Security Navigator extension (Extension module name: SCEX)

What protection mode do I need to use?
Why some processes in the "Owner & Session" column of the "Security Navigator" are gray?
What is a "Network Process Control"? Is it just firewall?
What the difference between "Unobtrusive Protection" mode and "Essential Protection" mode?

What protection mode do I need to use?

The short answer it on your discretion, but in general it depends on that than you are engaged during this moment of time. We recommend to use a "Essential Protection" mode during time the surfing Internet. Together with "Process Network Control" it guarantees, reliable protection. because even applications with the digital signature, without your authorization won't be resolved to execution. We also don't recommend usage of "ProhibitiveProtection" in an everyday life as it can break normal operation of an operating system. Use this mode only in exceptional cases, when you precisely know that you do.

Why some processes in the "Owner & Session" column of the "Security Navigator" are gray?

That is why thees processes are executed under restricted token. For example, on Windows XP (since Windows Vista Microsoft introduced UAC and rules of processes launch by user have been changed) if you are logged on into system as restricted user, all processes launched by you will work under a restricted token by default. For security level increase, we recommend you log into Windows XP as the restricted user, especially when you gather to surf in the Internet.

What is a "Process Network Control? Is it just firewall?

Generally the "Process Network Control" can be viewed as a process-oriented firewall, but It illustrates a transition in the network traffic control from the traditional “host-port” firewall concept to the “process-direction” concept. "Process Network Control" allows to control the network traffic at the level of the one of main component of the operating i.e. the process, which makes the procedure of controlling the target system’s network traffic simpler and easier to understand. "Process Network Control" supports eight basic states of the network traffic of each process executed in the context of the operating system: four forms for the each of the incoming and the outgoing traffic generated by the process. The forms comprise a “permit-block” trigger and a “local-global” traffic type. The traffic generated by the process within the IP sub-network is considered as local. All the other traffic (reaching outside the local network) considered global is regarded by "Process Network Control" as Internet traffic. Thus the four states of the network traffic process can take the following states:

  • Prohibit all traffic (both local and global);
  • Permit traffic within the sub-network (permit local traffic, prohibit global traffic);
  • Permit traffic outside the sub-network (prohibit local traffic, permit global traffic);
  • Permit all traffic (both local and global).

What the difference between "Unobtrusive Protection" mode and "Essential Protection" mode?

The "Unobtrusive Protection" mode can be used in the regular every-day activity. It does not generate requests to allow execution of processes if:

  • (a) that are identified by the "Cyberfort Core System" as part of the operating system;
  • (b) that are known to the educable system of "System Process Control" implemented in the Cyberfort Technology; and
  • (c) whose root executable files have a valid digital signature.

If the process is not identified as part of the operating system and does not have a valid digital signature, in order for it to be identified and known by the process control system, the user needs to give a one-time permission to start the process. This can be done in the notification tray window that pops up each time the operating system initiates an such process.

The "Essential Protection" mode has settings different from those of the unobtrusive one. In this mode all the processes are treated as unknown and are required to be permitted to start by the user. Exceptions are made for the processes that are identified as part of the operating system and those for which an exception rule is created and which included in the “Trusted List".