I know this has probably been asked a million times, I'm sorry if so:
1. How does WSA journal? Does it Sandbox unknowns and if found malicious, dump the sandbox contents?
2. Does it place any type of restrictions on Monitored .exes (similiar to Kaspersky's low/high restrictions within app control)?
Thanks!
Page 1 / 1
Hi mar122999
WSA basically logs in a journal all activity, The system events monitoring is recording activity taking place across your system in real-time. These include file activity, registry changes, network/internet activity to name a few, and there are a lot more also recorded. This can be seen under Execution History in the Utilities section.
If you click on More Information, you'll see another screen where you can double-click on individual events to see more details.
'Monitoring' mode also places restrictions on the application/file being monitored; this is not uniform as there are levels of restrictions (these can be seen if you review the entries for the 'Monitored' processes in the Scan Log...each such entry has a 'Type' which indicates the level of monitoring) but suffice to say that this will prevent the process/application undertaking any action deemed to be detrimental to the system's 'health'. Now whether you could call that 'sandboxing', in the strict sense of the term, I suspect not as it will allow basic, non suspicious action to be proceeded with, all whilst being journalled.
The journaled actions are held in the programdataWRdata hidden folder and depending on the eventual determination on the monitored process/application, i.e., whether it is determined to be 'good' or 'bad' the journal will either be removed (or should be) in the case of a 'good' process or used to rollback the action of a 'bad' process and thenremoved (or should be).
I hope that this clarifies the position for you? If not then please do post further questions.
Regards, Baldrick
WSA basically logs in a journal all activity, The system events monitoring is recording activity taking place across your system in real-time. These include file activity, registry changes, network/internet activity to name a few, and there are a lot more also recorded. This can be seen under Execution History in the Utilities section.
If you click on More Information, you'll see another screen where you can double-click on individual events to see more details.
'Monitoring' mode also places restrictions on the application/file being monitored; this is not uniform as there are levels of restrictions (these can be seen if you review the entries for the 'Monitored' processes in the Scan Log...each such entry has a 'Type' which indicates the level of monitoring) but suffice to say that this will prevent the process/application undertaking any action deemed to be detrimental to the system's 'health'. Now whether you could call that 'sandboxing', in the strict sense of the term, I suspect not as it will allow basic, non suspicious action to be proceeded with, all whilst being journalled.
The journaled actions are held in the programdataWRdata hidden folder and depending on the eventual determination on the monitored process/application, i.e., whether it is determined to be 'good' or 'bad' the journal will either be removed (or should be) in the case of a 'good' process or used to rollback the action of a 'bad' process and thenremoved (or should be).
I hope that this clarifies the position for you? If not then please do post further questions.
Regards, Baldrick
It does. Thanks!
Hi mar122999
Great! Glad to be of assistance. Do let us know if you have any further questions. :D
Regards, Baldrick
Great! Glad to be of assistance. Do let us know if you have any further questions. :D
Regards, Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.