Operation Manual

Appendix C: Penetration Techniques

application's memory, Outpost Firewall Pro detects it and display a pop-up prompt asking

for your decision. The system works proactively: it allows you to permit or deny the

modification of memory of other processes at the application level. For example, Visual

Studio 2005 would be able to modify memory, while the "copycat.exe" leak test would be

disallowed from doing so. This feature protects against even "unknown" malware not

detected by antivirus and anti-spyware vendors.

Low-level network access

Some network drivers allow direct access to network adapter bypassing the standard TCP

stack. These drivers can be used by sniffers and other malicious programs to get low-level

network access and pose an additional risk for the system as traffic passing through them

cannot be screened by a firewall. The example of using this technique is MBtest leak test

(

http://www.firewallleak tester.com/leak test10.htm).

Outpost Firewall Pro allows controlling applications requesting network access bypassing

standard methods. This feature strengthens the overall network security level preventing

outbound data leakage. The user is able to control an application's attempts to open a

network-enabled driver, meaning that without the user's authorization, an application is not

able to send even the ARP or IPX data.