IntelliDefense

IntelliDefense™ provides another layer of protection against malicious or unknown programs, while reducing "false alarms" for the programs that are trusted. IntelliDefense:

Uses threat-assessment technology to detect risks and provide smarter control of program communication.
Provides descriptions of programs attempting communication, giving you the facts you need to make informed decisions.

Note: When enabled, IntelliDefense applies to all of the programs that do not have a program policy.

This topic covers the following:

How IntelliDefense Works

IntelliDefense analyzes programs attempting incoming or outgoing communication and evaluates their threat. iolo Personal Firewall then uses this information to make decisions about how to process the communication. The procedure is as follows:

iolo maintains a regularly updated database of information about thousands of programs and program components, including descriptions of their purpose. (See below for more on descriptions.)
When a program attempts communication, IntelliDefense first checks to see if a program attempting communication is signed by a publisher you have designated as trusted. You control which publishers are trusted on the Manage Trusted Publishers window.
If the program is not automatically allowed access due to its trusted publisher status, IntelliDefense then uses the database and its threat-evaluation process to determine a classification for the program, such as "Necessary" or "Dangerous". (See below for more on classifications.)
Based on that classification, iolo Personal Firewall will then take the associated action, which is either to block access, allow access, or generate a prompt. (See below for more on associating actions with a classification.)

For example, Windows system files can be set up to automatically allow access, while unknown programs can be set up to display a prompt window.

IntelliDefense Descriptions

IntelliDefense displays informative descriptions of programs that attempt communication. This gives you information on what attempts are being made and helps you make decisions on whether to give certain programs access.

IntelliDefense descriptions display on:

Click to view a sample description:

IntelliDefense Classifications/Categories

IntelliDefense classifies programs into one of these five categories:

System. Core components of the Windows operating system. Example:

Necessary. Installed, safe applications that perform core functionality. Example:

Optional. Installed, safe applications (or components of such applications) that may be desired but are not required to perform core functionality. Example:

Dangerous. Spyware, viruses, and other software that has been identified as malicious and dangerous by iolo's research team.

Unknown. Programs and components that are not in the IntelliDefense database.*

* For programs classified as "Unknown", you can have the firewall anonymously send iolo information about the program. The information will be reviewed to keep the database as current as possible.

To utilize this feature, select the Automatically send details about unknown programs to iolo for research check box on the Settings window (it is selected as a default). Information about the programs will be automatically sent.

Note: Enabling this feature does not send any personal or identifying information to iolo. All information sent is confidential and used solely for program research by iolo's research team.

Associating a Firewall Action with an IntelliDefense Classification

Within each Zone, you can determine the actions you want to apply to each IntelliDefense classification. For example, "System" files can be set up to automatically allow access, while "Unknown" programs can be set up to generate a prompt.

The incoming and outgoing actions that apply for each IntelliDefense classification depend on how you've designated the Zone security. If you:

Selected a preset security level, the actions for each IntelliDefense classification are fixed and display on the IntelliDefense tab. Click a link to view the IntelliDefense settings for each level: Low, Medium, and High.
Used the Custom security level, you can set the actions for each IntelliDefense classification on the IntelliDefense tab: see Custom.
Allowed all incoming/outgoing access for the Zone, IntelliDefense controls will not apply to programs as all communications are allowed. However, IntelliDefense descriptions will still display on the Recent Firewall Events window.
Blocked all incoming/outgoing access for the Zone, IntelliDefense controls will not apply to programs as no communications are allowed. However, IntelliDefense descriptions will still display on the Recent Firewall Events window.

Enabling or Disabling IntelliDefense

IntelliDefense is enabled as a default.

You can turn the feature on and off from the General tab of the Settings window: Select the Enable IntelliDefense check box to enable IntelliDefense; clear the check box to disable IntelliDefense.