Firewall rules

Rules represent a set of conditions used to test all network connections and determine the actions assigned to these conditions. Using the firewall rules, you can define the type of action to take if a connection defined by a rule is established.


Incoming connections are initiated by a remote computer attempting to establish a connection with the local system. Outgoing connections work in the opposite way – the local system contacts a remote computer.


If a new unknown communication is detected, you must carefully consider whether to allow or deny it. Unsolicited, unsecured or unknown connections pose a security risk to the system. If such a connection is established, we recommend that you pay particular attention to the remote computer and the application attempting to connect to your computer. Many infiltrations try to obtain and send private data, or download other malicious applications to host workstations. The firewall allows you to detect and terminate such connections.


Allow software signed by Apple to access the network automatically - By default, applications signed by Apple can automatically access the network. For application to be able to interact with Apple services or to be installed on devices, this application needs to be signed with a certificate issued by Apple. If you want to disable this, deselect this option. Applications not signed with Apple certificate will require user action or a rule to be able to access the network.

When this option is disabled, network communication with Apple signed services requires user approval unless a firewall rule defines it.

Changes from previous versions, ESET Endpoint Security for macOS 6.8 and older blocked in-coming communication to services with Apple certificate. In the current version, ESET Endpoint Security for macOS is able to identify the local receiver of incoming communication, and if this option is enabled, the incoming communication is allowed.