Follow

Managing firewall alerts

The Firewall Alerts provide you with detailed information on the blocked traffic and let you decide what you should do with the blocked network traffic.

The available information on the blocked traffic is the same for both Real Time Firewall Alerts and Stored Firewall Alerts. The Alert Actions that are available are not the same for both alert types, due to the different nature of Real Time Firewall Alerts and Stored Firewall Alerts.

On the top-half of the Firewall Alert windows you can find the following information:

  • The short alert description displays in the window title bar, a counter indicates how many alerts are pending and the index of the alert you are watching now. The small arrow symbols '<' and '>' at the left allow you to Navigate Between Alerts.

  • Date and time– Displays the date and time that the alert was generated.

  • Severity– Displays a severity level indicator. The severity indicator spans Green, Yellow, and Red. Green indicates that the alert is not urgent, and Red indicates that the alert is more urgent. The severity level is dictated by the nature of the event.

  • What happened– A more extensive description of the event is given, detailing the application, what type of service it tried to connect to and what that type of service is used for. If you move your mouse pointer over the description, a pop-up appears that contains all the technical details of the event.

  • Traffic Type–Information is offered on the type of traffic that was blocked.

  • Target Computer– Lists the computer that was the target of the blocked connection attempt.

  • What Now– Offers you advice on when you should block or allow the specific blocked Internet traffic.

You can choose an action from the Alert Actions available in the bottom-half of the window.

For Real Time Firewall Alerts, choose one of the following actions:

  • Choose Always allow the traffic to occur if you want to create a rule for the traffic that allows it to occur. Once you choose this option, no more alerts will be generated for this traffic. The affected program will be allowed to send and receive this type of traffic to and from the Internet. A rule will be created that will be listed under Internet Programs that you can change at a later time.

  • Choose Allow the traffic to occur only this one time if you want to allow the traffic this time, but don't want to create a rule for the affected program that allows it to access, and be accessed from the Internet. If you choose this option, the traffic will be allowed only once and new alerts will be generated for this program the next time it occurs.

  • Choose Block this traffic and do not warn me again if you want to create a rule for blocking this traffic. If you choose this option, no more alerts will be generated. The affected program will be blocked from sending and receiving this type of traffic to and from the Internet. A rule will be created that will be listed under Internet Programs that you can change at a later time.

  • Choose Block this traffic and let me know when it occurs again if you want to block the traffic this time, but don't want to create a rule for the affected program that blocks it from accessing, and being accessed from the Internet. If you choose this option, the traffic will be blocked once and new alerts will be generated for this traffic the next time it occurs.

For Stored Firewall Alerts, choose one of the following actions:

  • Choose Delete this alert to delete the alert you are currently viewing. When you delete the alert you are viewing you will automatically be shown the next alert, if available. You can also click (or all firewall alerts) to delete all Firewall Alerts, including the one you are currently viewing.
  • Click Get online help for this alert to get help about the alert. Note that this link is no longer available after you delete the alert.

  • Choose Allow this traffic to occur in the Future to create a rule for the affected program that allows it to access and be accessed from the Internet. If you choose this option, no more alerts will be generated for this traffic. A rule will be created that will be listed under Internet Programs that you can change at a later time.

  • Click the Close button in the top right corner to close the window.

Note: Separate lists of firewall rules are kept for Internet Programs for Medium and High General Firewall Protection. This means that when you respond to an alert by creating a firewall rule via the Alert Actions for an application and switch from Medium to High protection at a later time (or vice versa), you might have to recreate a rule for that same application again.

[end of article]

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk