Learning mode settings
Learning mode automatically creates and saves a rule for each communication that has been established in the system. No user interaction is required because ESET Endpoint Security saves rules according to the pre-defined parameters.
This mode can expose your system to risk and is only recommended for initial configuration of the Firewall.
Select Learning from the drop-down menu in Advanced setup > Protections > Network access protection > Firewall > Firewall > Filtering mode to activate Learning mode options. Click Edit next to Learning mode settings to configure the following options:
While in Learning mode, the Firewall does not filter communication. All outgoing and incoming communications are allowed. In this mode, your computer is not fully protected by the Firewall. |
Inbound traffic from the Trusted zone—An example of an incoming connection within the trusted zone would be a remote device from within the trusted zone attempting to establish communication with a local application running on your computer.
Outbound traffic to the Trusted zone—A local application attempting to establish a connection to another device within the local network or within a network in the trusted zone.
Inbound Internet traffic—A remote device attempting to communicate with an application running on the computer.
Outbound Internet traffic—A local application attempting to establish a connection to another device.
Each section enables you to define parameters to be added to newly created rules:
Add local port—Includes the local port number of the network communication. For outgoing communications, random numbers are usually generated. For this reason, we recommend enabling this option only for incoming communications.
Add application—Includes the name of the local application. This option is suitable for future application-level rules (rules that define communication for an entire application). For example, you can enable communication only for a web browser or email client.
Add remote port—Includes the remote port number of the network communication. For example, you can allow or deny a specific service associated with a standard port number (HTTP – 80, POP3 – 110, etc.).
Add remote IP address/Trusted zone—A remote IP address or zone can be used as a parameter for new rules defining all network connections between the local system and that remote address/zone. This option is suitable if you want to define actions for a certain device or a group of networked devices.
Maximum number of different rules for an application—If an application communicates through different ports to various IP addresses, etc., the Firewall in learning mode creates an appropriate count of rules for this application. This option enables you to limit the number of rules that can be created for one application.