Kaspersky Endpoint Security components can add and delete dynamic rules to the firewall that are required for correct functioning. For example, Network Agent adds dynamic rules that allow connections to Kaspersky Security Center initiated both by the application and by Kaspersky Security Center. Also, Anti-Cryptor task rules are dynamic.
The Firewall Management task does not control dynamic rules and does not block access to network resources for the application components. Dynamic rules do not depend on the Firewall Management task state (started/stopped) or its settings changes. An execution priority of the dynamic rules is higher than a priority of the network packet rules. Kaspersky Endpoint Security restores a set of dynamic rules if any of them were deleted, for example, using the iptables utility.
You can view a set of dynamic rules (using the kesl-control –F -–query command) but you cannot change the settings for dynamic rules.