Once installation completes, Firewall starts learning usual behavior of your operating system by intercepting all new (unknown to the Firewall) connection attempts and prompting you to select the necessary action. You can either select a temporary solution or create a rule which will be applied each time Firewall detects this type of connection:
For details on a certain option, click a corresponding item in the picture.
|
When running under limited user account (Guest) Dr.Web Firewall does not prompt requests for network access attempts. Notifications are then forwarded to the session with administrator privileges if such session is simultaneously active. |
To set application rules
1.To make a decision, consider the following information displayed in the notification:
Information |
Description |
|---|---|
Application name |
The name of the application. Ensure that the path to the application executable, specified in the Application path entry field corresponds to the file location. |
Application path |
The full path to the application executable file and its name. |
Digital signature |
Digital signature of the application. |
Address |
The used protocol and network address to which the application is trying to connect. |
Port |
The network port used for the connection attempt. |
Direction |
The direction of the connection |
2.Once you make a decision, select an appropriate action:
•To block this connection once, select Block once.
•To allow this connection once, select Allow once.
•To open a window where you can create a new application filter rule, select Create rule. In the open window, you can either choose one of the predefined rules or create your rule for application.
For details on a certain option, click a corresponding item in the picture.
3.Click OK. Firewall executes the selected action and closes the notification window.
|
In certain cases, Windows does not allow to explicitly identify a service that is run as a system process. When a connection attempt of a system service is detected, consider the port used for the connection. If the used application can address to this port, allow the connection. In the training mode, rules for known connections of system process are created by default. |
In cases when a connection was initiated by a trusted application (an application with existing rules), but this application was run by an unknown parent process, the corresponding notification displays:
For details on a certain option, click a corresponding item in the picture.
To set parent process rules:
1.Consider information about the parent process in the notification displayed on a connection attempt.
2.Once you make a decision about what action to perform, select one of the following:
•To allow this connection, click Allow once.
•To block the connection, select Block once.
• To create a rule for the parent process, click Create rule and in the open window specify required settings.
For details on a certain option, click a corresponding item in the picture.
3.Click OK. Firewall executes the selected action and closes the notification window.
When an unknown process is run by another unknown process, a notification displays the corresponding details. If you click Create rule, a new window appears, allowing you to create new rules for this application and its parent process:
For details on a certain option, click a corresponding item in the picture.