WFWAS: Questions regarding the "System" keyword on "Programs" filtering condition

Discussion in 'other firewalls' started by CGuard, Oct 30, 2012.

Thread Status:
Not open for further replies.
  1. CGuard

    CGuard Registered Member

    Mar 2, 2012

    I am, currently, in the process of creating my own WFWAS custom rule-set. One of the filtering conditions is the "Program" that traffic is restricted to. A lot of the predefined WFWAS rules are restricted to "System". According to this great tutorial, "System" is a special keyword that if used will restrict traffic to the System Process (useful for scoping traffic to any Kernel Mode driver such as Http.sys, Smb.sys, and so on).

    Q1: In general, what kind of traffic should be restricted to "System" (aka, which rules should be based on the "System" filtering condition)?

    Q2: Is there a complete list of all the special keywords (sorted by filtering condition) that can be used in WFWAS?
Thread Status:
Not open for further replies.