Application Rules
Having created rules for applications you take them under your control and can be totally sure that they won't give you an unpleasant surprise one day. It is important to understand that application rules are aimed at outbound connections initiated by an application and can be created in Custom mode only.
To create a rule, click the Network Rules tab of Menu Pane then switch to the Application rules tab:
You will see the table of application rules that includes the following information fields:
| Application |
Shows the name of an application executable file a rule is applied to; |
| Permission |
Shows the set permission for a rule:
Allow all – an application has full access to the outer world;
Allow one connection – an application is allowed to connect to a certain IP-address and port associated with it only;
Deny all – an application is forbidden to initiate any connections;
Deny one connection - an application is forbidden to connect to a certain IP-address and port associated with it only;
Delayed decision – you put off taking a decision on assigning a permission having clicked the Ask me later button in the Alert Window. The temporary rule with the Allow all permission will be created; |
| Lifetime |
Shows whether a rule is applied permanently or just until logging off. |
Note: if you click on a certain row you will see extra information on a corresponding rule: full path to an application executable and which IP-address and port the rule is applied to. The same way you can change a rule permission to opposite - in case your rule has the
Allow all/
Deny all permission or choose between
Allow all and
Deny all - in case your rule has the
Allow one connection/
Deny one connection permission.
Then press the Add rule button at the bottom of the window, the Create application rule window will appear:
Press the Browse button to choose an application you want to create a rule for. And then set one of the permissions for it:
- Allow all connections - all outbound connections to any IP-address and port will be allowed;
- Deny all connections - all outbound connections to any IP-address and port will be forbidden;
- Manual settings – you allow or forbid connections to a certain IP-address and/or port only.
To change or delete a rule, select a row then press the Edit rule or Remove rule button correspondingly.
Rules for the same application may overlap each other - if they define different permissions. Have a look at the illustration:
That shows the priority of permissions over each other if you define the different rules for the same application. For example, two rules, assigning contrary permissions for the outbound connection to different IPs don't overlap each other at all and work as two independent rules. If to create another rule, setting the permission Allow all, then the resulted permission is changed to Allow all overlapping two previously defined rules, which will disappear from the rule list being replaced with the new one. And if to add one more rule that assign the permission Block (Deny) all then it will overlap the previous Allow all rule, forbidding any outbound connections initiated by the application.
Note: if it came out to be so that you defined rules with absolutely equal conditions but different permissions, the following statement should be borne in mind:
Deny overlaps
Allow,
Allow all overlaps both
Deny and
Allow,
Block (Deny) all overlaps
Allow all.