Learning mode settings

Learning mode automatically creates and saves a rule for each communication that has been established in the system. No user interaction is required, because ESET Internet Security saves rules according to the predefined parameters.

This mode can expose your system to risk, and is only recommended for initial configuration of the Personal firewall.

Activate Learning mode in Advanced setup (F5) > Personal Firewall > Learning mode settings to display Learning mode options. This section includes the following items:


While in Learning mode, the Personal firewall does not filter communication. All outgoing and incoming communications are allowed. In this mode, your computer is not fully protected by the Personal firewall.

Communication type – Select specific rule creation parameters for each type of communication. There are four types of communication:

icon_section Inbound traffic from the Trusted zone – An example of an incoming connection within the trusted zone would be a remote computer from within the trusted zone attempting to establish communication with a local application running on your computer.

icon_section Outbound traffic to the Trusted zone – A local application attempting to establish a connection to another computer within the local network, or within a network in the trusted zone.

icon_section Inbound Internet traffic – A remote computer attempting to communicate with an application running on the computer.

icon_section Outbound Internet traffic – A local application attempting to establish a connection to another computer.

Each section allows you to define parameters to be added to newly created rules:

Add local port – Includes the local port number of the network communication. For outgoing communications, random numbers are usually generated. For this reason, we recommend enabling this option only for incoming communications.

Add application – Includes the name of the local application. This option is suitable for future application-level rules (rules that define communication for an entire application). For example, you can enable communication only for a web browser or email client.

Add remote port – Includes the remote port number of the network communication. For example you can allow or deny a specific service associated with a standard port number (HTTP – 80, POP3 – 110, etc.).

Add remote IP address/Trusted zone – A remote IP address or zone can be used as a parameter for new rules defining all network connections between the local system and that remote address / zone. This option is suitable if you want to define actions for a certain computer or a group of networked computers.

Maximum number of different rules for an application – If an application communicates through different ports to various IP addresses, etc., the firewall in learning mode creates appropriate count of rules for this application. This option allows you to limit the number of rules that can be created for one application.