About Firewall rules

The Firewall Management task controls filtration of incoming and outgoing network traffic using allowing rules forcibly applied to the Windows Firewall during task execution.

The first time the task is started Kaspersky Embedded Systems Security reads and copies all the incoming network traffic rules specified in the Windows Firewall settings to the Firewall Management task settings. Then the application operates according to the following rules:

• If a new rule is created in the Windows Firewall settings (manually or automatically during a new application installation), Kaspersky Embedded Systems Security deletes the rule.
• If an existing rule is deleted from the Windows Firewall settings, Kaspersky Embedded Systems Security restores the rule when the task is restarted.
• If the parameters of an existing rule are changed in the Windows Firewall settings, Kaspersky Embedded Systems Security rolls back the changes.
• If a new rule is created in the Firewall Management settings, Kaspersky Embedded Systems Security forcibly applies the rule to Windows Firewall.
• If an existing rule is deleted from the Firewall Management settings, Kaspersky Embedded Systems Security forcibly deletes the rule from the Windows Firewall settings.

You can manage different types of Firewall rules: for applications and for ports.

Behavior of the default rules when you install and remove the application

During installation, a set of allowing rules is created to prevent the applications installed along with Kaspersky Embedded Systems Security from being blocked and to ensure their continuous operation. Following are the details and limitations.

By default, Kaspersky Embedded Systems Security creates a set of rules for incoming network traffic when you install the application on a device that runs any supported version of Windows OS:

• Allowing rules for Kaspersky Embedded Systems Security Console, located in the application installation folder. Status: enabled. Allowed external addresses: Any. Protocols: TCP and UPD – one rule per protocol.
• Two allowing rules for local port 15000, if Kaspersky Security Center Network Agent is installed on the device. State: enabled. Allowed external addresses: Any. Protocols: TCP and UPD – one rule per protocol.

By default, Kaspersky Embedded Systems Security creates a set of rules for outgoing network traffic when you install the application on a device that runs Windows 7 or later:

• Allowing rules for Kaspersky Security Management, located in the application installation folder. State: enabled. Allowed external addresses: Any. Protocols: TCP and UPD – one rule per protocol.
• Allowing rules for Kaspersky Embedded Systems Security, located in the application installation folder. State: enabled. Allowed external addresses: Any. Protocols: TCP and UPD – one rule per protocol.
• Two allowing rules for local port 13000, if Kaspersky Security Center Network Agent is installed on the device. State: enabled. Allowed external addresses: Any. Protocols: TCP and UPD – one rule per protocol.

When you uninstall Kaspersky Embedded Systems Security, the application removes all created Firewall rules, except for the rules created by Kaspersky Security Center Network Agent, such as Kaspersky Security Center WDS and Kaspersky Administration Kit. Also, the application removes the rules for ICMPv4 and ICMPv6 for Windows 7 and later.

When you uninstall Kaspersky Embedded Systems Security, the application enables all ICMP connections for operating systems earlier than Windows 7.

Application rules

This type of rule allows targeted network connections for specified applications. The triggering criterion for these rules is based on a path to an executable file.

You can manage application rules:

• Add new rules.
• Remove existing rules.
• Enable or disable specified rules.
• Edit the parameters of the specified rules: specify the rule name, path to the executable file, and the rule usage scope.

Port rules

This type of rule allows network connections for specified ports and protocols (TCP / UDP). The triggering criteria for these rules are based on the port number and protocol type.

You can manage port rules:

• Add new rules.
• Remove existing rules.
• Enable or disable specified rules.
• Edit the parameters of the specified rules: set the rule name, port number, protocol type, and scope for application of the rule.

Port rules involve a broader scope than application rules. By allowing connections based on port rules, you lower the security level of the protected device.

Page top