New Update Defender Hardening Console Executable

[Avethil]

@Trident
If in the future I should run again Deep Firewall scan because I will install new programs and I'll wish to scan them, should I delete all rules first or I can simply run the scan and Deep Firewall will add the rules for the new programs it will find ?

 

[Trident]

@Trident
If in the future I should run again Deep Firewall scan because I will install new programs and I wish to scan them, should I delete all rules first or I can simply run the scan and Deep Firewall will add the rules for the new programs it will find ?

You can run a scan and it will just add the new programs. When you restart the application it performs rule deduplication and I will add cleanup soon so it gets rid of removed programs.

 

[Avethil]

When you restart the application it performs rule deduplication and I will add cleanup soon so it gets rid of removed programs.

So, if I understand correctly, (sorry, English isn't my native language, I'm Italian) Deep Firewall scan doesn't create duplicate rules but currently it doesn't have a feature for purging rules that refers to programs / executable that don't exist anymore.

 

[Trident]

So, if I understand correctly, (sorry, English isn't my native language, I'm Italian) Deep Firewall scan doesn't create duplicate rules but currently it doesn't have a feature for purging rules that refers to programs / executable that don't exist anymore.

Yes, the auto-cleanup will be added to the next version.

 

[Avethil]

I just run a Network scan from "Scan and Clean" menu but it scanned 0 items.

 

[Avethil]

From the same menu I ran both a Total Care Scan than a Aggressive Scan. They completed successfully and Defender Hardening Console automatically saved a html report of the latest scan in folder C:\Users\WindowsUsername\Documents\Helios Reports. The Aggressive Scan was very quick (2859 scanned items in 19.8 seconds), I guess the reason is that I had run the Total Care Scan some minutes before (2224 scanned items in 206.2 seconds) so the Aggressive scan could benefit from some sort of "scanned items cache".

 

[Trident]

I just run a Network scan from "Scan and Clean" menu but it scanned 0 items.

View attachment 295472

It always says 0 the network scan because the connections are not really files.

 

[simmerskool]

So, if I understand correctly, (sorry, English isn't my native language,

@Avethil your posts are very clear. thanks for all your testing...

 

[Trident]

Yes, there is a temporary cache indeed, allocated in a continuous memory array.

That’s why after scan the used memory remains somewhere around the ~20 mb mark.

 

[Avethil]

During the Network Scan or Total Care Scan some items appear as "Unknown". What does that mean ?

 

[Trident]

During the Network Scan or Total Care Scan some items appear as "Unknown". What does that mean ?

View attachment 295479View attachment 295480

These are not TCP but UDP listeners.

The script (Orion Malware Cleaner later changed to HEAT) did map the UDP listeners to the process name and used some heuristics to flag suspicious listeners.

However this has not yet been implemented in the C++ version so the connection reputation is examined but no behavioural heuristics yet.
There are behavioural heuristics for TCP connections.

The enriching process adds information for the heuristics.

In higher versions of the engine, this has been sped up.