Last active
March 25, 2021 21:06
-
-
Save m8urnett/ee9ea6d2b42985e13b23e260a5d71c83 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. More interactivity | |
| a. Better prompts for blocking new outbound connections | |
| b. Rules-based alerting | |
| 2. Advanced rules | |
| a. Access to stuff like this: https://docs.microsoft.com/en-us/windows/win32/fwp/filtering-conditions-available-at-each-filtering-layer | |
| b. Regex or at least wildcard rules | |
| c. Rules based on executable signer | |
| d. Rules based on executable parameters (for java, python, etc.) | |
| e. Rules based on time of day/day of week | |
| 3. Custom, switchable local profiles | |
| 4. Auto-mirroring or bi-directional rules (for both incoming and outgoing in a single rule) | |
| 5. Timed and auto-expiring rules | |
| 6. Compound or grouped rules (or at least a collapsible folder format) | |
| 7. Group policy to prevent new rules creation | |
| 8. Rule ACLs and SACLs (workaround: registry ACLs and SACLs) | |
| 9. Aliases for ports, hostnames, etc. | |
| 10. Access to some of the netsh stuff | |
| a. netsh http | |
| b. RPC rules | |
| 11. Program (or custom) icons in the rules list | |
| 12. Show which app/user created the rule | |
| 13. Rule chains | |
| 14. Better default block rules for some LOLBins | |
| 15. Rule and ruleset templates | |
| 16. Negated rule options |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment