Hi -
I use Automatic Program Control with NIS 2009, but have about 6 custom program rules, either via modification of an automatic rule or addition of an entirely new one. I have a few questions which I hope are straightforward, even though I can't seem to state them too succinctly:
1. The first time I use a program (since installing NIS), it usually creates an automatic program rule, and I see a log entry that says :"Firewall rules were automatically created for program such-and-such." No surprise there. Other times I have manually created a rule, and it says "you created firewall rules to manage how program such-and-such accesses your network resources." No surprise there, either.
But tonight a rule was created *automatically*, and the log used the "YOU created firewall rules..." statement. So now I'm confused as to why it didn't use the "Firewall rules were created automatically..." statement. The program was an openvpn, but I'm not sure why that would change the phrasing of the log entry given it was still created automatically. Any ideas why it is saying I created the rules this time?
2. Even though I generally use auto program control, yesterday an alert popped up that a particular program had accessed the internet. I had modified the automatically-generated rule to log any access. But this is the first time I ever saw such a pop-up rather than just a log entry (and I was happy to be alerted in this case). Previously I have had to check the logs to see such logging-requested activity, whether it was with regard to an Allow rule or a Block rule. Why the change? (I have one theory, which is mentioned in question 3, but I have no idea whether it's right.)
3. When modifying an auto program rule or adding a completely new custom rule, I know that choosing "monitor" on the Action tab will automatically place a checkmark in the "Create a Log Entry" box on the Tracking tab. Is there any significance to the fact that the reverse is not also true? On a related note, getting back to that program with the pop-up alerting me to net access: I *think* (can't swear to it) that this program's rule modification was the first time I actually selected Monitor on the Action tab rather than soley ticking the Log box on the Tracking tab. Could THAT have any relation to why I saw an alert pop-up?
Thanks.