The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
During your work on local networks and the Internet your virtual machine is exposed to viruses, other malicious applications, and a variety of attacks that exploit vulnerabilities in operating systems and software.
Firewall protects personal data that is stored on the protected virtual machine by blocking network threats while the protected virtual machine is connected to the Internet or a local area network.
When a remote connection to a protected virtual machine is established after installation of the application, Firewall is enabled by default, blocking the RDP session. To prevent the session from being blocked, you need to change the Firewall action for the "Remote desktop network activity" network packet rule to Allow.
During operation of the Firewall component, the Windows Firewall is disabled to prevent conflicts. If a domain policy is being used for the Windows Firewall, you must disable the Windows Firewall in the domain policy during operation of the Firewall component.
Network connection statuses
Firewall component controls all network connections on protected virtual machine and automatically assigns a status to each detected network connection.
The network connection can have one of the following status types:
Firewall assigns Public network status to the Internet by default. You cannot change the status of the Internet.
You can change the statuses that the Firewall component assigns to detected network connections.
In addition, when working via Kaspersky Security Center, you can redefine the settings of networks whose activity is monitored by the Firewall: add a network, change network settings, or delete a network from the table.
Network rules
Network rule is an allowed or blocked action that is performed by Firewall on detecting a network connection attempt. Configuring network rules lets you specify the desired level of virtual machine protection, from blocking Internet access for all applications to allowing unlimited access.
Firewall protects a virtual machine on two levels: network level and application level.
Applications' access to operating system resources, processes, and personal data is controlled by the Application Privilege Control component using application control rules.
The network rules for applications do not take into account the following filter settings specified at the network level:
As a result of the joint use of rules by the network level and application level, network traffic may be blocked at the application level even if it is allowed at the network level.
Network rules for an application and for a group of applications
By default, Kaspersky Security groups all applications that are installed in the operating system of the protected virtual machine by the name of the vendor of the software whose file or network activity it monitors. Application groups are in turn categorized into trust groups. All applications and application groups inherit properties from their parent group: application control rules, application network rules, and their execution priority.
The Firewall component creates a set of network rules for each group of applications detected on the protected virtual machine, and applies network rules for a group of applications to filter the network activity of all applications that belong to the group. The application group network rules define the rights of applications within the group to access different network connections.
Default network rules for a group of applications, as well as inherited application network rules, cannot be modified, deleted, or disabled, and their priority cannot be changed.
You can change the Firewall action that is applied to the network rules created by default for an application group as well as to the inherited network rules of an application.
You can create network rules for a group of applications or for an individual application. A network rule for an application has a higher priority than the network rule of the group to which the application belongs.
Network rule priorities
Each rule has a priority. The higher the rule in the list, the higher priority it has. If network activity is added to several rules, Firewall controls network activity according to the rule with the highest priority.
Network packet rules have a higher priority than network rules for applications. If both network packet rules and network rules for applications are specified for the same type of network activity, the network activity is handled according to the network packet rules.
You can set the execution priority for network packet rules and manually created network rules for an application or group of applications.
Special considerations when working with Firewall
When working with the Firewall, please keep in mind the following special considerations:
under the condition that the packet was sent via RAW socket.
This section describes how to configure Firewall settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Firewall settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Firewall). Configuring network rules for an application or application group using the Web Console is not supported.