Firewall Policies

On this page you can specify what action should be taken if the firewall mode is set to “Work/Medium Risk Zone” but no rule exists for an application on the Application Rules page. The default is “Auto decide”. In this case, if the application is from a trusted publisher, it will be allowed, but if not, various other criteria will be used to determine if it is safe to allow the connection.

The default action can be changed to “Allow”, “Block”, or “Ask”. The least secure setting is “Allow” as this means all connections will be allowed irrespective of the risk. This would have the same effect as changing the profile setting to “Home/Low Risk Zone”.

The most secure setting is “Block”, which means no connections will be allowed other than those permitted on the Application Rules page, however, this might also result in legitimate connections being blocked.

Alternatively, if you select “Ask”, you will see a message every time an application tries to connect to your computer, asking you to confirm whether or not the connection should be allowed.

The recommended action is the default “Auto-decide” as this will ensure that suspicious connections are not permitted, without continually asking you to confirm whether or not the connection should be allowed.


Here you can choose to receive a notification message whenever a new “allow” or “block” rule is created by the auto-decide feature.

You can also turn on the Internet Connection Sharing (ICS) mode – this should be checked only if the Windows ICS mode is also turned on. As your computer will be acting as a gateway between the Internet and other computers with their own security settings, certain ports which would normally be closed, would have to be opened. As a result, the level of security is slightly reduced if this box is checked.

Use fast checksums – checksums (or hashes) are used to identify the applications defined on the Application Rules page. If the calculated checksum does not match the checksum that is stored for an application, it will be treated as a new application. As calculating full hashes/checksums is a lengthy process, “fast” checksums are used by default – using these is only slightly less secure, but considerably faster.