WFWAS: Questions regarding the "System" keyword on "Programs" filtering condition

Discussion in 'other firewalls' started by CGuard, Oct 30, 2012.

Thread Status:
Not open for further replies.
  1. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    Hi,

    I am, currently, in the process of creating my own WFWAS custom rule-set. One of the filtering conditions is the "Program" that traffic is restricted to. A lot of the predefined WFWAS rules are restricted to "System". According to this great tutorial, "System" is a special keyword that if used will restrict traffic to the System Process (useful for scoping traffic to any Kernel Mode driver such as Http.sys, Smb.sys, and so on).

    Q1: In general, what kind of traffic should be restricted to "System" (aka, which rules should be based on the "System" filtering condition)?

    Q2: Is there a complete list of all the special keywords (sorted by filtering condition) that can be used in WFWAS?
     
    CGuard, Oct 30, 2012
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...