Firewall alerts

If you enable firewall protection and the Learn mode for either incoming or outgoing traffic, a firewall alert appears. The Application Information tab displays information about the application attempting network access, including application name, path, and version. The Connection Information tab displays information about the traffic protocol, address, and ports.

To respond to a firewall Learn Mode alert

  1. On the Application Information tab of the alert dialog box, do one of the following:
    • Click Deny to block this and all similar traffic.
    • Click Allow to permit this and all similar traffic through the firewall
  2. Optional: On the Connection Information tab, select possible options for the new firewall rule:
    Select...
    To do this...
    Create a firewall application rule for all ports and services
    Create a rule to allow or block an application’s traffic over any port or service. If you do not select this option, the new firewall rule allows or blocks only specific ports:
    • If the intercepted traffic uses a port lower than 1024, the new rule allows or blocks only that specific port.
    • If the traffic uses port 1024 or higher, the new rule allows or blocks the range of ports from 1024 to 65535.
    Remove this rule when the application terminates
    Create a temporary allow or block rule that is deleted when the application is closed. If you do not select this options, the new firewall rule is created as a permanent client rule.

Host Intrusion Prevention creates a new firewall rule based on the options selected, adds it to the Firewall Rules list, and automatically allows or blocks similar traffic.

Copyright © 2006 McAfee, Inc. All Rights Reserved.