You can only add and edit rules for applications and ports. You cannot add new or edit existing group rules.
To add a new or edit an existing rule for filtering incoming network traffic:
Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
Select the administration group for which you want to configure application settings.
Perform one of the following actions in the details pane of the selected administration group:
To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
To configure the application for a single protected device, select the Devices tab and open the Application settings window.
If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.
In the Network activity control section, click the Settings button in the Firewall Management subsection.
In the Firewall Management window that appears, on the General tab, click the Rules list button next to Inbound or Outbound subsection depending on the type of connection that you want to configure.
When you configure the rules for inbound and outbound connections, note the following options and limitations:
By default, type of the rule is opposite to the policy type. For example, for the Default deny policy, the default value for the rule is set to Allow. For the Default allow policy, the default value for the rule is set to Block. You can change the type of the rule as applicable.
You can configure the default task settings, if you connect a local Application Console to a remote device that runs any OS or if you connect a local Application Console to a local device that runs Windows 7 or later.
Configuring the default Firewall task settings is unavailable, if you connect a local Application Console to a local device that runs an operating system earlier than Windows 7.
In the window that appears, select the Applications or Ports tab and perform one of the following actions:
To edit an existing rule, select the rule you want to edit in the rule list and click Edit.
To add a new rule, click Add.
Depending on the type of rule being configured, the Application rule window or Port rule window opens.
In the window that appears, perform the following operations:
If you are working with an application rule, do the following:
In the Rule name field, enter the name of the edited rule.
On the Rule action list, select the Allow or Block option as applicable.
Specify the Application path to the executable file of the application for which you are allowing a connection by modifying the rule.
You can set the path manually or by using the Browse button.
In the Rule action field, specify the network addresses for which the modified rule will be applied.
You can only use IPv4 addresses.
If you are working with a port rule, do the following:
In the Rule name field enter the name of the edited rule.
On the Rule action list, select the Allow or Block option as applicable.
When you set up the ports to establish a network connection, note the following options and limitations.
For inbound connections, you define the port settings for a local device. For outbound connections, you define the port settings for remote devices.
For the Port number option, available values are 1–65535.
For the Port range option, available values are 1–10, 20–30000, and 1–65535.
The port settings limitations are as follows:
To set up a network connection for a local device run under Windows XP, you can specify only one port in the port settings, as Windows XP does not support the port range settings.
To set up a network connection for a remote device run under Windows XP, you can specify Port range, but the rule is applied only to the first port of the defined range, as Windows XP does not support the port range settings.
Select the type of protocol (TCP / UDP) for which the application will allow connections.
In the Rule action field, specify the network addresses for which the modified rule will be applied.
You can only use IPv4 addresses.
Click OK in the Application rule or Port rule window.
Click OK in the Firewall Management window.
Click OK in the Properties: <Policy name> window.
The specified task settings are saved. The new rule parameters will be sent to Windows Firewall.