This section allows you to configure advanced filter options, i.e., detection of various types of attacks that can be carried out against your computer.
Allow file and printer sharing in the Trusted zone
Allows remote computers in the Trusted zone to access your shared files and printers.
Allow UPNP in the Trusted zone
Enables UPNP (Universal Plug and Play), which allows for automatic configuration of network devices.
Allow incoming RPC requests in the Trusted zone
Enables connections via the Microsoft RPC DCOM system established within the Trusted zone.
Allow remote desktop in the Trusted zone
Select this option to allow computers in the Trusted zone to access your computer (using the Remote Desktop Connection tool).
Allow Internet streaming via the IGMP protocol
Allows (for example) video streaming generated by programs which use the IGMP protocol.
Maintain inactive TCP connections
In order to function, some applications require that the TCP connection they establish is maintained, even though the TCP connection may be inactive. Enable this option to avoid terminating inactive TCP connections.
Enable communication for bridged connections
Enable this option to avoid terminating bridged connections.
Allow response to ARP requests from outside the Trusted zone
If disabled, it helps to protect your computer against misusing ARP answers outside the Trusted zone.
CodeRed worm detection
Detects the CodeRed worm.
SqlSlammer worm detection
Detects attacks by the SqlSlammer worm.
RPC/DCOM attack detection
If selected, attacks exploiting the Microsoft RPC DCOM vulnerability will be blocked.
Sasser worm detection
Detection of the Sasser worm.
ARP Poisoning attack detection
The attacker sends incorrect information to a device connected to the network. After that, the attacker gains the ability to associate any IP address with any MAC address and to hit the network with multiple attack vectors.
DNS Poisoning attack detection
Through DNS poisoning, hackers can trick the DNS server of any computer into believing that the fake data they supplied is legitimate and authentic. Read more about this type of attack in the glossary.
TCP Port scanning attack detection
Port scanning controls whether there are open computer ports on a network host that can be exploited. Read more about this type of attack in the glossary.
UDP Port Scanning attack detection
Port scanning controls whether there are open computer ports on a network host that can be exploited.
SMB Relay attack detection
A type of attack where a remote party intercepts the communication between two computers. Read more about this type of attack in the glossary.
TCP Desynchronization attack detection
Read more about this type of attack in the glossary.
Reverse TCP Desynchronization attack detection
Attacks by exploiting desynchronization of communication. Attacks are targeted at client computers.
ICMP protocol attack detection
Attacks by exploiting the weaknesses of the ICMP protocol. Read more about this type of attack in the glossary.
TCP protocol overload detection
The principle of this method lies in exposing the computer/server to multiple requests - also see DoS (Denial of service attacks).
Block unsafe address after attack detection
Terminates connection to IP addresses that were detected as sources of attacks.
Log all blocked connections
Records all denied connections to a log.
Log blocked incoming worm attacks
Logs all attempts by worms to enter the system .
Enable detection of application modifications
If enabled, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Personal firewall.