Configuring Firewall

You can configure the following Firewall options:

Select the operation mode.

List authorized applications.

Configure parameters for the known networks.

Note

To access the Firewall settings, you are prompted to enter the password if you enabled the Protect Dr.Web settings with a password option in the settings.

By default, Firewall does not automatically create rules for known applications. Regardless of the operation mode, events are logged.

The default settings are optimal for most cases. Do not change them unnecessarily.

To open the Firewall settings:

1.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

2.Click the Firewall tile. A component’s settings window opens.

Figure 50. Firewall settings

The Allow local connections option allows all applications on you computer to interconnect (i.e., allow unlimited local connections (to or from 127.0.0.1 interface (localhost)) between applications installed on your computer). This option is applied after verifying that the connections match the set rules. Disable this option to apply filtering rules to connections carried out both through the network and within your computer.

Selecting an operation mode

Select one of the following operation modes:

Allow connections for trusted applications—an access mode, when all trusted applications are allowed to access network resources (used as default), for all other applications, a warning is displayed. You can set an application rule via such warning (see the Training Dr.Web Firewall section);

Allow unknown connections—free access mode, when all unknown applications are permitted to access networks.

Interactive modelearning mode, when the user is provided with full control over Firewall reaction.

Block unknown connections—restricted access mode, when all unknown connections are blocked. For known connections, Firewall applies the appropriate rules.

Operation mode

Description

Allow connections for trusted applications

This mode is used by default.

In this mode, all trusted applications are allowed to access network resources, including the Internet. Among trusted applications are system applications, applications with Microsoft certificate, and applications with a valid digital signature. Rules for such applications are not displayed in the rule list. For other applications, Firewall prompts you to allow or block the unknown connection manually, as well as create a new rule for it.

When a user application or operating system attempts to connect to a network, Firewall checks whether filtering rules have been created for the application. If no filtering rules have been set, you are prompted to select a temporary solution or create a rule to be applied each time this type of connection is detected.

Allow unknown connections

In this mode, Firewall allows all unknown applications for which filtering rules have not been set to access network recourses, including the Internet. No notification on access attempt is displayed by Firewall.

Interactive mode

In this mode, you have total control over Firewall reaction to the detection of unknown connections. Thus, the program is trained while you work on your computer.

When a user application or operating system attempts to connect to a network, Firewall checks whether filtering rules have been created for the application. If no filtering rules have been set, you are prompted to select a temporary solution or create a rule to be applied each time this type of connection is detected.

Block unknown connections

In this mode, Firewall automatically blocks all unknown connections to network resources, including the Internet.

When a user application or the operating system attempts to connect to a network, Firewall checks whether filtering rules have been created for the application. If there are no filtering rules, Firewall blocks network access for the application without displaying any notification to the user. If filtering rules for the application are set, Firewall processes the connection according to the specified actions.