About Firewall rules
August 3, 2023
ID 146690
If the mode of interaction with Windows Firewall is set to Control the operation of Windows Firewall, the Firewall Management task filters network traffic through Windows Firewall by using firewall rules.
Firewall rules for applications control network connections for specified applications. The triggering criterion for these rules is based on the path to an executable application file.
Firewall port rules control network connections for specified ports and protocols (TCP / UDP). The triggering criteria for such rules are the port or port range and the type of protocol.
Port rules involve a broader scope than application rules. By allowing network connections based on port rules, you lower the security level of the protected device.
You can manage firewall rules:
- create and delete firewall rules
- change the settings of firewall rules
- enable or disable firewall rules
Firewall rules created by default
During installation, Kaspersky Industrial CyberSecurity for Nodes creates a set of allowing rules to prevent blocking of applications that are installed together with Kaspersky Industrial CyberSecurity for Nodes. See below for details and limitations.
When installed on a device with any supported version of Windows, Kaspersky Industrial CyberSecurity for Nodes creates a set of rules for incoming network connections:
- Allowing rules for the Kaspersky Industrial CyberSecurity for Nodes Console, (kavfsgt.exe), which is located in the application installation folder. Status: enabled. Rule scope: all addresses. Protocols: TCP and UDP, one rule per protocol.
- Two allowing rules for local port 15000, if Kaspersky Security Center Network Agent is installed on the device. State: enabled. Rule scope: all addresses. Protocols: TCP and UDP, one rule per protocol.
When installing on a device with Windows 7 or higher, Kaspersky Industrial CyberSecurity for Nodes creates a set of rules for outgoing network connections:
- Allowing rules for the Kaspersky Industrial CyberSecurity for Nodes Console, (kavfsgt.exe), which is located in the application installation folder. Status: enabled. Rule scope: all addresses. Protocols: TCP and UDP, one rule per protocol.
- Allowing rules for Kaspersky Industrial CyberSecurity for Nodes, (kavfswp.exe), which is located in the application installation folder. State: enabled. Rule scope: all addresses. Protocols: TCP and UDP, one rule per protocol.
- Two allowing rules for local port 13000, if Kaspersky Security Center Network Agent is installed on the device. State: enabled. Rule scope: all addresses. Protocols: TCP and UDP, one rule per protocol.
When uninstalling Kaspersky Industrial CyberSecurity for Nodes, the application deletes all created firewall rules, except for those created by Kaspersky Security Center Network Agent, such as Kaspersky Security Center WDS and Kaspersky Administration Kit. The application also deletes rules for ICMPv4 and ICMPv6 for Windows 7 and later.
When uninstalling Kaspersky Industrial CyberSecurity for Nodes, the application allows all ICMP connections for operating systems earlier than Windows 7.
