To create or edit a network rule for an application or application group:
In the main application window, click the Settings button.
In the application settings window, select Essential Threat Protection → Firewall.
Click the Application rules button.
The Firewall window opens to the Application network rules tab.
In the list of applications, select the application or group of applications for which you want to create or edit a network rule.
Right-click to bring up the context menu and select Application rights or Group rights depending on what you need to do.
This opens the Application rights or Application group rights window.
Select the Network rules tab in the Application rights or Group rights window.
Do one of the following:
To create a new network rule, click the Add button.
To edit a network rule, select it in the list of network rules and click the Edit button.
The Network rule window opens.
In the Action drop-down list, select the action to be performed by Firewall on detecting this kind of network activity:
Allow
Block
In the Name field, specify the name of the network service in one of the following ways:
Set of parameters that define network activity. For this network activity, you can create a network rule that regulates the operation of Firewall.
Click the icon to the right of the Name field and select the name of the network service in the drop-down list.
The drop-down list includes network services that define the most frequently used network connections.
Manually enter the name of the network service in the Name field.
Specify the data transfer protocol:
Select the Protocol check box.
In the drop-down list, select the type of protocol on which to monitor network activity.
Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols. If you select a network service from the Name drop-down list, the Protocol check box is selected automatically and the drop-down list next to the check box contains the protocol type that corresponds to the selected network service. By default, the Protocol check box is cleared.
In the Direction drop-down list, select the direction of the monitored network activity.
Firewall monitors network connections with the following directions:
Inbound.
Inbound / Outbound.
Outbound.
If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
Select the ICMP type check box and select the ICMP packet type in the drop-down list.
Select the ICMP code check box and select the ICMP packet code in the drop-down list.
If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored:
Type the ports of the remote computer in the Remote ports field.
Type the ports of the local computer in the Local ports field.
Specify the network addresses of remote computers that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
Any address. The network rule controls network packets sent and/or received by remote computers with any IP address.
Subnet addresses. The network rule controls network packets sent and/or received by remote computers with IP addresses associated with the selected network type: Trusted networks, Local networks, or Public networks.
Addresses from the list. The network rule controls network packets sent and/or received by remote computers with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
Specify the network addresses of computers that have Kaspersky Endpoint Security installed and can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
Any address. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with any IP address.
Addresses from the list. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
Sometimes a local address cannot be obtained for applications that work with network packets. If this is the case, the value of the Local addresses setting is ignored.
If you want the actions of the network rule to be reflected in the report, select the Log events check box.
In the Network rule window, click OK.
If you created a new network rule, the rule is displayed on the Network rules tab.
Click OK in the Group rights window if the rule is intended for a group of applications, or in the Application rights window if the rule is intended for an application.