Creating and editing a network packet rule

When creating network packet rules, remember that they have priority over network rules for applications.

To create or edit a network packet rule:

  1. Open the application settings window.
  2. In the left part of the window, in the Essential Threat Protection section, select Firewall.
  3. Click the Network packet rules button.
  4. The Firewall window opens to the Network packet rules tab.

    This tab shows a list of default network packet rules that are set by Firewall.

  5. Do one of the following:
    • To create a new network packet rule, click the Add button.
    • To edit a network packet rule, select it in the list of network packet rules and click the Edit button.

    The Network rule window opens.

  6. In the Action drop-down list, select the action to be performed by Firewall on detecting this kind of network activity:
    • Allow
    • Block
    • By application rules.
  7. In the Name field, specify the name of the network service in one of the following ways:
    • Click the network_service_pict icon to the right of the Name field and select the name of the network service in the drop-down list.

      The drop-down list includes network services that define the most frequently used network connections.

    • Manually enter the name of the network service in the Name field.
  8. Specify the data transfer protocol:
    1. Select the Protocol check box.
    2. In the drop-down list, select the type of protocol for which network activity is to be monitored.

      Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols.

      If you select a network service from the Name drop-down list, the Protocol check box is selected automatically and the drop-down list next to the check box contains the protocol type that corresponds to the selected network service. By default, the Protocol check box is cleared.

  9. In the Direction drop-down list, select the direction of the monitored network activity.

    Firewall monitors network connections with the following directions:

    • Inbound (packet).
    • Inbound.
    • Inbound / Outbound
    • Outbound (packet).
    • Outbound.
  10. If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
    1. Select the ICMP type check box and select the ICMP packet type in the drop-down list.
    2. Select the ICMP code check box and select the ICMP packet code in the drop-down list.
  11. If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored:
    1. Type the ports of the remote computer in the Remote ports field.
    2. Type the ports of the local computer in the Local ports field.
  12. In the Network adapters table, specify the settings of network adapters from which network packets can be sent or which can receive network packets. To do so, use the Add, Edit, and Delete buttons.
  13. If you want to restrict control of network packets based on their time to live (TTL), select the TTL check box and in the field next to it, specify the range of values of the time to live for inbound and/or outbound network packets.

    A network rule will control the transmission of network packets whose time to live does not exceed the specified value.

    Otherwise, clear the TTL check box.

  14. Specify the network addresses of remote computers that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
    • Any address. The network rule controls network packets sent and/or received by remote computers with any IP address.
    • Subnet addresses. The network rule controls network packets sent and/or received by remote computers with IP addresses associated with the selected network type: Trusted networks, Local networks, or Public networks.
    • Addresses from the list. The network rule controls network packets sent and/or received by remote computers with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
  15. Specify the network addresses of computers that have Kaspersky Endpoint Security installed and can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
    • Any address. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with any IP address.
    • Addresses from the list. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.

    Sometimes a local address cannot be obtained for applications that work with network packets. If this is the case, the value of the Local addresses setting is ignored.

  16. If you want the actions of the network rule to be reflected in the report, select the Log events check box.
  17. In the Network rule window, click OK.

    If you create a new network rule, the rule is displayed on the Network packet rules tab of the Firewall window. By default, the new network rule is placed at the end of the list of network packet rules.

  18. In the Firewall window, click OK.
  19. To save changes, click the Save button.
Page top