115
Enforced Client Product Guide Using the Firewall Protection Service
Configuring policies for firewall protection
5
Select a firewall protection mode
Specify how the firewall protection service responds to suspicious activity on client computers.
Protect: It blocks the suspicious activity.
Prompt: It displays a dialog box with information about the detection, and allows the user to
select a response. This option is the default.
Report: It reports suspicious activity to the SecurityCenter and takes no additional action.
For all modes, detections are reported to the SecurityCenter, where you can view information
about them in reports.
Tip
To specify a response to firewall detections:
1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
2 Click the Desktop Firewall tab, select a Firewall Protection Mode, then click Save.
Use the following table to determine how policy options are implemented in the different
protection modes.
Note
Learn mode
Report mode can be used as a “learn mode” to help you determine which applications to allow
(see
Set up allowed Internet applications on page 121). In Report mode, the firewall protection
service tracks but does not block unrecognized Internet applications. You can review detected
applications in the
Unrecognized Programs report (see View unrecognized Internet applications
on page 123) and approve those that are appropriate for your policy. When you no longer see
applications you want to allow in the report, change the policy setting to Prompt or Protect mode.
To prevent popup prompts from appearing on client computers when applications are detected,
and for highest security, we recommend using
Protect mode.
Mode Behavior of protection service
Report No user prompts.
Detections reported to SecurityCenter.
Administrator can select allowed applications, which are not reported as
detections.
Can be used as a Learn mode.
Prompt
Users prompted about detections.
Detections reported to SecurityCenter.
Administrator can select allowed applications. These applications are not
reported as detections, and users are not prompted for a response to them.
Users can approve additional applications in response to prompts. These are
reported to SecurityCenter.
Protect Users not prompted about detections.
Users notified about deleted or quarantined applications.
Detections reported to SecurityCenter.
Administrator can select allowed applications. These applications are not
reported as detections.
If the policy is changed from Prompt mode to Protect mode or Report mode, the firewall
protection service does not save user settings for allowed applications. If the policy is then
changed back to
Prompt mode, users need to specify allowed applications again.