Learning mode
Learning mode automatically creates and saves a rule for each communication that has been established in the system. No user interaction is required, because ESET Endpoint Security saves rules according to the pre-defined parameters.
This mode can expose your system to risk, and is only recommended for initial configuration of the firewall.
Select Learning mode from drop-down menu in Advanced setup (F5) > Firewall > Basic > Filtering mode to activate Learning mode options. This section includes the following items:
While in Learning mode, the firewall does not filter communication. All outgoing and incoming communications are allowed. In this mode, your computer is not fully protected by the firewall. |
Mode set after learning mode expiration—Define which filtering mode the ESET Endpoint Security Firewall will revert to after the time period for learning mode ends. Read more about filtering modes. After expiration, the Ask user option requires administrative privileges to perform a change to the firewall filtering mode.
Communication type—Select specific rule creation parameters for each type of communication. There are four types of communication:
Inbound traffic from the Trusted zone—An example of an incoming connection within the trusted zone would be a remote computer from within the trusted zone attempting to establish communication with a local application running on your computer.
Outbound traffic to the Trusted zone—A local application attempting to establish a connection to another computer within the local network, or within a network in the trusted zone.
Inbound Internet traffic—A remote computer attempting to communicate with an application running on the computer.
Outbound Internet traffic—A local application attempting to establish a connection to another computer.
Each section enables you to define parameters to be added to newly created rules:
Add local port—Includes the local port number of the network communication. For outgoing communications, random numbers are usually generated. For this reason, we recommend enabling this option only for incoming communications.
Add application—Includes the name of the local application. This option is suitable for future application-level rules (rules that define communication for an entire application). For example, you can enable communication only for a web browser or email client.
Add remote port—Includes the remote port number of the network communication. For example you can allow or deny a specific service associated with a standard port number (HTTP – 80, POP3 – 110, etc.).
Add remote IP address/Trusted zone—A remote IP address or zone can be used as a parameter for new rules defining all network connections between the local system and that remote address / zone. This option is suitable if you want to define actions for a certain computer or a group of networked computers.
Maximum number of different rules for an application—If an application communicates through different ports to various IP addresses, etc., the firewall in learning mode creates appropriate count of rules for this application. This option enables you to limit the number of rules that can be created for one application.