Lists of frequently asked questions

Right-click on the Dr.Web icon in the notification area. In the menu, hover over the Firewall item and in the drop-down list, select Settings. Click the Application tab.

To create an application rule, click Create. In the opened window, specify the path to the executable file for the program for which you are creating the rule, and select

1. the rule type for launching network applications:
   • Allow — to allow the application to launch processes.
   • Block — to block the application from launching processes.
   • Not configured — to customize the selected firewall operating mode for this application.
2. and the rule type for accessing network resources:
   • Allow all — the application will be permitted to access the network.
   • Block all — the application will be blocked from accessing the network.
   • Custom — access will be determined by the parameters specified.
   • Not configured — to customize the selected firewall operating mode for this application.

You do not need to configure rules manually if the firewall is operating in the training mode — it is easier to configure access for each application right from the firewall notification window when it attempts to connect to the network for the first time.

Dr.Web Firewall has four operating modes:

• Allow unknown connections — all unknown connections are allowed. Protection is not active.
• Training mode (create rules for known applications automatically) — learning mode. Rules for known applications are created automatically. The user will be prompted to choose what action to take with all unknown connections.
• Interactive mode — learning mode. When the operating system or an application attempts to connect to a network, the firewall will prompt the user to choose an action.
• Block unknown connections — all unknown connections will be blocked without prompting the user.

If you install a Dr.Web package that includes the firewall, you will be prompted to deactivate the Windows firewall. The Windows firewall must be disabled, doing otherwise will result in numerous conflicts that can cause errors or an OS crash.

Neither it is recommended to enable the Windows firewall while the Dr.Web firewall is working.

You can't disable automatic startup for the firewall with standard tools available in the system.. However, you can disable temporarily various anti-virus modules including the firewall at any moment. Right click on the Dr.Web icon in the system tray and select Firewall-> Disable in the context menu.

Note: If the Disable item is not available in the menu, switch to the Administrative mode.

Dr.Web Firewall in the real time mode creates rules for applications running in the system but are not on its list. Therefore, you must create rules for such applications when they attempt to connect to the network for the first time. A connection request is issued for specific ports and protocols utilized by the application. You can allow all the requested connections, a connection only for a specific protocol and port, or block the connection. Once the rule is created, the firewall handles requests according to the rule and no longer gives out messages regarding application's network activity to the user.

The predefined database contains rules for the most popular programs, as well as all Windows system services and applications. The database is updated on a regular basis.

For more information see the video tutorial on configuring the Dr.Web firewall.

The firewall is a program that controls the exchange of data between your PC and the rest of the network. The firewall's main job is to monitor application-generated network activity and prevent hackers or malicious programs from trying to send information from your PC to the network or, vice versa, to accept it from a remote source without authorisation.

In this mode, the firewall can be trained to respond to attempts made by programs to access the Internet.

Upon detecting programs making attempts to access network resources, Dr.Web Firewall checks whether filtering rules have been set for those programs. If the rules haven’t been specified, the user is prompted to either choose a single action for the firewall or create a rule that will be used in the future to process such an application's network activity.

If the firewall is blocking your ability to work with the network, you need to do the following:

1. To reset the settings, click on the Dr.Web icon in the system tray, and in the Dr.Web menu, select Security Center. Click on the icon in the lower-left corner of the window, and then on — in the upper-right corner. In the Manage settings section, select Change → Restore defaults, and click on OK.

   

   Important! This action will reset all of the user settings for all the Dr.Web components, and you will need to configure them again.

   After that, when you try to access the Internet, you may see requests from the firewall (to create a rule, to block once, to allow once). Create allow rules for selected applications by clicking on the button Create rule → Allow → OK.

   For more on how to train the firewall, refer to the documentation

2. Please contact our technical support service. Attach the report created by the DwSysInfo utility to your request.

   To generate a report:

   1. Download and save the utility on your PC: https://download.geo.drweb.com/pub/drweb/tools/dwsysinfo.exe
   2. Launch the saved dwsysinfo.exe file.
   3. Click on the Generate report button.
   4. Wait for the report-generation process to complete.

To prevent a specific program from connecting to the Internet, create a new rule. Click the Dr.Web icon on the taskbar, and select Security Center → Files and Network. Click on the icon.

In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Change in the Application rules.

In the newly appeared window, click on the icon to add a new rule.

In the next window, enter the path to the application's executable file, and in the drop-down list Launching network applications, select Block. Then select Block all on the Access to network resources list.

Click on OK to have your changes go into effect.

The notification window’s appearance indicates that a processing rule has not been set for the application to which the firewall has reacted. You can do one of the following:

• Allow once — the application’s network activity is allowed for the duration of the current session. After the PC is restarted or you want to use the program again, the firewall will prompt you to allow the Internet connection again.
• Block once — this blocks the program’s network activity. Only for the current session.
• Create rule — when you configure a rule for an application, the firewall will automatically follow this rule. By selecting this option, you will see a window that lets you choose a course of action:
  • Allow network connections for the application on port *port number*
  • Block network connections for the application on port *port number*
  • Allow all network connections
  • Block all network connections
  • Create custom rule — you can create a new firewall rule for the current program.

Note. Always try to create rules to automate the firewall's operation.

To prevent a specific program from connecting to the Internet, you have to create a new rule. Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network and click on the .

In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Change in the Application rules.

In the newly appeared window, click on the icon to add a new rule.

In the next window, enter the path to the application's executable file, and then in the drop-down list Launching network applications, select the action you need:

• Allow — when you try to run the network application, the firewall will allow this action.
• Block — when you try to run the network application, the firewall will block this action.
• Not specified — when you try to run the network application, the firewall will issue a request.

Then select the action you need from the Access to network resources list:

• Allow all — any network activity will be allowed for the program.
• Block all — any network activity will be blocked for the program.
• Custom — you can manually configure all the parameters for the program’s network activity.
• Not specified — every time the program tries to access the Internet, the firewall will issue a request before connecting.

Click OK to have your changes go into effect.

If the firewall is operating in interactive mode, there is no need to manually configure rules — it is easier to configure access for each application at the time of its initial network activity, directly from the firewall notification window.

Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network, and click on the icon. In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Then, toggle on the switch to make the Firewall component active — its frame will turn red.

To reset the settings, click on the Dr.Web icon in the system tray. In the Dr.Web menu, select Security Center. Click on the icon in the lower-left corner of the window, and then on — in the upper-right corner. In the Manage settings section, select Change → Restore defaults, and click on OK.

Important! This action will reset all the user settings for all the Dr.Web components, and you will need to configure them again.

Dr.Web Firewall has three operating modes:

• Allow unknown connections — all unknown connections are allowed. Protection is not active.
• Allow connections for trusted applications — rules for known applications (with a valid digital signature) are created automatically. The user will be prompted to choose what action to take with all unknown connections.
• Interactive mode — learning mode. When the operating system or an application attempts to connect to the network, the firewall will prompt the user to choose an action.
• Block unknown connections — all unknown connections will be blocked without prompting the user.

The user can configure the mode in the firewall's settings. If a rule has already been set for an application, the firewall will follow it.

A parent process is a process or an application that can run other applications. Users can configure rules for parent processes in the window used to create or edit rules for an application with the help of the drop-down list Launching network applications.

Click on the Dr.Web icon on the taskbar, select Security Center → Files and Network, and click on the icon. In the UAC dialogue, click on Yes, and enter the administrator password, if necessary.

Select the Firewall section, and click on Show additional settings. In the Operation parameters for known networks section, click on Change. In the next window, the user can define a set of predefined rules for each network connection.

• Allow all — all packets are allowed.
• Block all — all packets are blocked.
• Default rule — rules that describe the most popular network configurations and common attacks (used for all interfaces by default).

Click on the Dr.Web icon on the taskbar and select Security Center → Statistics → Firewall.

This firewall element manages the traffic flow via the selected protocols by allowing or blocking packets according to specified conditions. The packet filter is a basic means of ensuring your computer’s security; it operates independently of applications.

Dr.Web Firewall is a Dr.Web anti-virus software component, and it is impossible to install the firewall without the anti-virus.

A digital signature is a code that verifies that a program has been received from a particular source and has not been changed. At the same time, a signed application is not necessarily secure, so users should be careful when installing any software, even signed software.

This could be malware. It is recommended that you launch a full anti-virus system scan.

At home, when you need to protect only one computer against network attacks, the packet filter configuration is not required. The fact is that the firewall database contains a substantial number of rules, and these rules are activated as they are required. If, for any reason, a rule is absent, the firewall will request the action.