ESET Online Help

Search English
Select the topic

Firewall

Firewall controls all inbound and outbound network traffic to and from the system. This is accomplished by allowing or denying individual network connections based on specified filtering rules. Firewall provides protection against attacks from remote devices and can block potentially threatening services.

important

The Firewall is disabled by default. Before you enable it, review the Firewall rules and modify them if required to ensure the rules suit your needs.

note

The Firewall is available only if you have an active ESET PROTECT Entry Tier subscription and above.

Enable Firewall

Before enabling the Firewall, review the Firewall rules and modify them if required. With Firewall enabled, network traffic is scanned according to configured rules.

Rules

Rules setup enables you to view and edit all Firewall rules applied to traffic generated by individual applications within trusted connections and the internet.

note

Rules from Windows firewall configured using Group Policy (GPO) are not evaluated.

You can create an IDS rule when a Botnet attacks your computer. A rule can be modified in Advanced setup > Network access protection > Network attack protection > IDS rules by clicking Edit.

Also evaluate rules from Windows Firewall

In automatic filtering mode, incoming traffic allowed by rules from Windows Firewall is evaluated and processed, unless explicitly blocked by ESET rules.

Filtering mode

You can choose one of the following filtering modes:

Automatic mode—The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall without the need to define rules. Custom, user-defined rules can be created but are not required in Automatic mode. Automatic mode allows all outbound traffic for a given system and blocks most inbound traffic with the exception of some traffic from the Trusted Zone (as specified in IDS and advanced options/Allowed services) and responses to recent outbound communications.

Interactive mode—Enables you to build a custom configuration for your Firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option to allow or deny the communication, and the decision to allow or deny can be saved as a new rule for the Firewall. If you choose to create a new rule, all future connections of this type will be allowed or blocked according to that rule.

Policy-based mode—Blocks all connections that are not defined by a specific rule that allows them. This mode enables advanced users to define rules that permit only desired and secure connections. All other unspecified connections will be blocked by the Firewall.

Learning mode—Automatically creates and saves rules; this mode is best used for the initial configuration of the Firewall, but should not be left on for prolonged periods of time. No user interaction is required, because ESET Security for Microsoft SharePoint saves rules according to pre-defined parameters. Learning mode should only be used until all rules for required communications have been created to avoid security risks.

Learning mode will end at

Set date and time when the learning mode ends automatically. You can also turn off the learning mode manually whenever you want.

Mode set after learning mode expiration

Define which filtering mode the Firewall will revert to after the time period for learning mode ends. Read more about filtering modes in the table above. When finished, the Ask user option requires administrative privileges to perform a change to the Firewall filtering mode.

Learning mode settings

Click Edit to configure parameters for saving rules created in Learning mode.

Application modification detection

The application modification detection feature displays notifications if modified applications, for which a firewall rule exists, attempt to establish connections. Application modification is a mechanism of temporarily or permanently replacing an original application by another application by a different executable (protects against abusing firewall rules).

This feature is not meant to detect modifications to any application in general. The goal is to avoid abusing existing firewall rules, and only applications for which specific firewall rules exist are monitored.

Enable detection of application modifications

If selected, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Firewall.

Allow modification of signed (trusted) applications

Do not notify if the application has the same valid digital signature before and after the modification.

List of applications excluded from detection

Add or remove individual applications for which modifications are allowed without notification.