Hi big M ,
I like the HIPS system, I like to be able to vet TCP/IP sessions to prevent apps from dialling out.
One feature I have noticed on a few software firewalls is a "resolve" button near the destination IP address listing.
This would do a reverse lookup on an IP address and possibly a whois to determine who and (where?) exactly this remote host is.
This is a quick way to determine where some svchost.exe or NTOSKRNL.exe binary is talking to:
error-reporting.Microsoft.com (updates, etc OK)
dynamic3jds3dsllgr.BulletProof-MALwareHost.cn (DANGER WILL ROBINSON )
Might be a useful feature to introduce? Maybe could be disabled by policy for corp lans without external DNS, etc
Can you file an FMR for this request?
Oh! mcafee with your *ER and *SR's haha
MER FER ESR TSR
requires recommended request remain resident!
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center