Firewall

The Firewall blocks unauthorized connections to the computer while working on the Internet or local network. The Firewall also controls the network activity of applications on the computer. This allows you to protect your corporate LAN from identity theft and other attacks. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and predefined network rules.

Network Agent is used for interaction with Kaspersky Security Center. Firewall automatically creates network rules required for the application and the Network Agent to work. As a result, the Firewall opens several ports on the computer. Which ports are opened depends on computer's role (for example, distribution point). To learn more about the ports that will be opened on the computer, see Kaspersky Security Center Help.

Network rules

You can configure network rules at the following levels:

Controlled access of applications to operating system resources, processes and personal data is provided by the Host Intrusion Prevention component by using application rights.

During the first startup of the application, the Firewall performs the following actions:

  1. Checks the security of the application using downloaded anti-virus databases.
  2. Checks the security of the application in Kaspersky Security Network.

    You are advised to participate in Kaspersky Security Network to help the Firewall work more effectively.

  3. Puts the application in one of the trust groups: Trusted, Low Restricted, High Restricted, Untrusted.

    A trust group defines the rights that Kaspersky Endpoint Security refers to when controlling application activity. Kaspersky Endpoint Security places an application in a trust group depending on the level of danger that this application may pose to the computer.

    Kaspersky Endpoint Security places an application in a trust group for the Firewall and Host Intrusion Prevention components. You cannot change the trust group only for the Firewall or Host Intrusion Prevention.

    If you refused to participate in KSN or there is no network, Kaspersky Endpoint Security places the application in a trust group depending on the settings of the Host Intrusion Prevention component. After receiving the reputation of the application from KSN, the trust group can be changed automatically.

  4. It blocks network activity of the application depending on the trust group. For example, applications in the High Restricted trust group are not allowed to use any network connections.

The next time the application is started, Kaspersky Endpoint Security checks the integrity of the application. If the application is unchanged, the component uses the current network rules for it. If the application has been modified, Kaspersky Endpoint Security analyzes the application as if it were being started for the first time.

Network Rule Priorities

Each rule has a priority. The higher a rule is on the list, the higher its priority. If network activity is added to several rules, the Firewall regulates network activity according to the rule with the highest priority.

Network packet rules have a higher priority than network rules for applications. If both network packet rules and network rules for applications are specified for the same type of network activity, the network activity is handled according to the network packet rules.

Network rules for applications work as follows: a network rule for applications includes access rules based on the network status: public, local, or trusted. For example, applications in the High Restricted trust group are not allowed any network activity in networks of all statuses by default. If a network rule is specified for an individual application (parent application), then the child processes of other applications will run according to the network rule of the parent application. If there is no network rule for the application, the child processes will run according to network access rule of the application's trust group.

For example, you have prohibited any network activity in networks of all statuses for all applications, except browser X. If you start browser Y installation (child process) from browser X (parent application), then browser Y installer will access the network and download the necessary files. After installation, browser Y will be denied any network connections according to the Firewall settings. To prohibit network activity of browser Y installer as a child process, you must add a network rule for the installer of browser Y.

Network connection statuses

The Firewall allows you to control network activity depending on the status of the network connection. Kaspersky Endpoint Security receives the network connection status from the computer's operating system. The status of the network connection in the operating system is set by the user when setting up the connection. You can change the status of the network connection in the Kaspersky Endpoint Security settings. The Firewall will monitor network activity depending on the network status in the Kaspersky Endpoint Security settings, and not in the operating system.

The network connection can have one of the following status types:

See also: Managing the application via the local interface

Enabling or disabling Firewall

Changing the network connection status

Managing network packet rules

Managing application network rules

Network Monitor

Page top