Firewall

Settings

Description

Notify of vulnerabilities in Wi-Fi networks

If this check box is selected, Kaspersky Internet Security shows notifications when any vulnerabilities are detected on a Wi-Fi network.

This check box can be accessed if Kaspersky VPN Secure Connection is not installed on the computer.

Clicking the Select categories link opens the Categories window in which you can specify the types of vulnerabilities of Wi-Fi networks. The application will alert you when you try to connect to a Wi-Fi network that has a specified vulnerability.

Allow connections on random ports for active FTP mode

If the check box is selected, Firewall allows connections to your computer on random ports if switching to active FTP mode was detected on the host connection.

Do not disable Firewall until the operating system shuts down completely

If this check box is selected, Firewall does not stop working until the operating system shuts down completely.

Block network connections if the user cannot be prompted for action

If this check box is selected, Firewall does not stop when the interface of Kaspersky Internet Security is not loaded.

Application rules

Clicking this link opens the Application network rules window. This window displays information related to control of the network activity of applications and application groups.

The Application Control component regulates the network activity of applications in accordance with network rules of applications and application groups.

You can configure permissions for network activity of an application or application group via the menu of a cell in the Network column. The menu items are described in the Application Control rules section.

By selecting Details and rules in the context menu of a row, you can proceed to configure network rules for an application or application group.

Packet rules

Clicking this link opens the Packet rules window. By default, the window shows predefined network packet rules that are recommended by Kaspersky experts for optimum protection of the network traffic of computers running Microsoft Windows operating systems.

Network packet rules serve to impose restrictions on network packets, regardless of the application. Such rules restrict inbound and outbound network traffic through specific ports of the selected data protocol.

Network packet rules have higher priority than network rules for applications.

When adding or editing a packet rule, you can define the following settings:

  • Action:
    • Allow. Kaspersky Internet Security allows the network connection.
    • Block. Kaspersky Internet Security blocks the network connection.
    • By application rules. Kaspersky Internet Security does not process the data stream according to a packet rule, but instead applies an application rule (see Application rules above).
  • Name.
  • Direction:
    • Inbound. Kaspersky Internet Security applies the rule to network connections opened by a remote computer.
    • Outbound. Kaspersky Internet Security applies the rule to the network connection that was opened by your computer.
    • Inbound/Outbound. Kaspersky Internet Security applies the rule both to inbound and outbound data packets or streams, regardless of which computer (your computer or a remote computer) initiated the network connection.
    • Inbound (packet). Kaspersky Internet Security applies the rule to data packets received by your computer.
    • Outbound (packet). Kaspersky Internet Security applies the rule to data packets sent by your computer.
  • Protocol.
  • ICMP settings. You can specify the type and code of data packets to be scanned. The settings section is available if the ICMP or ICMPv6 protocols are selected.
  • Remote ports (ports of a remote computer).
  • Local ports (ports of your computer).

You can specify a range of remote or local ports (for example, 6660–7000), list multiple ports separated by commas, or combine both methods (for example, 80–83,443,1080).

  • Address:
    • Any address.
    • Subnet addresses. Kaspersky Internet Security will apply the rule to IP addresses of all networks that are currently connected and are of the specified type (Public, Local or Trusted). The network type can be selected from the drop-down list that is displayed below if the Subnet addresses option is selected.
    • Addresses from the list. Kaspersky Internet Security applies the rule to IP addresses within the specified range. You can specify IP addresses in the Remote addresses and Local addresses fields, which are displayed below if the Addresses from the list option is selected. The added IP addresses should be separated by a comma.
  • Status. Firewall applies only packet rules that have the Active status. You can set the Inactive status to temporarily disable a packet rule without deleting it from the list of packet rules.
  • Network adapters traversed by network packets.
  • Use of TTL. Kaspersky Internet Security controls the transmission of network packets whose time to live (TTL) does not exceed the specified value.
  • Logging events to a Kaspersky Internet Security report.

To quickly add a rule, you can select one of the predefined templates in the drop-down list in the lower part of the window.

Available networks

Clicking this link opens the Networks window containing a list of network connections that are detected on the computer by Firewall.

In the list, you can change the type of network (Public, Trusted or Local) by using the menu in the Network type cell. You can edit network settings in the Network properties window, which can be opened by double-clicking the row of the network.

The Public type is assigned to the Internet by default. You cannot change the network type or other settings for the Internet.

In the Network properties window, you can edit the following network settings:

  • Network name.
  • Network type.
  • Display of notifications about the following:
    • Connection to the network.
    • Changed MAC address (for example, if the network adapter is replaced).
    • Changed MAC address/IP address pairing (for example, when the DHCP service assigns a different IP address).
  • Choice of printer that should be recommended by default when connecting to this network. This setting is displayed if a printer is installed in the operating system on your computer.
  • List of additional subnets (separated by commas).

Page top