We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Support

We’re here 24/7 to help you.

Email our support team and we'll get back to you within 24 hours.

Network activity


The Activity tab shows you an overview of the current applications that are monitored by BullGuard and their adjacent network connection.


It is useful to monitor what applications are using your internet connection. You will also be able to see how many connections and protocols a specific application uses.


You can see the associated connections of a program by right clicking the specific application and choosing the Expand option (‘Expand all’ will have an effect for all the applications present in the information window).






Application name: will display the name of the application, not the name of the executable file you have added in the Firewall.


Local address: the IP address of the computer where the application is installed.


Local host: the Firewall can resolve IP addresses to names (if possible), thus displaying the name of the computer associated with the local IP address.


Remote address: the target computer (the IP address) for that specific application/connection.


Remote host: displays the computer name (if possible) for the associated remote IP address.


Bytes sent/received: the amount of data sent and received by a specific application or connection.


Creation/elapsed time: tells you  when the connection has been established and for how long it has been maintained.


PID/Full path – PID (process identification number): the unique number the operating system will assign to a running process. You can see the exact path for the executable file of the applications monitored in the Activity tab.


Orphan connections (Activity tab): mainly consist of closed connections without waiting for a reply from the remote hosts (internet browsers for example are closing the connection to remote hosts without waiting for a reply). These are non-functional connections that remain either in the Firewall cache or the Browser cache and do not represent a security risk.