AtGuard/NIS Creating/Modifying Rules

Action (pg.5)
Connections (pg.6)
Computers (pg.7)
Communications: Protocol (pg.8)
Communications: Ports (pg.9)
Tracking - Logging (pg.10)
Description (pg.11)
Category
Time Active (pg.12)
Summary (pg.13)

NIS Application/Program Scan

The application scan made it's first appearance in NIS v3.x
AtGuard does not have a similar feature or automatic rules.

For someone unfamiliar with rules based firewalls or just starting out, this can be an easy way to get started. "Norton Internet Security can scan your computer for Internet-enabled applications and create access rules for them. When the scan is complete, you can use the results to determine which applications should have access to the Internet and, if desired, adjust their access rules."

rules creation application program scan The application scan can be run during the install process or afterwards from the Internet Access Control window under "Configure".

For the novice, the application scan could appear quite overwhelming with a substantial list of internet capable programs listed on today's systems.

The scan should show programs which meet the following:

Do not currently have any firewall rules in the system.
Have autoconfiguration data available.

There is an "Add" feature for applications without autoconfiguration data.

Proceed through the list and select those application you are familiar with and know will need access to the internet by placing a checkmark next to it. This could be a lot, or very few. If in doubt, it is safer to leave them unchecked and no rule(s) will be created. The rules assistant/Internet Access Control will still prompt you when the application first attempts to access the internet. If you want to clear some clutter, the applications not selected can be removed from the list.

Once you have selected the applications you know and trust, there are different options available for rule creation.

rules creation application program san select Automatic: Let NIS automatically create rule(s) for you.
***Note: Depending on the application, multiple automatic rules can and will be created. These rules should be reviewed after being created and modified to suit your requirements.

Permit All: Create a single "permit all any address any port any protocol" rule for the application selected.
***Note: This option, as it suggests, permits any inbound and outbound communication to and from any address. Not something that is recommended.

Block All: Create a single block all rule for the application selected.
***Note: While this option will block all communication, by default the Tracking/Logging option is left blank. You would have no record of the rule being matched in the logs for trouble shooting and no prompts from the rules assistant should the application ever be required. The rule being matched would show in View Statistics > Firewall Rules. If used, you should modify the rule and enable logging.

Ask: Creates no rule and you will be prompted by the rules assistant/Internet Access Control when the application first attempts to access the internet.
***Note: Basically redundant and the same as leaving the application unchecked.

The Application Scan can be used to identify and create specific block rules for certain internet enabled applications it finds, or are added, that the user specifically does not wish to allow access (as noted in the options above).

For experienced users automatic rules can also be customized at this time by selecting the "Modify" option.

An alternative is to skip the application scan and create your rules when required and prompted by the rules assistant/Internet Access Control when applications first attempt to access the internet. You will still have the option to allow NIS to automatically create the rule(s) at that time or custom rules could be created in the first instance.

Rules automatically created by NIS can always be modified afterwards.

Technical Note: Application Scan
During an application scan, you may receive an Internet Access Control alert stating ALESCAN.EXE is attempting to communicate to the internet. This access may be DNS lookups, or an http communication (usually to crl.microsoft.com).

This communication is needed for the verification of the digital certificates of applications being scanned, and checks for certificates which may have been revoked.

This rule can be deleted after the application scan and rules creation process is completed.