Changing the priority of a network rule for an application or an application group
The priority of a network rule for an application or application group is determined by its position in the list of network rules. Firewall executes the rules in the order in which they appear in the list of network rules, from top to bottom. According to each processed network rule that applies to a particular network connection, Firewall either allows or blocks network access to the address and port that are indicated in the settings of this network connection.
Custom application group network rules have a higher priority than default application group network rules.
You can raise or lower the priority of your own custom network rule for an application or application group.
Application network rules (both inherited and custom) have a higher priority than network rules that are inherited from a parent application group. In other words, all applications within a group automatically inherit the network rules for the group. However, when any rule is modified or created for a particular application, this rule is processed ahead of all of the inherited rules.
You cannot change the priority of default network rules of an application group, or inherited network rules of an application.
To change the priority of a network rule for an application or application group via Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
In the workspace, select the Policies tab.
Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
In the Light Agent for Windows policy properties window, select the Firewall section in the list on the left.
In the right part of the window, the Firewall component's settings are displayed.
In the Firewall rules section, click the Settings button located in the upper part of the section.
The Firewall window opens to the Application control rules tab.
In the list of applications, select the application group whose network rule priority you want to change.
Click the Edit button or right-click to bring up the context menu and select the Group rules item.
The Application group control rules window opens.
Select the Network rules tab.
In the list of network rules of an application, select the network rule whose priority you want to change and use the Move up and Move down buttons to move the network rule to the necessary position in the list.
In the Application group control rules window, click OK.
In the Firewall window, click OK.
Click the Apply button.
To change the priority of a network rule for an application or an application group in local interface:
In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component's settings are displayed.
Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
In the list of applications, select the application or application group whose network rule priority you want to change.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
Click the Edit button or right-click to open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
In the window that opens, select the Network rules tab.
In the list of network rules of an application, select the network rule whose priority you want to change and use the Move up and Move down buttons to move the network rule to the necessary position in the list.
Click OK in the Application control rules or Application group control rules window.