Firewall rules

Rules represent a set of conditions used to test all network connections and determine the actions assigned to these conditions. Using the firewall rules, you can define the type of action to take if a connection defined by a rule is established.

Incoming connections are initiated by a remote computer attempting to establish a connection with the local system. Outgoing connections work in the opposite way. The local system contacts a remote computer.

If a new unknown communication is detected, you must carefully consider whether to allow or deny it. Unsolicited, unsecured, or unknown connections pose a security risk to the system. If such a connection is established, ESET recommends that you pay particular attention to the remote computer and the application trying to connect to your computer. Many infiltrations try to obtain and send private data, or download other malicious applications to host workstations. The firewall allows you to detect and terminate such connections.

Allow software signed by Apple to access the network automatically - By default, applications signed by Apple can automatically access the network. For an application to be able to interact with Apple services or to be installed on devices, the application must be signed with a certificate issued by Apple. If you want to disable this capability, deselect this option. Applications not signed with an Apple certificate require user action or a rule to be able to access the network.

When this option is disabled, network communication with Apple signed services requires user approval unless a firewall rule defines it.

Changes from previous versions, ESET Endpoint Security for macOS 6.8 and older, blocked incoming communication to services with an Apple certificate. In the current version, ESET Endpoint Security for macOS can identify the local receiver of incoming communication, and if this option is enabled, the incoming communication is allowed.