Creating an application network rule

By default, application activity is controlled by network rules that are defined for the trust group to which Kaspersky Endpoint Security assigned the application when it started the first time. If necessary, you can create network rules for an entire trust group, for an individual application, or for a group of applications that are within a trust group.

Manually defined network rules have a higher priority than network rules that were determined for a trust group. In other words, if manually defined application rules differ from the application rules determined for a trust group, Firewall controls application activity according to the manually defined rules for applications.

By default, Firewall creates the following network rules for each application:

Kaspersky Endpoint Security controls the network activity of applications according to predefined network rules as follows:

Predefined application rules cannot be edited or deleted.

You can create an application network rule in the following ways:

When creating network rules for applications, remember that network packet rules have priority over application network rules.

How to use the Network Monitor tool to create an application network rule in the application interface

How to use Firewall settings to create an application network rule in the application interface

How to create an application network rule in the Administration Console (MMC)

How to create an application network rule in the Web Console and Cloud Console

Application network rule settings

Parameter

Description

Action

Allow.

Block.

Protocol

Control network activity over the selected protocol: TCP, UDP, ICMP, ICMPv6, IGMP and GRE.

If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code.

If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored.

Direction

Inbound.

Inbound / Outbound.

Outbound.

Remote address

Network addresses of remote computers that can send and receive network packets. Firewall applies the network rule to the specified range of remote network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, specify a range of IP addresses, or select a subnet (Trusted networks, Local networks, Public networks). You can also specify a DNS name of a computer instead of its IP address. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component.

Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses.

If in the network packet rule, you added a DNS name for which the IP address could not be determined, Kaspersky Endpoint Security will display a warning. In the list of network packet rules in Web Console, a Problem column is added with a description of the error. In Administration Console (MMC), the error description is not available. Such packet rules are highlighted in color.

Local address

Network addresses of computers that can send and receive network packets. Firewall applies a network rule to the specified range of local network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, or specify a range of IP addresses.

Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses.

Sometimes the local address cannot be obtained for applications. If this is the case, this parameter is ignored.

Page top