Home supported products

Kaspersky Internet Security 2010

Kaspersky Anti-Virus 2010

Kaspersky Internet Security 2009

Kaspersky Anti-Virus 2009

Kaspersky Anti-Virus (Mac OS X)

Support lifecycle of applications for personal desktop protection

Home legacy products

Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.

Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.

Read the same in:

Home / Home products / Home supported products / Setting Firewall

Kaspersky Internet Security 7.0 MP1 (build 7.0.1.325)

Setting Firewall [12]

More Sections

Firewall rules for applications in Kaspersky Internet Security 7.0
ID Article: 1494	Other languages:	210	2009 Jun 03 12:43	Printable version

Concerning to Kaspersky Internet Security 7.0 (all builds)

Rules for application

Kaspersky Internet Security 7.0 includes a set of rules for the most common Microsoft Windows applications. You can create several permissions and block rules for the same program. These would generally be programs with network activity that has been analyzed in detail by Kaspersky Lab specialist and is strictly defined as dangerous or safe.

Depending on the security level selected for the Firewall and the type of network the computer is running on, the list of rules for programs can be used in various ways. For example, with High Security all application network activity that does not match the allow rules is blocked.

To work with the application rule list:

Open the application settings window
select Firewall under Protection.
Click on Settings under Filtration System.
In the Settings: Firewall window, select the Rules for Applications tab.

All the rules on this tab can be grouped in one of the following ways:

Group rules by application - defines how the list of rules will be displayed. The tab will contain a list of applications for which rules have been created. The following information is given for every application: name and icon of the application, command prompt, root directory where the application's executable file is, and the number of rules created for it.
Using the Edit button, you can manually add a new rule for the application.
Using the Add button, you can add a new application to the list and create a rule for it.
Using the Delete button, you can delete a rule for the selected application.
The Export button allows exporting a rule for the application or the list of rules into the settings file with the .ini extension.

The Import button allows importing rules for the application from the settings file with the .ini extension.
The Help link opens the reference information on the rules for the application in Kaspersky Internet Security 7.0.

Creating rules for the application manually - fine-tune a rule

For the Firewall component in Kaspersky Internet Security 7.0 a rule can be created by two ways: fine-tune a rule and create rules with templates. We'll first see how to fine-tune a rule:

Click the Add button
Select Browse if you need to choose an application executable file manually or select Applications in order to choose the executable file from the list of the installed applications.

Step one to fine-tune a rule is:

Entering a name for the rule. By default the program uses a standard name that you can replace.
Selecting network connection settings with which the rule will act: remote IP-address, remote port, local IP-address, local port, and time when the rule is active. Check all the settings that you want to use in the rule.
Configuring other settings that are responsible for informing the user that the rule has been applied. If you want a pop-up message to appear on the screen when a rule is used with brief commentary on it, check Notify User. If you want the program to record information about rule performance in the Firewall report, check Log event. The box unchecked by default when the rule is created. We recommend that you use additional settings when creating block rules.

IP-address is a charset of four blocks with numbers each ranging from 0 to 255 and divided by full stops. This address unambiguously identifies your computer in the Internet. Each computer connected to the Internet has its own unique IP-address. Connecting to the Internet via the Internet provider (Internet Service Provider, ISP), for the time of your Internet connection a remote computer gets and uses its unique IP-address given to it by ISP.

Port is a program notion used either by a client or a server to send or receive messages; port is identified by a 16-bit number. Port number is a known value as it is needed together with the IP-address of the host to establish connection between a host and a server. Client processes on the other hand require port number from the operating system at the start; port number might be random though sometimes it is the next in the list of available port numbers.

Note that when you create a blocking rule in the Firewall training mode, information about the rule being applied will automatically be entered in the report. If you do not need to record this information, deselected the Log event checkbox in the settings for that rule.

Step two in creating a rule is assigning values for rule parameters and selecting actions. These operations are carried out in the Rule description section.

The action of every rule created is allow. To change it to a block rule, left-click on the Allow link in the rule description section. It will change to Block.

Kaspersky Internet Security 7.0 will still scan network traffic for programs and packets for which an allow rule as been created. This could result in data being transmitted more slowly.

If you are creating a rule for an application and did not select the application prior to creating the rule, you will need to do so by clicking select application. Left-click on the link and, in the standard file selection window that opens, select the executable file of the application for which you are creating the rule.

Then you must determine the direction of the network connection for the rule. The default value is a rule for a both inbound and outbound network connection. To change the direction, left-click on incoming and outgoing and select the direction of the network connection in the window that opens.

Then you must set the protocol that the network connection uses. TCP is the default protocol for the connection. If you are creating a rule for applications, you can select one of two protocols, TCP or UDP. To do so, left-click on the link with the protocol name until it reaches the value that you need. If you are creating a rule for packet filtering and want to change the default protocol, click on its name and select the protocol you need in the window that opens. If you select ICMP, you may need to further indicate the type.

If you selected network connection settings (address, port, time range), you will have to assign them exact values as well.

The rule created will be added to the beginning of the list with top priority. You can lower the priority ranking of the rule.

After the rule is added to the list of rules for the application, you can further configure the rule: If you want it to apply to an application opened with certain settings in the command line, check Command line and enter the string in the field to the right. This rule will not apply to applications started with a different command prompt key.

Creating rules for the application manually - creating rules with templates

The program includes ready-made rule templates that you can use when creating your own rules.

The entire gamut of existent network application can be broken down into several types: mail clients, web browsers, etc. Each type is characterized by a set of specific activities, such as sending and receiving mail, or receiving and displaying html pages. Each type uses a certain set of network protocols and ports. This is why having rule templates helps to quickly and easily make initial configurations for rules based on the type of application.

To create a rule for an application using a template,

On the Rules for Applications tab check Group Rules by Application if unchecked and click Add. In the list choose the executable file for the application.
In the Edit rules for application window click the Template button and select one of the listed templates.

Allow all is a rule that allows any network activity for the application. Block all is a rule that blocks any network activity for the application. All attempts to initiate a network connection that the application for which the rule is create makes will be blocked without notifying the user.

Other templates listed on the context menu create rules typical for the corresponding programs. For example, the Mail client template creates a set of rules that allow standard network activity for mail clients, such as sending mail.

Edit the rules created for the application, if necessary. You can edit the action, direction of the network connection, remote address, ports (local and remote), and time range for the rule.

If you want the rule to apply to an application opened with certain settings in the command line, check Command line and enter the string in the field to the right. The rule or set of rules created will be added to the end of the list with the lowest ranking priority. You can increase the priority ranking of the rule.