User guide
41
Firewall user profiles
Profiles are a tool to control the behavior of the ESET Smart Security Personal firewall.
Advanced protection features
Enable Network attack protection (IDS) – Allows you to activate a functionality from IDS and advanced options
(Incoming RPC communication over SMB and Intrusion detection settings) independently from Personal firewall.
Enable Botnet protection – Selected check box activates this feature in order to protect your computer from this
type of attacks. For more information about this type of attack and type of Botnet protection technology, see also
topics Botnet and Botnet protection.
NOTE: You can create an IDS exception when Botnet attacks your computer. An exception can be modified in
Advanced setup (F5)> Network > Personal firewall > IDS exceptions.
4.2.1.1 Learning mode
The Learning mode feature in ESET Smart Security's Personal firewall automatically creates and saves a rule for each
communication that has been established in the system. No user interaction is required, because ESET Smart
Security saves rules according to the predefined parameters.
This mode is not safe, and is recommended only for initial configuration of the Personal firewall.
Activate Learning mode in Setup > Network > Personal Firewall > Learning mode to display Learning mode options.
This section includes the following items:
Warning: While in Learning mode, the Personal firewall does not filter communication. All outgoing and incoming
communications are allowed. In this mode, your computer is not fully protected by the Personal firewall.
Communication type – Select individual principles of rule creation for each type of communication. There exist four
types of communication:
Inbound traffic from the Trusted zone – An example of an incoming connection within the trusted zone would
be a remote computer from within the trusted zone attempting to establish communication with a local
application running on your computer.
Outbound traffic to the Trusted zone – A local application attempting to establish a connection to another
computer within the local network, or within a network in the trusted zone.
Inbound Internet traffic – A remote computer attempting to communicate with an application running on the
computer.
Outbound Internet traffic – A local application attempting to establish a connection to another computer.
Rule creation policy – This section allows you to define parameters to be added into newly created rules.
Add local port – Includes the local port number of the network communication. For outgoing communications,
random numbers are usually generated. For this reason, we recommend enabling this option only for incoming
communications.
Add application – Includes the name of the local application. This option is suitable for future application-level rules
(rules which define communication for an entire application). For example, you can enable communication only for
a web browser or email client.
Add remote port – Includes the remote port number of the network communication. For example you can allow or
deny a specific service associated with a standard port number (HTTP – 80, POP3 – 110, etc.)
Add remote IP address / Trusted zone – A remote IP address or zone can be used as a parameter for new rules
defining all network connections between the local system and that remote address / zone. This option is suitable if
you want to define actions for a certain computer or a group of networked computers.
Maximum number of different rules for an application – If an application communicates through different ports to
various IP addresses, etc., the firewall in learning mode creates appropriate count of rules for this application. This
option allows you to limit the number of rules that can be created for one application. This option is active when
Add remote port is enabled.