Training Dr.Web Firewall

By default, once installation completes Dr.Web Firewall starts learning usual behaviour of your operating system by intercepting all new (unknown to the firewall) connection attempts and prompting you to select the necessary action.

You can either select a temporary solution, or create a rule which will be applied each time Dr.Web Firewall detects this type of connection.

For details on a certain option, click a corresponding item in the picture.

For details on a certain option, click a corresponding item in the picture.

 

When running under limited user account (Guest) Firewall does not prompt requests for network access attempts. Notifications are then forwarded to the session with administrator privileges, if such session is simultaneously active.

 

To process connection attempts

1.To make a decision, consider the following information displayed in the notification:

Information

Description

Application name

The name of the application. Ensure that the Path to the application executable file corresponds to its usual location.

Application path

The full path to the application executable file and its name.

Digital signature

Digital signature of the application.

Endpoint

The protocol used and the network address the application is trying to connect to.

Port

The network ports used for the connection attempt.

Direction

Connection type.

2.Once you make a decision, select an appropriate action:
To block this connection once, select Block
To allow this connection once, select Allow
To open a window where you can create a new application filter rule, select Create new rule. In the opened window you can either choose one of the predefined rules or create your rule for application.
For details on a certain option, click a corresponding item in the picture.

For details on a certain option, click a corresponding item in the picture.

3.Click OK. Dr.Web Firewall executes the selected action and closes the notification window.

 

 

In certain cases, Windows does not allow to explicitly identify a service that is run as a system process. When a connection attempt of a system service is detected, consider the port used for the connection. If the used application can address to this port, allow the connection. In the training mode, Firewall creates default rules for known connections of system process.

 

 

In cases when connection was initiated by a trusted application (an application with existing rules), but this application was run by an unknown parent process, a corresponding notification will be prompted:

For details on a certain option, click a corresponding item in the picture.

For details on a certain option, click a corresponding item in the picture.

To set parent processes rules:

1.Consider the information about parent process displayed in the notification.
To block the connection, select Block
To allow this connection, select Allow
To open a window where you can create a new application filter rule, select Create new rule. In the opened window you can either choose one of the predefined rules or create your rule for parent process.
For details on a certain option, click a corresponding item in the picture.

For details on a certain option, click a corresponding item in the picture.

3.Click OK. Dr.Web Firewall executes the selected action and closes the notification window.

When unknown process was run by another unknown process, a notification will display corresponding details. If you click Create new rule, new window will appear, allowing you to create new rules for this application and it's parent process:

For details on a certain option, click a corresponding item in the picture.

For details on a certain option, click a corresponding item in the picture.