Monitoring mode for Interaction Control technologies
In Interaction Control monitoring mode, the application does the following:
If use of Network Integrity Control technology is enabled, the application checks devices' network interactions for compliance with the rules based on this technology. When the application detects network interactions for which there are no enabled rules, it registers unauthorized communication detection events based on Network Integrity Control technology. The events are registered using the system event type that is assigned the code 4000002601.
If use of Command Control technology is enabled, the application checks devices' network interactions for compliance with the rules based on this technology. When the application detects system commands for which there are no enabled rules, it registers unauthorized system command detection events based on Command Control technology. The event is registered using the system event type that is assigned the code 4000002602.
Rules related to different technologies are applied independently of each other. Therefore, to allow use of a system command, the allow rules table must have rules created (automatically or manually) for this system command and for a network packet that transmits this command.