Awhile back I created an Application Control rule as follows:
- Take the following action: Monitor
- when Current applications in any of the following selected classe: <First Time Application Execute>
- But not in any of the following selected classes: <none>
- attempt to run New applications in any of the following selected classes: <All Applications>
- But not in any of the following selected classes: <First Time Application Execute>
This rule isn't working as planned. I get a lot of repeat events. The help text for <First Time Application Execute> is "This application class includes the first invocation of any application which has never been observed to execute on this system." I'm wondering if that is reset after a period of time or a reboot.
I'm wondering if I have the classes backwards in my rule...
Also, in what scenarios is the "Add New Process to Application Class" and "Add Current Process to Application Class" actions best used?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...