Jump to content

Blocked Threat feature request


Recommended Posts

In the alert details please include the process ID of any outbound/inbound threat blocked.  At the moment it appears all we get is application name, destination IP and port.  Application alone is ambiguous when there are multiple threads/copies resident.  For example Chrome could have hundreds of threads active at any one time (at least for me).  If the 'blocked threat' alert pops it's impossible to determine which window and/or tab (if any), or other process was responsible.  Just that it was Chrome.  Additional detail, even if only the process ID responsible/targeted, would go a LONG way towards figuring out why Chrome was making such an attempt.  Inbound may be problematical assuming it's difficult to gather process info based upon what's listening at the destination port, so if this is too costly so be it.  Outbound is what really matters, again at least to me.  Given the process ID I can track down which Chrome window/tab was responsible (assuming it was a specific one) and hopefully narrow down what might have triggered the attempt. 

This is assuming there's no specific reason for not including this detail...?

Thanks for listening. 

Link to post
Share on other sites

Greetings,

Thank you for the suggestion.  Yes, it should be trivial to include the PID for block events, at least outgoing.  For incoming it is far less likely only because blocks occur at the network/adapter level within the network stack (Web Protection functions through an implementation of the same WFP APIs used by the built in Windows Firewall) so incoming blocks are intercepted long before reaching the application level/user mode.

Either way, I will provide your feedback to the Product team and hopefully we will see additional details added in a future release (and I will include the request for more specifics on incoming blocks as well, if possible just in case the Devs know of a way to accomplish this).

If you have any further feedback, suggestions or feature requests please don't hesitate to let us know.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.