Settings
|
Description
|
Notify of vulnerabilities in Wi-Fi networks
|
If this check box is selected, Kaspersky application shows notifications when any vulnerabilities are detected on a Wi-Fi network.
This check box can be accessed if Kaspersky VPN Secure Connection is not installed on the computer.
If the Block and warn about insecure transmission of passwords over the Internet check box is selected, Kaspersky application blocks the transmission of a password in non-encrypted text format when you fill in the Password field on the Internet.
Clicking the Select categories link opens the Categories window in which you can specify the types of vulnerabilities of Wi-Fi networks. The application will alert you when you try to connect to a Wi-Fi network that has a specified vulnerability.
|
Show devices that are connected to my networks
|
If the check box is selected, Smart Home Monitor is enabled and functional.
|
Allow connections on random ports for active FTP mode
|
If the check box is selected, Firewall allows connections to your computer on random ports if switching to active FTP mode was detected on the host connection.
|
Do not disable Firewall until the operating system shuts down completely
|
If this check box is selected, Firewall does not stop working until the operating system shuts down completely.
|
Block network connections if the user cannot be prompted for action
|
If this check box is selected, Firewall does not stop when the interface of Kaspersky application is not loaded.
|
Application rules
|
Clicking this link opens the Application network rules window. This window displays information related to control of the network activity of applications and application groups.
The Intrusion Prevention component regulates the network activity of applications in accordance with network rules of applications and application groups.
You can configure permissions for network activity of an application or application group via the menu of a cell in the Network column. The menu items are described in the Intrusion Prevention rules section.
By selecting Details and rules in the context menu of a row, you can proceed to configure network rules for an application or application group.
|
Packet rules
|
Clicking this link opens the Packet rules window. By default, the window shows predefined network packet rules that are recommended by Kaspersky experts for optimum protection of the network traffic of computers running Microsoft Windows operating systems.
Network packet rules serve to impose restrictions on network packets, regardless of the application. Such rules restrict inbound and outbound network traffic through specific ports of the selected data protocol.
Network packet rules have higher priority than network rules for applications.
How to add or edit a packet rule?
- Open the main application window.
- Click in the lower part of the main window.
- This opens the Settings window.
- Go to Security settings → Firewall.
- Define or edit the following settings:
- Status. Firewall applies only packet rules that have the Active status. You can set the Inactive status to temporarily disable a packet rule without deleting it from the list of packet rules.
- Name. Name of the rule.
- Action.
- Allow. Kaspersky application allows the network connection.
- Block. Kaspersky application blocks the network connection.
- By application rules. Kaspersky application does not process the data stream according to a packet rule, but instead applies an application rule (see Application rules above).
- Direction.
- Inbound. Kaspersky application applies the rule to network connections opened by a remote computer.
- Outbound. Kaspersky application applies the rule to the network connection that was opened by your computer.
- Inbound / Outbound. Kaspersky application applies the rule both to inbound and outbound data packets or streams, regardless of which computer (your computer or a remote computer) initiated the network connection.
- Inbound (packet). Kaspersky application applies the rule to data packets received by your computer.
- Outbound (packet). Kaspersky application applies the rule to data packets sent by your computer.
- Protocol. Protocol used by packet rules.
- ICMP settings. You can specify the type and code of data packets to be scanned. The settings section is available if the ICMP or ICMPv6 protocols are selected.
- Remote ports. Ports of a remote computer.
- Local ports. Ports of your computer.
You can specify a range of remote or local ports (for example, 6660–7000 ), list multiple ports separated by commas, or combine both methods (for example, 80–83,443,1080 ).
- Address (local and remote).
- Any address.
- Subnet addresses. Kaspersky application applies the rule to IP addresses of all networks that are currently connected and are of the specified type (Public, Local or Trusted). The network type can be selected from the drop-down list that is displayed below if the Subnet addresses option is selected.
- Addresses from the list. Kaspersky application applies the rule to IP addresses within the specified range.
- Log events. Logging events to Kaspersky application report.
- Network adapters. Network adapters traversed by network packets.
- Use TTL. Kaspersky application controls the transmission of network packets whose time to live (TTL) does not exceed the specified value.
In the general list of packet rules, the priority of rules is determined from top to bottom, going from the highest priority to the lowest priority. If two rules are mutually exclusive, then the top one will be performed first. If two rules are complementary, the both rules will be performed.
To change the rule position in the list, select the rule and use Up and Down buttons on the Packet rules page.
To quickly add a rule, you can select one of the predefined templates in the drop-down list in the lower part of the window.
|
Available networks
|
Clicking this link opens the Networks window containing a list of network connections that are detected on the computer by Firewall.
In the list, you can change the type of network (Public, Trusted or Local) by using the menu in the Network type cell. You can edit network settings in the Network properties window, which can be opened by double-clicking the row of the network.
The Public type is assigned to the Internet by default. You cannot change the network type or other settings for the Internet.
In the Network properties window, you can edit the following network settings:
- Network name.
- Network type.
- Display of notifications about the following:
- Connection to the network.
- Changed MAC address (for example, if the network adapter is replaced).
- Changed MAC address/IP address pairing (for example, when the DHCP service assigns a different IP address).
- Choice of printer that should be recommended by default when connecting to this network. This setting is displayed if a printer is installed in the operating system on your computer.
- List of additional subnets (separated by commas).
|