Defining the Policy
After creating the match objects, you can define a policy that uses them. The image that follows shows the other policy settings. This example as shown is specific for reverse shells in both the Policy Name and the Direction settings. As mentioned, it might also be tailored for a wider scope with the Direction setting changed to Both and a more generic name.
A log entry with a Category of Network Access is generated after a connection Reset/Drop. Log Entry After a Connection Reset/Drop shows the log entry, including the message stating that it is an Application Control Alert and displaying the policy name:
Log Entry After a Connection Reset/Drop
As experience suggests, appropriate security measures would include several layers of intelligence, and no single approach can be considered a definitive defense against hostile code.
Was This Article Helpful?
Help us to improve our support portal