User guide
45
4.2.5 Establishing connection - detection
The Personal firewall detects each newly-created network connection. The active firewall mode determines which
actions are performed for the new rule. If Automatic mode or Policy-based mode is activated, the Personal firewall
will perform predefined actions with no user interaction.
Interactive mode displays an informational window which reports detection of a new network connection,
supplemented with detailed information about the connection. You can opt to allow the connection or refuse (block) it.
If you repeatedly allow the same connection in the dialog window, we recommend that you create a new rule for the
connection. To do this, select the Remember action (create rule) option and save the action as a new rule for the
Personal firewall. If the firewall recognizes the same connection in the future, it will apply the existing rule without
requiring user interaction.
Please be careful when creating new rules and only allow connections which are secure. If all connections are allowed,
then the Personal firewall fails to accomplish its purpose. These are the important parameters for connections:
Remote side – Only allow connections to trusted and known addresses.
Local application – It is not advisable to allow connections for unknown applications and processes.
Port number – Communication on common ports (e.g., web traffic – port number 80) should be allowed under
normal circumstances.
In order to proliferate, computer infiltrations often use the Internet and hidden connections to help them infect remote
systems. If rules are configured correctly, a Personal firewall becomes a useful tool for protection against a variety of
malicious code attacks.
4.2.6 Logging
The ESET Smart Security Personal firewall saves all important events in a log file, which can be viewed directly from the
main menu. Click Tools > Log files and then select Personal firewall from the Log drop-down menu.
The log files can be used to detect errors and reveal intrusions into your system. ESET Personal firewall logs contain the
following data:
Date and time of event
Name of event
Source
Target network address
Network communication protocol
Rule applied, or name of worm, if identified
Application involved
User
A thorough analysis of this data can help detect attempts to compromise system security. Many other factors indicate
potential security risks and allow you to minimize their impact: too frequent connections from unknown locations,
multiple attempts to establish connections, unknown applications communicating or unusual port numbers used.