This topic describes how iolo Personal Firewall controls the access of programs and applications, and describes how the following controls work together:
Program Policies
IntelliDefense
Default Program Permissions
When a program attempts incoming or outgoing communication, the firewall checks if the Zone allows access. If it does, the firewall then checks for the following program controls, in this order:
Program policies are controls that you create and configure.
Default: As a default, no program policies exist – all policies are created by you, either explicitly or through selections you make on prompt windows.
If a policy exists: The firewall performs the action you set in the program policy, which is one of the following:
– Allow: The program is allowed access. The communication is complete and the firewall takes no further action.
– Block: The program is not allowed access. The communication is blocked and the firewall takes no further action.
– Prompt: A prompt is generated and the firewall checks to see which option is set for generated prompts. See #3 below.
If no policy exists: If no policy exists for the program, then the firewall checks to see if IntelliDefense is enabled. See #2 below.
IntelliDefense controls the programs that you don't create a policy for.
Default: As a default, IntelliDefense is enabled. To disable:
If enabled: The firewall performs the action determined by the program's Trusted Publisher status or IntelliDefense classification; the action is one of the following:
– Allow: The program is allowed access. The communication is complete and the firewall takes no further action.
– Block: The program is not allowed access. The communication is blocked and the firewall takes no further action.
– Prompt: A prompt is generated and the firewall checks to see which option is set for generated prompts. See #3 below.
If disabled: If IntelliDefense is disabled, then neither a program policy nor IntelliDefense control is in place. To provide a final line of defense against possibly malicious communications, a prompt is generated. The firewall then checks to see which option is set for generated prompts. See #3 below.
At this stage, either a prompt will display allowing you to decide access OR the default program permissions will apply. Once a prompt is generated, the firewall checks to see which of the two following options is set:
Show prompts - only use default program permissions after [X] seconds. See #3.a below.
Do not show prompts - automatically use default program permissions. See #3.b below.
(One of these two options must be set on the Settings window.)
If this option is selected (this is the default), an Allow Access? prompt window will display, allowing you to make a decision on access.
Default: As a default, this option is enabled. To disable:
If enabled: The Allow Access? prompt displays and the firewall performs the action that you click:
– Allow once: The program is allowed access this time. The prompt will display the next time this program attempts access in the given Zone and direction.
– Allow always: The program is allowed access and will be allowed moving forward (in the given Zone and direction); you will no longer see a prompt for this program.
– Block once: The program is not allowed access this time. The prompt will display the next time this program attempts access.
– Block always: The program is not allowed access and will be blocked moving forward (in the given Zone and direction); you will no longer see a prompt for this program.
However, if you do not respond to the prompt in the specified time, the firewall performs the action your set as the default program permissions for the Zone. The action is one of the following:
– Allow: The program is allowed access this time. The prompt will display the next time this program attempts access.
– Block: The program is not allowed access this time. The prompt will display the next time this program attempts access.
If disabled: If disabled, then the "Do not show prompts - automatically use default program permissions" option is enabled and prompts won't display. See #3.b below.
If this option is selected, a prompt window will not display. The firewall automatically "answers" prompts that are generated, using the default program permissions.
Default: As a default, this option is disabled. To enable:
If enabled: The firewall performs the action you set as the default program permission for the Zone. The action is one of the following:
– Allow. The program is allowed access.
– Block. The program is not allowed access.
If disabled: If disabled, then the "Show prompts - only use default program permissions after [X] seconds" option is enabled and prompts will display. See #3.a above.
Related topics:
Flowchart of iolo Personal Firewall process