Application Rules

To open Application rules window

1.Open Dr.Web menu Dr.Web icon, then select Security Center.

2.In the open window, click Files and Network tile.

3.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

4.Click the Firewall tile. A component parameters window opens.

5.In the Application rules section click Edit. A window with a list of applications opens. For these applications, rules have been set.

Figure 44. Application rules

6.To start creating a new rule set or editing an existing one, click Add or select an application and click Edit. To search for a necessary rule, click Search.

When an application is deleted from your computer, the related rules are not automatically deleted. You can delete them manually by clicking Remove unused rules in the shortcut menu of the list.

Editing of an existing rule set or creating a new rule set

You can configure access to network resources as well as enable or disable launch of other applications in the New application rule set (or Edit rule set for <application name>) window.

Figure 45. Creating a new rule set

Launching other applications

To enable or disable launch of other applications, from the Launching network applications drop-down list select one of the following:

Allow—if you want to enable the application to run other processes.

Block—if you want to disable the application to run other processes.

Not specified—if you want to use the settings specified for the selected operation mode of Firewall.

Access to network resources

1.Specify one of the following modes to access network resources:

Allow all—all connections are allowed.

Block all—all connections are blocked.

Not specified—if you want to use the settings specified for the selected operation mode of Firewall.

User-defined—enables you to create a set of rules that allow or block different connections.

2.When you select the User-defined mode, a table with details on the application rule set displays below. Details

3.If necessary, edit the predefined rule set or create a new one.

4.If you select to create a new rule set or edit an existing one, adjust the settings in the open window.

5.When you finish adjusting the settings, click OK to save changes or Cancel to cancel them. When shifting to another mode, all changes made in the rule set will be kept.

Enable the Require confirmation on object change (recommended) option if you want the access to network resources to be confirmed each time when the application is changed or updated.

Creating application rules from the Firewall notification window

When Firewall is operating in the interactive mode or in the Allow connections for trusted applications mode, you can start creating a new rule directly from the window with notification on an unknown connection attempt.

Figure 46. Example of a notification on a network connection attempt

Note

When running under limited user account (Guest), Dr.Web Firewall does not display notifications on network access attempts. Notifications are shown for the session with administrator privileges if such session is simultaneously active.

To add application rules

1.To make a decision, consider the following information displayed in the notification:

Field

Description

Application name

The name of the application. Ensure that the path to the application executable, specified in the Path entry field, corresponds to the file location.

Path

The full path to the application executable file and its name.

Digital signature

Digital signature of the application.

Address

The used protocol and network address to which the application is trying to connect.

Port

The network port used for the connection attempt.

Direction

The direction of the connection.

2.Once you make a decision, select an appropriate action:

To block application access using this port once, select Block once.

To allow application access by this port once, select Allow once.

To open a window where you can create a new application filter rule, select Create rule. In the open window, you can either choose one of the predefined rules or create your rule for the application.

3.Click OK. Firewall executes the selected action and closes the notification window.

Note

In some cases Windows operating system does not allow identifying uniquely a service that acts as a system process. If a connection attempt is detected by the system process, take note on the port specified in the information about the connection. If you use an application that can access using the specified port, allow this connection.

If a connection is initiated by a trusted application (an application with existing rules), but this application is run by an unknown parent process, Firewall displays the corresponding notification.

To set parent process rules

1.Consider information about the parent process in the notification displayed on a connection attempt.

2.Once you make a decision about what action to perform, select one of the following:

To block this connection once, select Block.

To allow this connection, click Allow.

To create a rule for the parent process, click Create rule and in the open window specify required settings.

3.Click OK. Firewall executes the selected action and closes the notification window.

When an unknown process is run by another unknown process, a notification displays the corresponding details. If you click Create rule, a new window appears allowing you to create new rules for this application and its parent process.