Advanced setup |
This section allows you to configure advanced filter options, i.e., detection of various types of attacks that can be carried out against your computer.
Allowed services
Allow file and printer sharing in the Trusted zone Allows remote computers in the Trusted zone to access your shared files and printers.
Allow UPNP in the Trusted zone Enables UPNP (Universal Plug and Play), which allows for automatic configuration of network devices.
Allow incoming RPC requests in the Trusted zone Enables connections via the Microsoft RPC DCOM system established within the Trusted zone.
Allow remote desktop in the Trusted zone Select this option to allow computers in the Trusted zone to access your computer (using the Remote Desktop Connection tool).
Allow Internet streaming via the IGMP protocol Allows (for example) video streaming generated by programs which use the IGMP protocol.
Maintain inactive TCP connections In order to function, some applications require that the TCP connection they establish is maintained, even though the TCP connection may be inactive. Enable this option to avoid terminating inactive TCP connections.
Enable communication for bridged connections Enable this option to avoid terminating bridged connections.
Allow response to ARP requests from outside the Trusted zone If disabled, it helps to protect your computer against misusing ARP answers outside the Trusted zone.
Intrusion detection
CodeRed worm detection Detects the CodeRed worm.
SqlSlammer worm detection Detects attacks by the SqlSlammer worm.
RPC/DCOM attack detection If selected, attacks exploiting the Microsoft RPC DCOM vulnerability will be blocked.
Sasser worm detection Detection of the Sasser worm.
ARP Poisoning attack detection The attacker sends incorrect information to a device connected to the network. After that, the attacker gains the ability to associate any IP address with any MAC address and to hit the network with multiple attack vectors.
DNS Poisoning attack detection Through DNS poisoning, hackers can trick the DNS server of any computer into believing that the fake data they supplied is legitimate and authentic. Read more about this type of attack in the glossary.
TCP Port scanning attack detection Port scanning controls whether there are open computer ports on a network host that can be exploited. Read more about this type of attack in the glossary.
UDP Port Scanning attack detection Port scanning controls whether there are open computer ports on a network host that can be exploited.
SMB Relay attack detection A type of attack where a remote party intercepts the communication between two computers. Read more about this type of attack in the glossary.
TCP Desynchronization attack detection Read more about this type of attack in the glossary.
Reverse TCP Desynchronization attack detection Attacks by exploiting desynchronization of communication. Attacks are targeted at client computers.
ICMP protocol attack detection Attacks by exploiting the weaknesses of the ICMP protocol. Read more about this type of attack in the glossary.
TCP protocol overload detection The principle of this method lies in exposing the computer/server to multiple requests - also see DoS (Denial of service attacks).
Block unsafe address after attack detection Terminates connection to IP addresses that were detected as sources of attacks.
Troubleshooting
Log all blocked connections Records all denied connections to a log.
Log blocked incoming worm attacks Logs all attempts by worms to enter the system .
Enable detection of application modifications If enabled, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Personal firewall.
|