What good is this data?
Simple, it allows you to see what programs WAR has blocked because of bad behavior. If in doubt about allowing a program, we’ve included ways of your investigating further using tools like Details and Properties. If you are going to contact us about a PreEmptive Strike block, a screenshot of this screen is extremely important for you to include in your email because this data will help us determine the root cause for the block. From this page you can tell WAR to allow any program listed on this page as blocked.
- When: Contains the timestamp when the file/folder access took place.
- Program Name: This is name of the program accessing the file/folder.
- Full Path: Is the fully qualified path to the program above. you see this icon you know the manufacturer took the time to sign the file.
- Blocking Description: This column contains the reason why WAR blocked the program or script.
By default, this data is sorted by When descending, so that most recent access is always at the top of the list.
Details provides you with a plethora of information about the selected program.
You can see % of users who allow and who block the program. In this case, we have very little data about this program so the percentages are still unknown.
You can see details about the program, including size, version, signature, MD5, SHA256 (SHA what? MD5 and SHA256 are useful for technical look-ups of the file in question) and more importantly other programs sharing the same signature.
From this screen you can view the Microsoft Properties page for the file in question.
If you’re confused about a file, open this tab. It may help you make a decision.
Are you familiar with the Windows Properties page?
If so, you can access it from here.
If not, give it a click. The Properties page provides you with even more information about a particular file.
Some would say it is for more technical users, but you can’t hurt anything by opening it up, looking around and then clicking Cancel to close it.
If upon reviewing the program you’ve determined the program is something you don’t want running on your computer, you can set it as “Blocked”, this will result in WAR preventing this program from ever running.
When an item is blocked by WAR for any ready, the file is immediately quarantined. By marking a program as “Blocked”, you are putting in an extra safe-guard just in case this same file is every written out to disk again.
Lets say based on your observations you want to allow this program.
Easy, click the “Allow Program” button in the menu. That’s it. The program is now allowed across the board.
Oh, and if you make a mistake and allow the wrong program… No big deal, the Program Configuration Page allows you to disallow any program you like simply by highlighting an item and selecting “Block”.
This is useful when you have programs that dynamically download content and then run it out of temporary or “user” folders. This is important enough of a feature that we also make this available on all “Action” pages so that you can add the folder in question without even having to navigate to that folder.
In a typical case, a program may download content to a folder like C:\users\Test\AppData\Local\Company\versionx\program.exe, with the folder changing with each version.
In this case, you should allow C:\Users\Test\AppData\Local\Company\, this will effectively allow all programs in the folders beneath.
We don’t really like this feature, but it is a necessary evil due to the seemingly endless ways programs are allowed to be stored and run in Windows.
This dialog allows you to edit allowed folders. The example above is a perfect example of why you would want to edit an allowed folder.
The program folder that is associated with the program is:
However, the last folder in this path “versionx” is dynamic, changing with each release. Therefore, when you allow the folder you should then edit that allowed folder and remove “versionx” from the end of it to ensure all future releases are allowed. You will edit the path so that it is this:
Allow by Signature
What does that even mean?
Actually this is quite simple. What allow by signature does is take the currently highlighted programs code signing certificate and then allows all programs signed with the same code signing certificate.
OK? What? Try that again…
This is useful after installing a new application or installing a new printer or other hardware that installs a user interface, update programs or other needed programs. Typically all of those programs are signed with the same code signing certificate, therefore by allowing the one certificate you are allowing all of the programs with a single click.
Is this screen full of old entries, things you don’t care about or entries you don’t want anyone else to see?
If so, then simply highlight some or all of the entries and click “Remote Item(s). This will tell WAR will remove all of the highlighted items from the screen. Nothing is physically removed from your computer, we simply remove the data from this one screen and the underlying database.