Creating and editing a network rule for an application or an application group

In Kaspersky Security Center, you can create and edit the settings of a network rule for a group of applications.

In the Light Agent for Windows local interface, you can create and edit the settings of a network rule for an application or application group.

Network packet rules have a higher priority than network rules for applications.

To create or edit a network rule for an application group in Kaspersky Security Center:

  1. Open Kaspersky Security Center Administration Console.
  2. In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
  3. In the workspace, select the Policies tab.
  4. Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
  5. In the policy properties window, select the Firewall section in the list on the left.
  6. In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
  7. In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group for which you want to create or modify a network rule.
  8. Click the Edit button or open the context menu and select the Group rules item.
  9. In the Application group control rules window that opens, select the Network rules tab and perform one of the following actions:
    • To create a new network rule for an application group, click the Add button.
    • To edit an existing network rule for an application group, select it in the list of network rules and click the Edit button.
  10. In the Network rule window that opens, in the Action drop-down list, select the action to be performed by the Firewall when this type of network activity is detected:
    • Allow.
    • Block.
  11. In the Name field, specify the name of the network service in one of the following ways:
    • Click the network_service_pict icon located to the right of the Name field and select the network service name in the drop-down list.

      The application includes network services that match the most frequently used network connections.

    • Type the name of the network service in the Name field manually.
  12. Specify the data transfer protocol:
    1. Select the Protocol check box.
    2. In the drop-down list, select the type of protocol for which Firewall should monitor activity.

      Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols.

      If you select a network service from the Name drop-down list, the Protocol check box is set automatically and the drop-down list next to the check box is filled with a protocol type that corresponds to the selected network service.

  13. In the Direction drop-down list, select the direction of the monitored network activity.

    Firewall monitors network connections with the following directions:

    • Inbound.
    • Inbound / Outbound.
    • Outbound.
  14. If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
    1. Select the ICMP type check box and select the ICMP packet type in the drop-down list.
    2. Select the ICMP code check box and select the ICMP packet code in the drop-down list.
  15. If TCP or UDP is selected as the protocol, you can specify the ports of the virtual machine and remote devices between which the connection is to be monitored:
    1. Type the ports of the remote device in the Remote ports field.
    2. Type the ports of the virtual machine in the Local ports field.
  16. Specify the network addresses of remote devices that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
    • Any address. The network rule controls network packets sent and/or received by remote devices with any IP address.
    • Subnet addresses. The network rule controls network packets sent and/or received by remote devices with IP addresses associated with the selected network type: Trusted networks, Local networks, Public networks.
    • Addresses from a list. The network rule controls network packets sent and/or received by remote devices with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
  17. Specify the network addresses of the SVMs that can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
    • Any address. The network rule controls network packets sent and/or received by SVMs with any IP address.
    • Addresses from a list. The network rule controls network packets sent and/or received by the SVMs with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
  18. If you want the actions of the network rule for an application to be reflected in the report, select the Log event check box.
  19. In the Network rule window, click OK.

    If you create a new network rule for an application group, the rule is displayed on the Network rules tab of the Application group control rules window.

  20. In the Application group control rules window, click OK.
  21. In the Firewall window, click OK.
  22. Click the Apply button.

To create or edit a network rule for an application or an application group in the local interface:

  1. On the protected virtual machine, open the application settings window.
  2. In the left part of the window, in the Anti-Virus protection section, select Firewall.

    In the right part of the window, the Firewall component’s settings are displayed.

    If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.

  3. Click the Application network rules button.

    The Firewall window opens to the Application control rules tab.

  4. In the list of applications, select the application or the group of applications for which you want to create or edit a network rule.
  5. Click the Edit button or open the context menu and select Application rules or Group rules.

    This opens the Application control rules or Application group control rules window.

  6. In the opened window, select the Network rules tab and perform one of the following actions:
    • To create a new network rule, click the Add button.
    • To edit a network rule, select it in the list of network rules and click the Edit button.

    The Network rule window opens.

  7. Complete steps 10–18 of the previous instructions.
  8. In the Network rule window, click OK.

    If you create a new network rule for an application group, the rule is displayed on the Network rules tab of the Application control rules or Application group control rules window.

  9. Click OK in the Application control rules or Application group control rules window.
  10. In the Firewall window, click OK.
  11. To save changes, click the Save button.
Page top