What is traffic scanning?
This Heimdal engine provides two options: Traffic Filtering and Automatically disable Traffic Filtering
By turning this engine ON or OFF you will ENABLE or DISABLED both Traffic Filtering and Automatically disable Traffic Filtering
How does Traffic Filtering work?
When this engine is enabled, the Thor Foresight module will apply a filter on the network adapter that will scan for infected websites and other web locations (servers, online ads, etc) that can potentially install malware or be used as gateways for cyber-attacks.
How it works:
- Heimdal will change the DNS (Domain Name System) for IPv4 and IPv6.
- For the IPv4 it will change it from „Obtain DNS server addresses automatically” or from an already set DNS (that will be backed up in a registry) to 127.7.7.x
- For the IPv6 it will change it to : fe80::b49a:9bef:4249:ac2e
- Once the DNS is set, then every web location you access via the Internet will be processed through a database that is set locally on the Heimdal Thor Agent install path. This database is about 15 MB in size and 95% of the websites blocked are located here.
- If the website is identified as being infected, Thor will block it and you will see this message:
- If the website is not blocked after being processed through the local database it will pass but there is a second step. The website will be parsed through another database, in the cloud (about 6GB in size) where it will be checked again. If it’s found to be malicious, DarkLayer Guard will block it. If it’s safe, you’ll just be able to see the website/banner normally.
Note: All this filtering process takes place in milliseconds and will not affect your internet connection speed.
What is Automatically disable traffic filtering?
If the Heimdal Thor Agent can’t connect to the cloud servers from your location, Traffic Filtering won’t work properly. This may disconnect your PC from the Internet. To avoid this, you can choose to automatically disable Traffic Filtering. Heimdal will automatically re-enable the feature when it can reconnect to the cloud servers.