1001 You can enable/disable use of Easy Mode settings. If "Prefer Easy Mode over Advanced Settings" is unchecked the security settings from Advanced Mode would be applied (if any such settings exist). If "Prefer Easy Mode over Advanced Settings" is checked Easy Mode settings would have preference over any Advanced Mode rules. You can switch from/to the Advanced Mode in the View menu or in the toolbar.
1020 Files
1030 Security
1039 Use of Easy Mode Settings
1040 Registry
1050 Registry \n \nMicrosoft Windows and most of Windows applications store their settings and configuration in Registry. Obviously, altering some portions of the registry could affect stability of the system and the applications. Certain Trojans use registry to bypass virus scan engines making the virus protection ineffective. In addition overwriting some registry settings may cause serious security vulnerability.
1060 Protect Run Keys
1070 Protect Run Keys \n \nProtection to overwrite Run Keys is very effective weapon against the most aggressive viruses. Run Keys are special Registry keys. In Windows 98/ME they may be misused (by viruses and Trojans) to auto start any application on or even before user's logon. In Windows NT/2000/XP aggressive virus may cause that the executable would be granted with unlimited access rights to your computer on the next logon. The consequences of this may be disastrous. It is recommended to have this protection always on.
1080 Protect Windows Setings Key
1090 Protect Windows Settings Key \n \nThe Windows Settings Key protection eliminates the possible attack to capture user name and password during logon as well as the protection of some other important system settings (refer to reference manual for details). It is recommended to have this protection always on.
1100 Protect Extension Association Keys
1110 Protect Extension Association Keys \n \nIf allowed the virus or Trojan could create the association where each time you would execute .exe, .txt, .doc or any other extension based file the virus or Trojan would execute. The Extension Association Keys Protection protects exactly against to this. It is recommended to have this protection always on.
1140 Services
1150 Services \n \nServices settings determine the protection of the computer against to hostile programs that can register themselves as a system service or stop or delete other services.
1160 Prevent Service Installation/Removal
1170 Prevent Service Installation/Removal \n \nThe Service Installation/Removal Prevention protects the computer from viruses and Trojans that would take over the system by registering as a system service.
1180 Prevent Service Stop/Control \n \nStandard applications should not have the need to stop or control a service. Stopping or controlling of system services could have undesirable influence on running Microsoft Windows and may significantly affect the system security. Unless there is a specific reason this setting should be always on. This setting still allow Service Start and Query actions since these are not major security threat and certain applications could require to start other services during their activity. Start/Query Service restrictions may be set in Advanced Mode.
1210 VBA Macros
1220 VBA Macros \n \nMS Office documents (e.g. *.doc, *.xls) may contain some VBA macros which are often misused by various viruses received typically by email. If unprotected just by running *.doc attachement these macros could replace or delete the important files. In respect to Advanced Settings it brings no benefit to enable this protection for other applications then these dealing with MS Office since these macros can be executed only in the environment which supports them (MS Office applications).
1230 Prevent
1240 Prevent \n \nRunning of VBA macro will be prevented.
1250 Run in Special Security Profile
1260 Run in Special Security Profile \n \nVBA macro will be run in a special predefined profile (it will not cross predefined boundaries).
1270 Run Without Protection
1280 Run Without Protection \n \nMacros will be allowed to run without the protection.
1320 Prevent Dangerous Device Access \n \nThis setting prevents the system devices and drivers from the application of various dangerous commands such as formatting harddrive. It is recommended to have this protection always on.\n \nFull list of protected actions:\n - Dismount volume \n - Lock volume \n - Set compression \n - Unlock volume\n - Disk eject media \n - Disk format tracks \n - Disk load media \n - Disk media removal \n - Disk reassign blocks \n - Disk set drive layout \n - Disk set partition info \n - Disk verify \n - Serial lsrmst insert
1330 Prevent Low Level API (PLLAPI)
1340 Prevent Low Level API (PLLAPI) \n \nEach Windows application interfaces with the operating system through an Application Programming Interface (Win32 API). Some portions of this API are intended for use by operating system only and not by regular applications. Prevent Low Level API function protects these portions of API:\n \nIf PLLAPI is enabled following functions are blocked:\n - AdjustTokenPrivileges \n - SetFileSecurity \n - SetKernelObjectSecurity\n - SetServiceObjectSecurity\n - SetSecurityInfo\n - SetNamedSecurityInfo\n - SetUserObjectSecurity\n - CreateProcessAsUser\n - CreateProcessWithLogonW\n - SHCreateProcessAsUserW \n \nIf PLLAPI is enabled following functions are disabled for affected processes trying to access third applications:\n - WriteProcessMemory\n - CreateRemoteThread\n - VirtualAllocEx\n - VirtualProtectEx
1350 Miscellaneous
1360 Miscellaneous \n \nThe security policies listed in this category do not belong to other categories.
1370 Prevent Application Spawning
1380 Prevent Application Spawning \n \nIf enabled the selected application won't be allowed to spawn third processes.
1450 Prevent Service Stop/Control
1460 Use of Easy Mode Settings \n \nYou can enable/disable use of Easy Mode settings. If "Prefer Easy Mode over Advanced Settings" is unchecked the security settings from Advanced Mode would be applied (if any such settings exist). If "Prefer Easy Mode over Advanced Settings" is checked Easy Mode settings would have preference over any Advanced Mode rules. You can switch from/to the Advanced Mode in the View menu or in the toolbar.
1470 Prefer Easy Mode over Advanced Settings
1480 Prefer Easy Mode Settings \n \nEasy Mode settings provide more simple yet effective way of setting up the Application and System security (Windows Security). Unlike Advanced Settings Easy Mode settings are more broad and general. If enabled the selected application group will prefer Easy Mode settings whenever different from Advanced Mode settings. This means that you can still build Advanced Mode settings and their settings would remain in effect as long as they would not collide with Easy Mode settings.You may decide about using Easy Mode based on following:\n \nPros:\n - Simplicity\n - Fast changes\n - & yet effective \n \nCons:\n - Less granularity \n - Certain policies unavailable
1481 Prevent the Creation of Out-of-process COM Servers
1482 Prevent the Creation of Out-of-process COM Servers\n \nIf enabled the selected application group will be not allowed to control external application through COM.
1483 Spawning
1484 Spawning \n \nMalicious Trojan or virus may misuse known and trusted applications to damage the data or make the computer vulnerable to the attack. As an example through the command line instruction a Trojan may instruct command interpreter (cmd.exe) to delete certain or all files. However some applications require spawning (engage other processes to run) in order to run.
1485 OLE & COM
1486 OLE & COM \n \nThe applications frequently communicate together via OLE/COM interface. Even an application on the remote computer may be started and controlled using OLE/COM. You can prevent selected application group from being able to control/create OLE/COM and create in/out-process OLE/COM servers here. ActiveX or other in-process COM use will not be affected by this rule. Since ActiveX is running in the same process boundaries as the application it would use the application's security profile. You want to use this feature whenever you need to limit the rights of untrusted applications.
1487 Protect Services Key
1488 Protect Services Key \n \nDriver or Service have unlimited access to your computer. If virus or Trojan would be allowed to add a subkey into Services Key then it could install new service or driver and severely harm the data or compromise the computer security. It is recommended to have this protection always on.
1489 Protect Tiny Software Key
1490 Protect Tiny Software Key \n \nAll keys except of the keys defined in Registry section are unprotected in Easy Mode. Therefore in order to ensure that Tiny Personal Firewall Security will not be affected it is recommended to protect Tiny Personal Firewall Keys. The protection of other keys may be defined in Advanced Mode.
