- Allow: The application will be able to send and receive information from the network.
- Block: The Firewall will block any information packet this specific application will attempt to send or receive. If the application depends on the network connection to run, it will not work. As a side effect, this option is an effective means to deal with worms, Trojans or ‘dropper’ viruses as these require an internet connection in order to spread. If they are unable to use the connection they will be rendered useless and unable to spread any infection.
- Ask me: The Firewall will prompt you each time the application starts, and ask you to decide whether to allow or deny the specific application the use of the network connection. The pop-up question from the Firewall has by default a 20 second delay during which you will be able to select an appropriate answer. If the 20 seconds period is exceeded, the Firewall will block the application by default until you will either set it to allow or block. If you did not have time to answer, restarting that specific application will make the Firewall question pop-up again and the user can choose the appropriate answer.
Immediately after installing BullGuard, the Firewall will start asking you about the applications. However, the module has a “Known Application” database which will be automatically allowed (Applications vital for the operating system or most common applications) with only a notification balloon to inform the user. This way the user will be protected from being flooded with multiple pop-up windows from the Firewall.
If the application is not in the Firewall database, the user will receive a pop-up window through which the Firewall will ask the user whether to allow or block the application from the network connection.
Possible answers to the Firewall pop-up window:
Yes: The Firewall will allow the application to connect to the network/internet until the application is closed and restarted. The application will be added to the Firewall application list with the Ask status and the Firewall will ask you about this application every time you open it.
No: The Firewall will block the application from connecting to the network/internet until the application is closed and restarted. The application will be added to the Firewall application list with the Ask status and the Firewall will ask you about this application every time you open it.
Yes with the Remember my answer and don’t ask again option checked: The Firewall will permanently allow the application to connect to the network/internet until you wish to change its status. The program will be listed in the Firewall application list with the Allow status and the Firewall will not ask you about that specific application again.
No with the Remember my answer and don’t ask again option checked: The Firewall will permanently block the application from connecting to the network/internet until you wish to change its status. The program will be listed in the Firewall application list with the Block status and the Firewall will not ask you about that specific application again.
Yes or No with the Send application to BullGuard for analysis option checked: The Firewall will either allow or block the application according to the selected answer and will upload the executable file to the BullGuard servers where it will analyzed and entered into the known application list so that the Firewall will recognize the application.
More information: Presents you with additional information about the executable file BullGuard intercepted:
Full path: Displays the location of the executable file on the user’s hard drive.
Version: Displays the executable file’s version number (if available).
Process ID: Displays the executable files ID number as assigned by the operating system. This is the same ID number as shown in the Windows Task Manager.
Command line: Will show if the executable file was started with any specific parameters or commands (such as “starting” minimized or displaying a splash screen).
Parent Process: Displays the Process ID number for the executable file’s parent process.
File size: Shows the executable file’s size in bytes.
Last modified: Displays the last time that executable file was modified.
Direction: States the traffic direction which can be outbound or inbound; i.e. whether the application was trying to send or receive information from the network.
Protocol: Shows what protocol was used by the application when sending or receiving data.
Remote address: Shows the IP address of the computer/server the application was trying to connect to.
Remote hosts: The Firewall will try to resolve the IP address and will display the remote host’s name if possible.
In the Application Rules tab, right click any of the applications from the list and choose the Add application option or just press the Insert key from your keyboard. A new window (browse window) will open up and you just need to navigate to the executable file from the application you need to add in the Firewall list. Select the executable file you wish to associate with the rule and then click Open.
By default, the newly created rule will have the policy set to Ask me. Thus the user will need to switch the policy to Allow if they want to allow the application to connect to their network each time it starts.
By default, when first answering a Firewall question regarding an application, a general rule will be created that will apply to that program for all protocols, IPs and ports.
You can modify this data as needed. Note that if you wish to make such modifications, the traffic will only be allowed for those details entered by you; any other traffic to other IPs/ports or through different protocols will be blocked. For some applications you may want to restrict access to either a specific IP address, protocol type or port number. If the application will need other ports or hosts, you may be asked to allow the application once again.
Restricting traffic by using specific application ports (Note: If the application was not designed to run on the user defined ports, the program may not run properly)
Edit local Ports: Will make the application send/receive data only through the specified ports on the local computer. Any information packets coming through other ports will be blocked.
Edit remote Ports: Will make the application send information packets to a remote computer only for those specified ports alone. The program will receive information sent from a remote computer if the data has been sent from the remote computer only through the specified ports. Any other packets will be blocked.
These details can be used together with the When local and remote ports are equal: this option will establish a peering relationship between the local and remote hosts port usage. For example: if the user enters only a local port 675 and checks the above option, the Firewall will allow traffic for that specific application only in the case of the packets being sent/received while using the 675 port on both local and remote computer (the only communication will occur through 675 port only on both computers).
Restricting access to/from an IP or IP range only: double click on the Hosts… button from the Hosts column in order to enter a specific IP; the application will receive/send data only to those specific IP, any other incoming or outgoing packets being blocked.
It is possible to add a range of IPs from a predefined group – the application will receive/send data only to that specific IP, any other incoming or outgoing packets being blocked. The trusted/untrusted subnets or networks can be defined in the System tab.
Any host from my subnets: This will allow traffic only to the local networks (trusted and untrusted) that are included in the network where that computer is located, while blocking the rest of the IPs. You can see the trusted/untrusted subnets in the Subnets tab from the Firewall settings section.
Any host from my TRUSTED subnets: Will allow traffic only for the IPs belonging to the trusted networks, while blocking any other IPs.
Any host from my UNTRUSTED subnets: Will allow traffic only for the IPs belonging to the untrusted networks, while blocking any other IPs.
Any of my DNS servers: The application will be able to receive and send data only from and to the DNS servers assigned for that network, while any other IPs will be blocked.
Any of my Gateways: The application will be able to receive and send data only to and from the Gateways assigned for that network, while any other IPs will be blocked.
You can choose what protocol type an application can use. Note that if the application needs multiple protocol types, it might not work if only one protocol type is selected. In the Application rules tab, users can select either both TCP and UDP protocols or between them.