host” that you wish to add to a zone. When clicked on the option of “Add Host Name”, it displays a window prompting for the Host Name, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.


1. Refresh - displays the latest status
2) Add IP –
2. Clear All - clears/deletes all the scheduled scans.
This option enables you to add an “IP” that you wish to add to a zone. When clicked on the option of “Add IP”, it displays a window prompting for the IP Address, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.
3. Add task - this enables to define a new task (scan).
4. Start now- this enables you to start the scan process manually.
5. Edit - this enables you to edit settings of the scan task defined.  


'''G) Options'''
3) Add IP Range
This option helps in customizing the On Demand Scanner (ODS) using the below -
This option enables you to add an “IP Range” that you wish to add to a zone. When clicked on the option of “Add IP Range”, it displays a window prompting for the IP Address Range, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.


1) Virus Check -  
4) Modify -
a. In the case of an infection - the default action set is to "Automatic", but can be set as per requirements.
This option works in conjunction with the present rules defined in the above categories. To change the same, select any of the above rules defined and then select the “Modify” option
b. Priority of Scanner - the default action set is to "Normal", but can be set as per requirements.
c. File types - the default action set is on "Automatic", but can be set as per requirements.
d. Settings - these are the different ways of detecting an infection on the system's different objects and areas and they are as mentioned below:-


i) Heuristic: The system is checked for any suspicious activity or behavior/unusual sequence, pattern and when detected the software takes the necessary action.
5) Remove –
ii) Packed Objects: Files that are zipped are scanned.
This option works in conjunction with the present rules defined in the above categories. To remove, select any of the above rule defined and then click on the “Remove” option
iii) Check Memory: this option when enabled, would check the system's memory (ram).
iv) Archived Objects: Files that are archived are scanned.
v) System Area: The system areas like the boot or partition sectors are scanned.
vi) File size limit for scanning: this option helps to set the limit for scanning based on the size of the file (beyond which the scanner would not scan). By default, the limit is set to 5 MB.
vii) Calculate Analysis: this option calculates and displays the details of the analysis done and/or it displays after calculation the remainder(percentage) of the scan to be done.
viii) Send mail to admin if infection is found: this option helps in notifying the administrator of eScan or the network (designated) that an infection was detected on the system.


'''Other option''':


'''1) Set to default''': this option will revert back to the original/default settings i.e. all the latest changes made to the eScan "Virus Check" option page would be lost.


'''2) Alert''' -  
'''B) Expert Rule''' -
This option helps in alerting/notifying the user in the below said conditions -
This option page has different options on the right hand side of the page like – Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.


a) Warn, if virus signature is more than - this option is set as default. It notifies/alerts the user if the virus signature is more than 3 days old.  
1) Add -  
b) Warn, if the last computer analysis was more than - this option is not set as default. It notifies/alerts the user if the last computer analysis done is more than 14 days old.
This option enables you to add a new rule to the “Expert Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.
c) Log Settings - A log of all the scanning activity is generated and maintained.This includes details of when the scan was run, infected file names along with the path and action taken.The path can be customized as per requirements.
d) Only infection to be logged: The log would only have details of the infection and none other details.
e) Full Log: A full (detailed) log is maintained of the activities done by the scanner.  


'''3) Restrictions''' -  
a. General -
This option helps in speeding up the scan process and also in best utilizing the system's resources.  
This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).


a. Delete infected files having these extentions - this is a list of file types that would be deleted if found infected by default. It can be customized as per requirement and also set to default.
b. Source –
b. Size Restrictions for files having these extentions - this is a list of file types that would not be scanned if the size exceeds the defined limit. It can be customized as per requirement and also set to default.
This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection.  
c. Scan Restrictions for files having these extentions - this is a list of file types that would not be scanned. It can be customized as per requirement and also set to default.  


c.  Destination -
This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.


'''Other option''':
d. Advanced -
1. Set to default: this option will revert back to the original/default settings i.e. all the latest changes made to the eScan "Virus Check" option page would be lost.  
This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.


At the bottom end of this Options option page, two additional options are available, viz- refresh and save.
2) Modify -
1. Refresh - displays the latest status
This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.
2. Save - saves all the settings done.  


'''H) Logs''' -
3) Remove -
This option enables you to check the logs created and maintained within the software after the completion of the defined scan task. It displays, the complete details like the "File Name", "Start Time" and "Directory" where the logs are stored.  
This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.


At the bottom end of this Log option page, two additional options are available, viz- refresh and clear all.  
4) Default Rule -
1. Refresh - displays the latest status
This option reverts back to the default rules set within the software.
2. Clear All - clears/deletes all the logs.  
 
3. View Log – the log/s created can be viewed.
'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.
</div>
 
'''The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.'''
 
 
'''C) Application Rule''' -
This option page has different options on the right hand side of the page like – Add and  Remove.
 
1) Add - 
This option enables you to add a new rule to the “Application Rule”. When clicked on the option of “Add”, it displays a window prompting for the name of the application that needs to be filtered along with the action to be set, i.e Ask, Permit and Deny.
 
2) Remove –
This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then click on “Remove” option.
 
'''Do note''' – in order to change the action preference for a particular application, simply right click on the desired application name and select the new action to be taken provided on the menu. Likewise, more information on the process properties and it’s other details can also be accessed using the appropriate options provided within.
 
 
 
'''D) Trojan Rule''' –
This option page has different options on the right hand side of the page like – Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.
 
1) Add -
This option enables you to add a new rule to the “Trojan Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.
 
a. General -
This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).
 
b. Source –
This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection.
 
c.  Destination -
This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.
 
d. Advanced -
This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.
 
2) Modify -
This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.
 
3) Remove -
This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.
 
4) Default Rule -
This option reverts back to the default rules set within the software.
 
'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.
 
'''The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.'''
 
 
 
'''E) Trusted MAC Address''' –
This option page has different options on the right hand side of the page like – Add, Edit, Remove, Clear All, Import.
 
1) Add -  
This option enables you to add a new rule to the “Trusted MAC Address Rule”. When clicked on the option of “Add”, it displays a window prompting for the MAC Address and Comment for it.
 
2) Edit -
This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Edit” option.
 
3) Remove -
This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.
 
4) Clear All –
This option will delete all the rules defined.
 
'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.
 
5) Import –
This option enables you to import the “trusted mac address list” from a text file.
 
F) Local IP list -
This option page has different options on the right hand side of the page like – Add, Remove, Clear All, Default list.
 
1) Add -
This option enables you to add a new rule to the “Local IP list”. When clicked on the option of “Add”, it displays a window prompting for the Local IP Address.
 
2) Remove -
This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.
 
3) Clear All
This option will delete all the rules defined.
 
Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.
 
4) Default list -
This option reverts back to the default rules set within the software.
 
'''Do note''' - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.
 
 
 
'''Other options''' –
 
1. Clear Alert Cache - This option will clear / delete all the cache maintained of the alerts generated earlier.
 
2. OK – This option will “Save” the recent settings done to the configuration of the software.
 
3. Cancel – This option will discard the recent changes done to the configuration of the software.
 
4. Apply – This option will apply the recent changes done to the configuration of the software.
 
 
 
 
 
'''2. Reports section''' - The  below options are available within -
 
a. Inbound Allowed (TCP/UDP) -
This displays the details of the Inbound connectiuons that were allowed.
 
b. Inbound Allowed (TCP/UDP) –
This displays the details of the Outbound connectiuons that were allowed.
 
c. Inbound Blocked (TCP/UDP) –
This displays the details of the Inbound connectiuons that were blocked.
 
d. Inbound Blocked (TCP/UDP) -
This displays the details of the Inbound connectiuons that were blocked.
 
e. View current network activity
When clicked on “View current network activity” , this option dispkays different options like "Active Connections" and "Established Connections".
 
'''A) Active Connections''':
 
1. Process -
This tab on the active connections page displays the total number of process/es that are active in the background and working
 
2. Protocol -
This tab on the active connections page displays the protocol being used by these process/es,
 
3. Local Address -
This tab on the active connections page displays the local address from where these processes have started/originated from.
 
4. Remote Address -
This tab on the active connections page displays the remote address to where these processes are connecting to.
 
5. Status -
This tab on the active connections page displays the status of the connection of a particular process or all.
 
 
 
 
'''B) Established Connections''':
 
1. Process -
This tab on the established connections page displays the total number of process/es that are active in the background and presently on.
 
2. Protocol -
This tab on the established connections page displays the protocol being used by these process/es,
 
3. Local Address -
This tab on the established connections page displays the local address from where these process/es have started/originated from.
 
4. Remote Address -
This tab on the established connections page displays the remote address to where these process/es are connecting to.
 
'''Note''':-
This TCP Connections module is helpful in precisely knowing which process/es are running in the background, using which protocols, the local address from where it is originating from and the remote address to where it is connected to along with it's status. So, in case you suspect your system to be infected with any malware/s, this module basically helps in identifying the process/es along with it's other characteristics (mentioned above) and then take an informed decision (by right clicking on the process/es) to either check the process/es properties, find information/detail if available on the said process/es, kill/end the process/es, etc... thus resulting in restricting/blocking any and all malware/s activity.
 
'''f. Report''' –
This displays the current status as a log/report.

Revision as of 07:35, 23 September 2008

eConceal Firewall is a comprehensive software firewall that is designed to prevent unauthorized access to a computer or network that is connected to the Internet. It enforces a boundary between two or more networks by implementing default or user-defined access-control policies (rules) between two or more networks.

It allows the user to choose the type of Internet access. The user can set rules to control network access from and to their system. Rules are user’s selection of Internet access either to allow or block on the system.The rules function as filters, analyzing packets (small chunks of data) to check if they fulfill the filter criteria and if they do pass them to the requesting system or else discard them.

Within the software, are provided set of predefined rules that can be added to the firewall by selecting those that are appropriate to one’s security needs. Users can define their own 'rules', and when they don't feel the need for any of the rules they have 'added', they can remove them. Among the pre-set rules involving Internet access that eConceal offers, the user is able to select ARP, DHCP & BOOTP, DNS, E-mail, WWW, News, NetBios, FTP, ICMP, ICQ, Telnet & SSH, IRC, MSN, and VPN.

Internet access involves the usage of these functions in one form or the other. When a system connects to a publci networkd like the Internet, the system becomes vulnerable to unauthorized access. The eConceal firewall is basically designed to protect from unauthorized access by people designed to disrupt or destroy your personal and/or business data functions, often stealing valuable information like your Identity, Account Numbers, other Personal information, Confidential information or Proprietary business related data among other things.

Vulnerable Scenarios -

A user is vulnerable to hacker attack when their system connects to a public network 

- When you log in to chat, you connect to Internet Relay Chat (IRC) servers on the Internet and join others in the numerous 'channels' on the IRC network.

- When you use Telnet to connect to a server on the Internet and execute commands 'on' the server from your computer.

- When you use FTP to transfer files from a remote server to your computer. FTP is the File Transfer Protocol for exchanging files over the Internet, and works in the same way that HTTP and SMTP do in transferring Web pages from servers to user's browser and transferring e-mail across the WWW respectively.

- When you use NetBIOS (Network Basic Input/Output System) to communicate with another user on the LAN; the LAN could in turn be connected to the Internet. NetBIOS insulates the applications that users use to communicate with one another, from understanding the underlying network details.

- When you are a part of a Virtual Private Networks (VPN). These private network connections communicate 'securely' over a public network, such as the Internet.

- When you browse the Web.

- When you send/receive e-mail.

The “Firewall” option page shows the current status of the Firewall Protection. The green color right tick mark denotes that the module is “Active” while the red color cross mark displays that the module is “InActive”.

On the Firewall option page in the “Configuration” section, when clicked on the “Settings” option, one can change and customize the Firewall Protection level, while clicking on either the “Allow All”, “Filter All” and “Block All” options (next to Settings) makes the module to “Allow”, “Filter” or “Block” traffic.

1. Configuration section -

When clicked on “Settings” the below options are available, through which the eScan software’s Firewall protection can be customized -

It has different options like "Zone Rule", "Expert Rule", “Application Rule”, “Trojan Rule”, “Trusted MAC Address” and “Local IP list”.


A) Zone Rule - This option page has different options on the right hand side of the page like – Add Host Name, Add IP, Add IP Range, Modify and Remove.

1) Add Host Name - This option enables you to add a “host” that you wish to add to a zone. When clicked on the option of “Add Host Name”, it displays a window prompting for the Host Name, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.

2) Add IP – This option enables you to add an “IP” that you wish to add to a zone. When clicked on the option of “Add IP”, it displays a window prompting for the IP Address, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.

3) Add IP Range – This option enables you to add an “IP Range” that you wish to add to a zone. When clicked on the option of “Add IP Range”, it displays a window prompting for the IP Address Range, Zone, if trusted or blocked and Name for the Zone Rule and when clicked on the “OK” option, gets added to the “Zone Rule” page.

4) Modify - This option works in conjunction with the present rules defined in the above categories. To change the same, select any of the above rules defined and then select the “Modify” option

5) Remove – This option works in conjunction with the present rules defined in the above categories. To remove, select any of the above rule defined and then click on the “Remove” option


B) Expert Rule - This option page has different options on the right hand side of the page like – Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.

1) Add - This option enables you to add a new rule to the “Expert Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.

a. General - This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).

b. Source – This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection.

c. Destination - This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.

d. Advanced - This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.

2) Modify - This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.

3) Remove - This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.

4) Default Rule - This option reverts back to the default rules set within the software.

Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.

The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.


C) Application Rule - This option page has different options on the right hand side of the page like – Add and Remove.

1) Add - This option enables you to add a new rule to the “Application Rule”. When clicked on the option of “Add”, it displays a window prompting for the name of the application that needs to be filtered along with the action to be set, i.e Ask, Permit and Deny.

2) Remove – This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then click on “Remove” option.

Do note – in order to change the action preference for a particular application, simply right click on the desired application name and select the new action to be taken provided on the menu. Likewise, more information on the process properties and it’s other details can also be accessed using the appropriate options provided within.


D) Trojan Rule – This option page has different options on the right hand side of the page like – Add, Modify, Remove, Default Rule along with the UP and DOWN arrows.

1) Add - This option enables you to add a new rule to the “Trojan Rule”. When clicked on the option of “Add”, it displays a window with four screen, viz. General, Source, Destination and Advanced.

a. General - This screen page helps to define a name for the rule being defined, the action to be taken, i.e. either to pass or reject the packet, protocol to be used and the interface to be used (network adaptors).

b. Source – This screen page helps to define the “source” of the connection, i.e. source IP Address and Port of the connection.

c. Destination - This screen page helps to define the “destination” of the connection, i.e. destination IP Address and Port to get connected to.

d. Advanced - This screen page is helpful ONLY incase if the ICMP protocol is selected in the above “General” screen page.

2) Modify - This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Modify” option.

3) Remove - This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.

4) Default Rule - This option reverts back to the default rules set within the software.

Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.

The UP and DOWN arrows provided below the “default rule” option help you to move the defined rule either Upward or Downward based on one’s requirements.


E) Trusted MAC Address – This option page has different options on the right hand side of the page like – Add, Edit, Remove, Clear All, Import.

1) Add - This option enables you to add a new rule to the “Trusted MAC Address Rule”. When clicked on the option of “Add”, it displays a window prompting for the MAC Address and Comment for it.

2) Edit - This option works in conjunction with the present rules defined in the above category. To change the same, select any of the above rules defined and then select the “Edit” option.

3) Remove - This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.

4) Clear All – This option will delete all the rules defined.

Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.

5) Import – This option enables you to import the “trusted mac address list” from a text file.

F) Local IP list - This option page has different options on the right hand side of the page like – Add, Remove, Clear All, Default list.

1) Add - This option enables you to add a new rule to the “Local IP list”. When clicked on the option of “Add”, it displays a window prompting for the Local IP Address.

2) Remove - This option works in conjunction with the present rules defined in the above category. To remove, select any of the above rule defined and then clck on the “Remove” option.

3) Clear All – This option will delete all the rules defined.

Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.

4) Default list - This option reverts back to the default rules set within the software.

Do note - this option should be used with caution for if the user has defined any rules they would be lost when this option is used.


Other options

1. Clear Alert Cache - This option will clear / delete all the cache maintained of the alerts generated earlier.

2. OK – This option will “Save” the recent settings done to the configuration of the software.

3. Cancel – This option will discard the recent changes done to the configuration of the software.

4. Apply – This option will apply the recent changes done to the configuration of the software.



2. Reports section - The below options are available within -

a. Inbound Allowed (TCP/UDP) - This displays the details of the Inbound connectiuons that were allowed.

b. Inbound Allowed (TCP/UDP) – This displays the details of the Outbound connectiuons that were allowed.

c. Inbound Blocked (TCP/UDP) – This displays the details of the Inbound connectiuons that were blocked.

d. Inbound Blocked (TCP/UDP) - This displays the details of the Inbound connectiuons that were blocked.

e. View current network activity – When clicked on “View current network activity” , this option dispkays different options like "Active Connections" and "Established Connections".

A) Active Connections:

1. Process - This tab on the active connections page displays the total number of process/es that are active in the background and working

2. Protocol - This tab on the active connections page displays the protocol being used by these process/es,

3. Local Address - This tab on the active connections page displays the local address from where these processes have started/originated from.

4. Remote Address - This tab on the active connections page displays the remote address to where these processes are connecting to.

5. Status - This tab on the active connections page displays the status of the connection of a particular process or all.



B) Established Connections:

1. Process - This tab on the established connections page displays the total number of process/es that are active in the background and presently on.

2. Protocol - This tab on the established connections page displays the protocol being used by these process/es,

3. Local Address - This tab on the established connections page displays the local address from where these process/es have started/originated from.

4. Remote Address - This tab on the established connections page displays the remote address to where these process/es are connecting to.

Note:- This TCP Connections module is helpful in precisely knowing which process/es are running in the background, using which protocols, the local address from where it is originating from and the remote address to where it is connected to along with it's status. So, in case you suspect your system to be infected with any malware/s, this module basically helps in identifying the process/es along with it's other characteristics (mentioned above) and then take an informed decision (by right clicking on the process/es) to either check the process/es properties, find information/detail if available on the said process/es, kill/end the process/es, etc... thus resulting in restricting/blocking any and all malware/s activity.

f. Report – This displays the current status as a log/report.

Retrieved from "https://wiki.escanav.com/index.php?title=Escan/english/ondemandscan&oldid=4193"