Security Icon Controls

security-icon-controls

 

These 6 Security Icon Controls are located above the the Program Watch edit-field and can be configured on the Security tab of the Options page. They become visible as soon as you enter a valid program in the Program watch edit-field.

 

Enabled

Disabled

Description

security-icon-av windows-defender virus-total-icon

n.a.

Click on this AntiVirus Icon Control to scan the program in the Program watch edit-field with your configured AntiVirus program. Depending on the AntiVirus program selected on the Security Options page the icon could also look differently.

security-icon-cert

signed-disabled

If you see this enabled Certificate Icon then the program has been digitally signed with a certificate from a Trusted Authority. If the program has not been digitally signed then this icon is disabled. (Generally and for security reasons, you should prefer signed software application programs, especially in a business environment). Click the certificate icon to have Windows display the program's signature certificate dialog.

If you click the disabled Certificate Icon (i.e. the program is currently not signed) then a popup-menu is invoked with menu-items allowing you to sign the current program, if you have previously configured a signing menu in the Custom Tools Options page, for example:

[sign]{Default sign with signtool.exe}"C:\Program Files (x86)\Windows Kits\8.1\bin\x64\signtool.exe" sign /a "%1"

• The [sign] text adds the signing program to the signing menu

• The {Default sign with signtool.exe} text adds your castom caption to the menu item

• The "C:\Program Files (x86)\Windows Kits\8.1\bin\x64\signtool.exe" text is the path to your sign program

• The parameters/switches sign /a must be separated by spaces

• The "%1" parameter variable will be resolved to the program to be signed

security-icon-upx

compression-disabled

This enabled Compressed Icon means that the program has been compressed (i.e. reduced in size and thus its content obfuscated) by the UPX packer. If the program has not been compressed by UPX then this icon is disabled. Please note: As there are many exe packers which don't identify themselves (like UPX does) the following method might also be helpful to identify packed (and thus obfuscated) program files:

If you click the disabled Compressed Icon (i.e. the program is currently not compressed) then a popup-menu is invoked with menu-items allowing you to compress the current program, if you have previously configured a Compress menu in the Custom Tools Options page, for example:

[pack]{Compress with UPX -9}"C:\Program Files\My Packers\upx.exe" -9 "%1"

• The [pack] text adds the compression program to the Compression menu

• The {Compress with UPX -9} text adds your castom caption to the menu item

• The "C:\Program Files\My Packers\upx.exe" text is the path to your compression program

• The parameter -9 must be separated by spaces from other parameters

• The "%1" parameter variable will be resolved to the program to be compressed

security-icon-sectionmap

n.a.

The SectionMap icon is a colored map of the main inner structure of a program file: The EXE sections. This gives you a quick overview of the "skeleton" of the program file which may let you quickly assess further properties of the program.

For example, such a SectionMap icon sectionmap-icon-reddish with a large portion of reddish color (as for packed sections) indicates that a large portion of the program file is packed (and thus obfuscated) and possibly needs further investigation.

Click on this SectionMap icon to open the Section Map window with more details about the program's inner sections.

firewall-enabled

firewall-disabled

This Firewall Icon shows whether there are any rules in the Windows Firewall for this program. If there are any (icon is enabled) then clicking this icon opens a small window enumerating the Firewall rules for this program and their details.

autostart-enabled

autostart-disabled autostart-error

This Autostart Icon shows whether this program is started automatically at Windows Start. If it is (icon is enabled) then clicking this icon opens a window with the Autostart properties of this program where you can also remove the Autostart for this program.

If this icon is disabled (which means that this program is not started with Windows) then clicking the disabled Autostart Icon opens a dialog window where you can register this program to be started with Windows and the specific Autostart details.

If the disabled Autostart Icon has an error overlay error-overlay then an error has occurred when reading the Autostart properties of this program. Clicking this error icon opens a dialog offering you to fix this error which should take just a few seconds.