Advanced setup

This section allows you to configure advanced filter options, i.e., detection of various types of attacks that can be carried out against your computer.

 

CONFIG_EPFW_ADVANCED_SETTINGS

 

Allowed services

 

Allow file and printer sharing in the Trusted zone

Allows remote computers in the Trusted zone to access your shared files and printers.

 

Allow UPNP in the Trusted zone

Enables UPNP (Universal Plug and Play), which allows for automatic configuration of network devices.

 

Allow incoming RPC requests in the Trusted zone

Enables connections via the Microsoft RPC DCOM system established within the Trusted zone.

 

Allow remote desktop in the Trusted zone

Select this option to allow computers in the Trusted zone to access your computer (using the Remote Desktop Connection tool).

 

Allow Internet streaming via the IGMP protocol

Allows (for example) video streaming generated by programs which use the IGMP protocol.

 

Maintain inactive TCP connections

In order to function, some applications require that the TCP connection they establish is maintained, even though the TCP connection may be inactive. Enable this option to avoid terminating inactive TCP connections.

 

Enable communication for bridged connections

Enable this option to avoid terminating bridged connections.

 

Allow response to ARP requests from outside the Trusted zone

If disabled, it helps to protect your computer against misusing ARP answers outside the Trusted zone.

 

 

Intrusion detection

 

CodeRed worm detection

Detects the CodeRed worm.

 

SqlSlammer worm detection

Detects attacks by the SqlSlammer worm.

 

RPC/DCOM attack detection

If selected, attacks exploiting the Microsoft RPC DCOM vulnerability will be blocked.

 

Sasser worm detection

Detection of the Sasser worm.

 

ARP Poisoning attack detection

The attacker sends incorrect information to a device connected to the network. After that, the attacker gains the ability to associate any IP address with any MAC address and to hit the network with multiple attack vectors.

 

DNS Poisoning attack detection

Through DNS poisoning, hackers can trick the DNS server of any computer into believing that the fake data they supplied is legitimate and authentic. Read more about this type of attack in the glossary.

 

TCP Port scanning attack detection

Port scanning controls whether there are open computer ports on a network host that can be exploited. Read more about this type of attack in the glossary.

 

UDP Port Scanning attack detection

Port scanning controls whether there are open computer ports on a network host that can be exploited.

 

SMB Relay attack detection

A type of attack where a remote party intercepts the communication between two computers. Read more about this type of attack in the glossary.

 

TCP Desynchronization attack detection

Read more about this type of attack in the glossary.

 

Reverse TCP Desynchronization attack detection

Attacks by exploiting desynchronization of communication. Attacks are targeted at client computers.

 

ICMP protocol attack detection

Attacks by exploiting the weaknesses of the ICMP protocol. Read more about this type of attack in the glossary.

 

TCP protocol overload detection

The principle of this method lies in exposing the computer/server to multiple requests - also see DoS (Denial of service attacks).

 

Block unsafe address after attack detection

Terminates connection to IP addresses that were detected as sources of attacks.

 

 

Troubleshooting

 

Log all blocked connections

Records all denied connections to a log.

 

Log blocked incoming worm attacks

Logs all attempts by worms to enter the system .

 

 
Miscellaneous

 

Enable detection of application modifications

If enabled, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Personal firewall.