User guide
37
4.2.1 Filtering modes
Five filtering modes are available for the ESET Smart Security Personal firewall. Filtering modes can be found in
Advanced setup (F5) by clicking Network > Personal firewall. The behavior of the firewall changes based on the
selected mode. Filtering modes also influence the level of user interaction required.
Filtering can be performed in one of five modes:
Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the
firewall with no need to define rules. Automatic mode allows all outbound traffic for the given system and blocks all
new connections initiated from the network side.
Automatic mode with exceptions (user-defined rules) – In addition to automatic mode, you can also add custom,
user-defined rules.
Interactive mode – Allows you to build a custom configuration for your Personal firewall. When a communication is
detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be
displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or
deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all
future connections of this type will be allowed or blocked according to the rule.
Policy-based mode – Blocks all connections which are not defined by a specific rule that allows them. This mode allows
advanced users to define rules that permit only desired and secure connections. All other unspecified connections will
be blocked by the Personal firewall.
Learning mode – Automatically creates and saves rules; this mode is suitable for initial configuration of the Personal
firewall. No user interaction is required, because ESET Smart Security saves rules according to predefined parameters.
Learning mode is not secure, and should only be used until all rules for required communications have been created.
Profiles are a tool to control the behavior of the ESET Smart Security Personal firewall.
4.2.1.1 Learning mode
The Learning mode feature in ESET Smart Security's Personal firewall automatically creates and saves a rule for each
communication that has been established in the system. No user interaction is required, because ESET Smart Security
saves rules according to the predefined parameters.
This mode is not safe, and is recommended only for initial configuration of the Personal firewall.
Activate the Learning mode in Setup > Network > Personal Firewall > Learning mode to display Learning mode
options. This section includes the following items:
Warning: While in Learning mode, the Personal firewall does not filter communication. All outgoing and incoming
communications are allowed. In this mode, your computer is not fully protected by the Personal firewall.
Communication type – Select individual principles of rule creation for each type of communication. There exist four
types of communication:
Inbound traffic from the Trusted zone – An example of an incoming connection within the trusted zone would be
a remote computer from within the trusted zone attempting to establish communication with a local application
running on your computer.
Outbound traffic to the Trusted zone – A local application attempting to establish a connection to another
computer within the local network, or within a network in the trusted zone.
Inbound Internet traffic – A remote computer attempting to communicate with an application running on the
computer.
Outbound Internet traffic – A local application attempting to establish a connection to another computer.
Rule creation policy – This section allows you to define parameters to be added into newly created rules.
Add local port – Includes the local port number of the network communication. For outgoing communications,
random numbers are usually generated. For this reason, we recommend enabling this option only for incoming
communications.
Add application – Includes the name of the local application. This option is suitable for future application-level rules
(rules which define communication for an entire application). For example, you can enable communication only for a
web browser or email client.
Add remote port – Includes the remote port number of the network communication. For example you can allow or