Skip to main content

Security Rules

Zenarmor (Sensei) is developed in a way to give all the controls at your hands. To achieve this, we thrived our best to make almost everything configurable. On the Security screen, you can set your general policy of how threat analysis will work and set the rest on the App Control and Web Control modules.


The engine processes the request, queries to SVN Cloud in real-time and decides whether it will be blocked or allowed. We check against 140+ Million Websites, under 120+ categories in milliseconds.

The Cloud Threat Intelligence data is queried real-time when any connection attempt is made through your network. It allows us to respond to malware and wireless outbreaks in real time and very fast.

Zenarmor: Security Control Settings

Figure 1: Zenarmor: Security Control Settings

Essential Security options are available in Free Edition whereas Advanced Security options which are available through Zenarmor Premium Subscriptions (Home, SOHO, Premium) provide Advanced Threat Protection against the latest malware, viruses and phishing attacks by blocking websites that are known to host malware and viruses and launch phishing attacks. With Sunny Valley`s Advanced Threat Protection feed, users are provided with near-real-time commercial-grade threat tracking and protection.

Essential Security#

1. Block Malware Activity#

Block sites that are known to host malware.

2. Block Phishing Servers#

Block sites that are known to host malicious software being used by phishing campaigns.

3. Block Spam Sites#

Block sites which distribute spam.

4. Block Hacking Sites#

Block sites which distribute hacking related content.

5. Block Parked Domains#

Parked domains are web pages typically with a single page with ads. They do not provide any value to the user. They are used by legitimate domain registrars to monetize the visits of users who land on the main page.

On the other hand, parked domains can also host suspicious and / or malicious content, especially when used by an Ad provider. Ad providers are known to be leveraged by cyber criminals to serve malvertisements.

What's more, landing pages of parked domains are known to serve malware on a large scale.

6. Block Potentially Dangerous Sites#

Block sites that are potentially dangerous. Those are the sites that we're not %100 sure that they are malicious but they are displaying suspicious activity which resembles a malicious site.

7. Block Firstly Seen Sites#

Firstly Seen sites are the sites our Web Categorization engine did not hear before. We did not even know that they existed.

You can block all sites that we are yet to hear about by clicking this option.


When we see a Firstly Seen Site, it is immediately being queued for processing by our AI based classification system.

AI based classification system tries to classify it. If there is success, the web category is immediately updated and in one hour, this new information is propagated to the entire Cloud Web Categorization & Threat Intelligence System.

If the AI based classification cannot classify the web site, it is marked as "Unknown", and queued again for further processing.

8. Block Undecided and Safe / Not Safe Sites#

Undecided sites are the sites that our Web Categorization Service heard of but have not come to a decision yet. They have been processed at least once by our AI based Web Categorization service, but has not been categorized yet.

Undecided Not Safe sites are the subset of these sites that we suspect of a malicious activity.

Advanced Security#

Zenarmor Premium blocks suspicious domains including expired domains, hacked and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for phishing, malware, and online scams. In addition, Sensie Premium also blocks any expired DynDNS sites.

1. Block Recent Malware/Phishing/Virus Outbreaks#

Block Malware, Phishing and Virus campaigns which are known to come into existence very recently (within the last 0-2 weeks).

2. Block Proxy#

Proxy sites which are used by attackers to have anonymity

3. Block Dead Sites#

Sites whose registrations have expired. Cyber criminals are known to re-register sites which are no longer being used.

4. Block Dynamic DNS Sites#

Malicious sites have been known to use dynamic DNS services. Blocking these sites keep you safe from any possible attacks that might be launched from them.

5. Block Newly Registered Sites#

Newly registered domains are an effective tool for threat actors. From a security perspective, there are very few reasons someone would need to visit a domain that has just come online; likely, they were sent via a URL from a malicious campaign.

6. Block Newly Recovered Sites#

Like newly registered sites, sites which have undergone a long period silence and become recently up might be also be used by the attackers. Sites which has a good reputation history are especially used by the cyber criminals to evade reputation-based security mechanisms.

These settings are extremely useful to block some phishing attacks when you are not careful of the URLs you are clicking.

7. Block Botnet C&C#

Block Botnet Command and Control Centers.(Will be made available in the future)

8. Block Botnet DGA Domains#

Block Botnet agents trying to contact back their C&C using DGA mechanism.(Will be made available in the future)

9. Block DNS Tunneling#

Block DNS Tunnels, which is an effective way of evading network security filtering.(Will be made available in the future)