Firewall

Settings

Description

Notify of vulnerabilities in Wi-Fi networks

If this check box is selected, the Kaspersky application shows notifications when any vulnerabilities are detected on a Wi-Fi network.

This check box can be accessed if Kaspersky VPN Secure Connection is not installed on the computer.

If the Block and warn about insecure transmission of passwords over the Internet check box is selected, the Kaspersky application blocks the transmission of a password in non-encrypted text format when you fill in the Password field on the Internet.

Clicking the Select categories link opens the Categories window in which you can specify the types of vulnerabilities of Wi-Fi networks. The application will alert you when you try to connect to a Wi-Fi network that has a specified vulnerability.

Show devices that are connected to my networks

If the check box is selected, the Devices on My Network component is enabled and functional.

Allow connections on random ports for active FTP mode

If the check box is selected, Firewall allows connections to your computer on random ports if switching to active FTP mode was detected on the host connection.

Do not disable Firewall until the operating system shuts down completely

If this check box is selected, Firewall does not stop working until the operating system shuts down completely.

Block network connections if the user cannot be prompted for action

If this check box is selected, Firewall does not stop when the interface of the Kaspersky application is not loaded.

Application rules

Clicking this link opens the Application network rules window. This window displays information related to control of the network activity of applications and application groups.

The Intrusion Prevention component regulates the network activity of applications in accordance with network rules of applications and application groups.

You can configure permissions for network activity of an application or application group via the menu of a cell in the Network column. The menu items are described in the Intrusion Prevention rules section.

By selecting Details and rules in the context menu of a row, you can proceed to configure network rules for an application or application group.

Packet rules

Clicking this link opens the Packet rules window. By default, the window shows predefined network packet rules that are recommended by Kaspersky experts for optimum protection of the network traffic of computers running Microsoft Windows operating systems.

Network packet rules serve to impose restrictions on network packets, regardless of the application. Such rules restrict inbound and outbound network traffic through specific ports of the selected data protocol.

Network packet rules have higher priority than network rules for applications.

When adding or editing a packet rule, you can define the following settings:

  • Action:
    • Allow. The Kaspersky application allows the network connection.
    • Block. The Kaspersky application blocks the network connection.
    • By application rules. The Kaspersky application does not process the data stream according to a packet rule, but instead applies an application rule (see Application rules above).
  • Name.
  • Direction:
    • Inbound. The Kaspersky application applies the rule to network connections opened by a remote computer.
    • Outbound. The Kaspersky application applies the rule to the network connection that was opened by your computer.
    • Inbound/Outbound. The Kaspersky application applies the rule both to inbound and outbound data packets or streams, regardless of which computer (your computer or a remote computer) initiated the network connection.
    • Inbound (packet). The Kaspersky application applies the rule to data packets received by your computer.
    • Outbound (packet). The Kaspersky application applies the rule to data packets sent by your computer.
  • Protocol.
  • ICMP settings. You can specify the type and code of data packets to be scanned. The settings section is available if the ICMP or ICMPv6 protocols are selected.
  • Remote ports (ports of a remote computer).
  • Local ports (ports of your computer).

You can specify a range of remote or local ports (for example, 6660–7000), list multiple ports separated by commas, or combine both methods (for example, 80–83,443,1080).

  • Address:
    • Any address.
    • Subnet addresses. The Kaspersky application applies the rule to IP addresses of all networks that are currently connected and are of the specified type (Public, Local or Trusted). The network type can be selected from the drop-down list that is displayed below if the Subnet addresses option is selected.
    • Addresses from the list. The Kaspersky application applies the rule to IP addresses within the specified range. You can specify IP addresses in the Remote addresses and Local addresses fields, which are displayed below if the Addresses from the list option is selected. The added IP addresses should be separated by a comma.
  • Status. Firewall applies only packet rules that have the Active status. You can set the Inactive status to temporarily disable a packet rule without deleting it from the list of packet rules.
  • Network adapters traversed by network packets.
  • Use of TTL. The Kaspersky application controls the transmission of network packets whose time to live (TTL) does not exceed the specified value.
  • Logging events to the Kaspersky application report.

To quickly add a rule, you can select one of the predefined templates in the drop-down list in the lower part of the window.

Available networks

Clicking this link opens the Networks window containing a list of network connections that are detected on the computer by Firewall.

In the list, you can change the type of network (Public, Trusted or Local) by using the menu in the Network type cell. You can edit network settings in the Network properties window, which can be opened by double-clicking the row of the network.

The Public type is assigned to the Internet by default. You cannot change the network type or other settings for the Internet.

In the Network properties window, you can edit the following network settings:

  • Network name.
  • Network type.
  • Display of notifications about the following:
    • Connection to the network.
    • Changed MAC address (for example, if the network adapter is replaced).
    • Changed MAC address/IP address pairing (for example, when the DHCP service assigns a different IP address).
  • Choice of printer that should be recommended by default when connecting to this network. This setting is displayed if a printer is installed in the operating system on your computer.
  • List of additional subnets (separated by commas).

Page top