Control Windows Firewall

Controls user network using Windows Firewall. When the network sensor is not operating, the agent can be used to add rules corresponding to the node's enforcement policy permissions to the Windows Firewall rule list, thereby performing access control on the endpoint.

  • Automatic rule-based outbound traffic blocking by enforcement policy
  • Blocking external malicious C&C servers through custom rules
When assigning the plugin, if the Use automatic rule settings option is used, Windows Firewall outbound rules are configured based on the enforcement policy's authorization object information to which the node belongs.
Additionally, you can directly configure Windows Firewall rules with various conditions.

Configuring Windows Firewall Control Options

  1. Use automatic rule settings: Automatically configures Windows Firewall outbound rules based on the enforcement policy's authorization settings.
  2. Notification Message: Displays a pop-up message to the user when automatic rules are set.
  3. Message Content: Enters the content for the pop-up message when automatic rules are set.
  4. Custom Rules: Allows direct configuration of Windows Firewall rules.
  5. Use FailSafe: Allows stopping the plugin if connection to the center is impossible.

Configuring Network Blocking Policy via Node Policy

  1. Go to Policy in the top menu.
  2. In the left Policy menu, go to Policy > Node Policy > Node Action.
  3. In the Node Action management window, find and click Windows Firewall Control.
  4. Enter Condition Settings and options.
  5. In the left Policy menu, go to Policy > Node Policy.
  6. Click the node policy to configure the network blocking policy.
  7. Find Node Action Settings and click Assign.
  8. In the Available items, find Windows Firewall Control and drag it to the Selected items.
  9. Click the Add button.
  10. Click the Modify button.
  11. Click the Apply Change Policy button in the top right.

Configuring Network Blocking Policy via Enforcement Policy

Step 1. Create Control Target Node Group

  1. Go to Policy in the top menu.
  2. In the left Policy menu, go to Group > Node.
  3. Click Select Action > Create.
  4. Click the Add button.
  5. Configure the conditions for the control target and click the Add button.
  6. Click the Create button.

Step 2. Create Control Action

  1. In the left Policy menu, go to Policy > Enforcement Policy > Control Action.
  2. Click Select Action > Create.
  3. In the Plugin selection item, select the Windows Firewall Control plugin.
  4. Enter Condition Settings and options.
  5. Click the Create button.

Step 3. Create Enforcement Policy

  1. In the left Policy menu, go to Policy > Enforcement Policy > Enforcement Policy.
  2. Click Select Action > Create and complete the Enforcement Policy Wizard.
  3. In the Policy Basic Settings tab, enter the Policy ID to use in the ID field.
  4. In the Node Group Settings tab, select the newly added node group and move it to the Selected item.
  5. In the Permission Assignment and Control Options tabs, enter the desired options.
  6. In the Control Action Settings tab, find the created Control Action and move it to the Selected item.
  7. Click the Complete button.
  8. Click Apply Change Policy in the top right.