Creating an application network rule

Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Computer protection

Firewall

Managing application network rules

Creating an application network rule

April 25, 2024

ID 123452

Get as PDF

By default, application activity is controlled by network rules that are defined for the trust group to which Kaspersky Endpoint Security assigned the application when it started the first time. If necessary, you can create network rules for an entire trust group, for an individual application, or for a group of applications that are within a trust group.

Manually defined network rules have a higher priority than network rules that were determined for a trust group. In other words, if manually defined application rules differ from the application rules determined for a trust group, Firewall controls application activity according to the manually defined rules for applications.

By default, Firewall creates the following network rules for each application:

Any network activity in Trusted networks.
Any network activity in Local networks.
Any network activity in Public networks.

Kaspersky Endpoint Security controls the network activity of applications according to predefined network rules as follows:

Trusted and Low Restricted: all network activity is allowed.
High Restricted and Untrusted: all network activity is blocked.

Predefined application rules cannot be edited or deleted.

You can create an application network rule in the following ways:

Use the Network Monitor tool.
Network Monitor is a tool designed for viewing information about the network activity of a user's computer in real time. This is convenient because you do not need to configure all the rule settings. Some Firewall settings will be inserted automatically from Network Monitor data. Network Monitor is available only in the application interface.
Configure the Firewall settings.
This lets you fine-tune the Firewall settings. You can create rules for any network activity, even if there is no network activity at the current time.

When creating network rules for applications, remember that network packet rules have priority over application network rules.

How to use the Network Monitor tool to create an application network rule in the application interface

How to use Firewall settings to create an application network rule in the application interface

How to create an application network rule in the Administration Console (MMC)

Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Essential Threat Protection → Firewall.
In the Firewall settings block, click the Settings button.
This opens the list of network packet rules and the list of application network rules.
Select the Application network rules tab.
Click Add.
In the window that opens, enter criteria to search for the application for which you want to create a network rule.
You can enter the name of the application or the name of the vendor. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Click the Refresh button.
Kaspersky Endpoint Security will search for the application in the consolidated list of applications installed on managed computers. Kaspersky Endpoint Security will show a list of applications that satisfy your search criteria.
Select the necessary application.
In the Add selected application to the trust group drop-down list, select Default groups and click OK.
The application will be added to the default group.
Select the relevant application and then select Application rights from the context menu of the application.
The application rules and properties window opens.
Select the Network rules tab.
This opens the list of default network rules that are set by the Firewall.
Click Add.
This opens the network rule properties.
Manually enter the name of the network service in the Name field.
Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the button. Rule templates describe the most frequently used network connections.

All network rule settings will be filled in automatically.
If you want the actions of the network rule to be reflected in the report, select the Log events check box.
Save the new network rule.
Use the Up / Down buttons to set the priority of the network rule.
Save your changes.

How to create an application network rule in the Web Console and Cloud Console

In the main window of the Web Console, select Devices → Policies & Profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Select Essential Threat Protection → Firewall.
In the Firewall Settings block, click the Application network rules link.
This opens the application rights configuration window and the list of protected resources.
Select the Application rights tab.
You will see a list of trust groups on the left side of the window and their properties on the right side.
Click Add.
This starts the Wizard for adding an application to a trust group.
Select the relevant trust group for the application.
Select the Application type. Go to the next step.
If you want to create a network rule for multiple applications, select the Group type and define a name for the application group.
In the opened list of applications, select the applications for which you want to create a network rule.
Use a filter. You can enter the name of the application or the name of the vendor. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Exit the Wizard.
The application will be added to the trust group.
In the left part of the window, select the relevant application.
In the right part of the window, select Network rules from the drop-down list.
This opens the list of default network rules that are set by the Firewall.
Click Add.
This opens the application rule properties.
Manually enter the name of the network service in the Name field.
Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the Select template link. Rule templates describe the most frequently used network connections.

All network rule settings will be filled in automatically.
If you want the actions of the network rule to be reflected in the report, select the Log events check box.
Save the network rule.
The new network rule will be added to the list.
Use the Up / Down buttons to set the priority of the network rule.
Save your changes.

Application network rule settings

Parameter	Description
Action	Allow. Block.
Protocol	Control network activity over the selected protocol: TCP, UDP, ICMP, ICMPv6, IGMP and GRE. If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code. If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored.
Direction	Inbound. Inbound / Outbound. Outbound.
Remote address	Network addresses of remote computers that can send and receive network packets. Firewall applies the network rule to the specified range of remote network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, specify a range of IP addresses, or select a subnet (Trusted networks, Local networks, Public networks). You can also specify a DNS name of a computer instead of its IP address. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component. Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses.
Local address	Network addresses of computers that can send and receive network packets. Firewall applies a network rule to the specified range of local network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, or specify a range of IP addresses. Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses. Sometimes the local address cannot be obtained for applications. If this is the case, this parameter is ignored.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.