Hello:

I like this product! But I have some simple questions (to some) as to how to mximize my security using this product.

1) Can I effectively create a country blocking table in web access management using the list of blocked addresses? I think that this is possible

I entered *.cn, BUT with no examples to copy I'm unsure if this is a correct entry. The software accepted the entry but again I have doubts.

If this works I can enter ALL countries I wish to avoid on the www, no insult intended to any individual. I'm just trying to exploit the features.


2) Reading the help, V4 seems to do everything a HIPS does am I right about that? If so how does it validate a program is legit to run just by seeing if it is Malware or by checking the file name, digital signature or the MD5 code?

Again I applogize in advance for asking these questions.

This seems to be part of the answer to my own HIPS on V4 question:

-{ Quote: "4.1.2 Host Intrusion Prevention System (HIPS)
Host Intrusion Prevention System (HIPS) protects your system from malware or any unwanted activity attempting to negatively affect the security of your computer. It utilizes advanced behavioral analysis coupled with the detection capabilities of network filter to monitor running processes, files and registry keys, actively blocking and preventing any such attempts." }-

Still don't know what type of validation logic Nod32 V4 imposes on executables.

-{ Quote: "

1) Can I effectively create a country blocking table in web access management using the list of blocked addresses? I think that this is possible

I entered *.cn, BUT with no examples to copy I'm unsure if this is a correct entry. The software accepted the entry but again I have doubts.
" }-

Your *.cn will block this www.chinadaily.com.cn, but it won't block http://www.chinadaily.com.cn/china/2009-10/27/content_8852346.htm

I have no idea how to get it to block a top level domain. I thought I'd asked this question before, but searching the forums leads me to believe that I imagined it. ???

(Edit: I knew I'd brought it up on the forum before; it was a request (http://www.wilderssecurity.com/showthread.php?p=1297804&highlight=domain#post1297804) in a 'Future changes...' thread.)

-{ Quote: "Your *.cn will block this www.chinadaily.com.cn (http://www.chinadaily.com.cn), but it will also block this www.cnd.org (http://www.cnd.org)

I have no idea how to get it to block a top level domain. I thought I'd asked this question before, but searching the forums leads me to believe that I imagined it. ???

(Edit: I knew I'd brought it up on the forum before; it was a request (http://www.wilderssecurity.com/showthread.php?p=1297804&highlight=domain#post1297804) in a 'Future changes...' thread.)" }-

Well V4 did 1/2 of your post. It did block www.chinadaily.com.cn (http://www.chinadaily.com.cn/), but it allowed www.cnd.org (http://www.cnd.org/).

The * means according to the manual any string of characters. So I think I would need to block the second one some other way. I'm glad I'm not the only user who could benefit from this.

I just edited my previous post as you were typing. I was experimenting with *.cn* and that's what led to www.cnd.org being blocked - my mistake! :ouch:

*.cn blocks http://www.chinadaily.com.cn/ but it wouldn't block http://www.chinadaily.com.cn/nastymalware.exe

How about adding these 3 filters:
*.cn
*.cn.*
*.cn/*

Nah, they won't work. You can't end with a forwardslash for some reason. ???

Strange, but I found a way to enter *.cn/* - use *.cn/\*

Just checked and it does successfully block http://www.chinadaily.com.cn/china/2...nt_8852346.htm

-{ Quote: "Strange, but I found a way to enter *.cn/* - use *.cn/\*

Just checked and it does successfully block http://www.chinadaily.com.cn/china/2...nt_8852346.htm" }-


Thanks to you guys! Before we are done I will have learned how to program masks for V4.

1) Do we need to put www. in front or does it matter? I've done a few but the SW grays out the www

2) It would be good if we could load a set of addresses masks in?


Yes, it worked here as well! When it blocks do you get a pop up or message?
I'm in FF with pop ups blocked so I think I have to allow V4 to do pops!
Nope ! I had the notify box unticked! whoa this is great learning! As soon as that was on I got a pop from V4

-{ Quote: "Thanks to you guys! Before we are done I will have learned how to program masks for V4.

1) Do we need to put www. in front or does it matter? I've done a few but the SW grays out the www

2) It would be good if we could load a set of addresses masks in?
" }-

re 1: I'd think generally no.

re 2: You can export all your addresses and masks with the 'Export...' button.
You can import them by clicking on the drop down arrow next to 'Add...' and select 'From File'.

Note: In the case of *.cn/\* it will be exported as *.cn/*, so you'd need to manually edit that entry in the saved export file to *.cn/\*


:argh:

I wonder if these refs are relevant. I suspect they are, but haven't tried enough to be sure
http://regexlib.com/CheatSheet.aspx
http://www.addedbytes.com/cheat-sheets/regular-expressions-cheat-sheet/
http://www.allwebdesignresources.com/webdesignblogs/graphics/a-collection-of-regular-expressions-cheat-sheets-quick-reference-guides/